a549718fdd2441073a0158988b32b17f58ecf66cd15720618d9a75e786aa776c

Analysis

max time kernel
5s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
11-04-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a549718fdd2441073a0158988b32b17f58ecf66cd15720618d9a75e786aa776c.apk
Size

3.5MB
MD5

7c756b3b970e0e9101a0d27136c204ff
SHA1

fa625264cb6ca1d8737db2d89410370a249345ea
SHA256

a549718fdd2441073a0158988b32b17f58ecf66cd15720618d9a75e786aa776c
SHA512

3a99d86043751fedf717ee83c316d43549ea059cdc80554f80a8be9d07297120f9eaa6b6913a084342b2a68adbc5c38f904119e1820854d9a93ab1bac49250f7
SSDEEP

98304:w1+hKSo6QcUiaDToTwr5LNb83myQ8OL5w8Q4iJ3uby:w1WKSo6qigl82O8kCy

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.drnull.v5

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4460

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
37efd03ed916b09048ca8adf89f8b00d

SHA1
2062da80399b239baea9b861ce5fe1fb89bae5aa

SHA256
13c1eaa56e1f7f5db7ab5b3129f90f3a7161a4bbf02f379bdc5a387a12336a70

SHA512
e3e2fe15d71e5c0abeb39a7981493fed3dee68e6bbd969bffcb222b4165ad8eebe36d159a352b48b4f6a0dc0d58fd624ad619a258e98152d20b08848f56b0e80

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
98982cc1fd495e222cb6c1e2b568c2b7

SHA1
83c2c776b87194f90cf3550c1eba7005da8dad53

SHA256
48f477deafcfbc9025d42abab21d8babe51145810be136c5da3431db58dda17f

SHA512
63aadf9732994e34e2cea0ffad9524154b1930c06d65796a7ead157ecc15d40436e2b5b520b05000719c7d9f03c8ab2167d966409bed733c70f0b14f4fe58665

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
e62515c6349318801aa3f46e974aaec2

SHA1
76b79cebad45891a9c6bf61730b8653fd14e84c1

SHA256
902b90a8e636e3074d8952e4f575e3dd1452751846fc27732247000ac92d9fcd

SHA512
a6a7930ad46dd41975d3cba8ef509387ed73f84eca59665474cd141a132c7b6da80c39d730fb6cc4f8aafa54fd0d0de034840afefc11765991567dbec4379193

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8d324627a13cf941cf4a27326a9b6dd5

SHA1
6881381b6137a9c6f214dd2ed93483e6512f88cd

SHA256
0dff69ebd91c8488c2a9e860678a3caf5a3e1a0f6d08b976dc2a7d2d04e2e12b

SHA512
f5b53daec2e3f55b08f5ce93fb75dc7c8fea0a89ca962e6c13241386a638e3d1bd2992a9515cac3b9434fe418af05201b702d71233bfcb2c143f0f45cbe3ab78

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4217058649259883501tmp

Filesize
90B

MD5
b2dc73957dff18bc6cbba0b0b419f769

SHA1
1235f5d4588af8d631a9bcd2a11391aa3d228670

SHA256
d0b41b5ca18dda92edd687115701d3015b3a2370256aa47a2a7866625174051f

SHA512
118f61096b5f2d0c9ac8924bb335fe3128701b3fc6f0239d2055f8bd7760dd38377c87fea3b466b328bd9e084562804b6d552cc7f94d3ba12002b675dc496491

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation7846191983806364803tmp

Filesize
569B

MD5
f5b0c5107d706e8346cb296492da5deb

SHA1
ce1e3dd821ac231ef0f8736cd2d7deff71784dcb

SHA256
7130f4c90c2533f0f622a897f7549abbab88f77b063991484055a5b4dd5780e8

SHA512
527e3e4012f76b0d58fd77a3e39db88725aaf5449a9cd818626607e71126c07c6e22f3999a36daf7d9560c821abad047cf0101b9edba839477f89da95c9e6522

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
f9b556b29891b919f754a40856a372b5

SHA1
9ce2b1437ae8da38b07178f2a8846fc0933f86d5

SHA256
cf7dea4e5e180365d90efce8814fef3ef231c10d4e449c43a32fd89153de466a

SHA512
66c07baa9b91681a3b3a77a10ec947ae1ccd77b418f43b0352de94496d381cf539d715c333bdf476e2f062045b14539eed654c858bffcc2e1c662ead26e02779

Download Submit