330145c5ceefe7f2986df4ec470fb66ab890630f0893b548767f3bf36bb50ba6

Analysis

max time kernel
6s
max time network
131s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
11-04-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

330145c5ceefe7f2986df4ec470fb66ab890630f0893b548767f3bf36bb50ba6.apk
Size

3.4MB
MD5

a7073c9f1920fe8695d7d77fe62f2def
SHA1

ea0f741f81bb541e826a29038ef89c3fecd5c912
SHA256

330145c5ceefe7f2986df4ec470fb66ab890630f0893b548767f3bf36bb50ba6
SHA512

1f893dc2f8c5bcebb5218c9eb7fc8449e32a0a0bfa8e8f82683840fd81f86126216949abd869ded9693323adf638b7766952baa5c07573ad29101119872307b4
SSDEEP

98304:CVmSwX4OToTwr5j/X5wzPceJSetDFbA/P:C8zxwBSQF0/P

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.drnull.v5

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4435

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
79b9e8be0ad9304359bad63b00a83427

SHA1
3ca1fa2ad67351e081b151e3c6261ec097280027

SHA256
af352f29d0274b8a282add52e1a1e4f1517c3ce6b2b59e2e13432e9782984d0f

SHA512
2fad484d9ea6a3defd9017572429f60468955ecb87e150195d46e3141e464eb999babbae8d3b92e3d64a78cb72a2401d16559c41b8f6174e703ac82096cf0405

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
0bae0b5b72ab4571f1fcf941ea4dac75

SHA1
116e7f27e8779eb8222aa7c99d8adc39e44aa767

SHA256
1039a40bb64c95eff2cec366725f4bb217373d150206d5818c4fc2dedb035653

SHA512
7e5de94f41fb4ea229d2d0ca1414b6967a4f936a7a35bed5ac861912ac80ef206d391f3dd6fbd271dcc446c5e4d5987160472bdfa618f94ceff09502617d0288

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
72d2f8683eec51675fb9346153d1aa5b

SHA1
83e3af33b8053b9091b9eb4b75f851e1c447819e

SHA256
b3ff29f9e3bafa3206e6893b829d23816eca0d9b415c7f7ff4f99c683576100d

SHA512
2be2de487cb1ac6b566372ca83133bee674c6aca69d0713aebea88986edd43157a30071b3defdba8617ba5a844909cbb75ac0d51031340752a1a9e365216a652

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4defaa840f6b6b48d06978bc3fd14fcb

SHA1
b7e5d9aaed067c7ec68696547d1aa98035ee8b52

SHA256
52e989b0e7ee4b4810a5b48cd604c9a3cd8bc3b715e6c0c253674ac7c5060671

SHA512
4de3d72d20e345fae12d5bffcaaa692b396abfcf07550a60b34c3751540ad158481c25631349c730e344b85f6bdae5876b162dfc5d969a93bbd1f5389b173bd9

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4049728608937712608tmp

Filesize
569B

MD5
7b697eed770858cc360021b281cbc891

SHA1
32c46e0966711d58df0ab285d5d1710b13f628fd

SHA256
f96edd7f6c8991c3fe4f556840c1508b92725a80d64e1d7992bc957e95b66b7b

SHA512
d329df4db26d908352730445847a06e0ea4f2bc6bd042c38f5e957ae0f3efd78e4329cbf65d1134ca8239778beb3a858dc9748942c5c317f537ed2b492d23200

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5410744408389213108tmp

Filesize
90B

MD5
e48170f05093053bf46aac22eeff9e6e

SHA1
1b811adfc85225e6bff72f2e9d543295726774c0

SHA256
4ccd8c2dfe931b312e2322e92115469cde1a2401f0ecb9a808cd1c40edd72b02

SHA512
7d61d6102e35d239b5537a3c41c888b8c02f9642a73996a49b8304fe16a4d46c3a7b5712a6a4c23d9b6f61f4536a5d9d2a8254aa2ceea49c0c8a7215905b6044

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
72b58ef3f195dd4d2618d94abd1f1f01

SHA1
51150129121fd403e926867de350a612acb3b84e

SHA256
6a9d08ae9ba9c9d4ff6edbdae6d4af6da1c73206712f8cc3a30a28fbcf94658c

SHA512
94d59592f0c3bac34992d31cf237fc33fa1f2fc14925de62c9e9c2d4d246ffe78f4c5eb8c53ff24075820d25e0aca60a003358cd2531eb28af16703080689eb4

Download Submit