62d69980bb71b9fbda4180641173c521c69728cd93cd7292ead7b3e753c04bf6

Analysis

max time kernel
5s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
13-04-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62d69980bb71b9fbda4180641173c521c69728cd93cd7292ead7b3e753c04bf6.apk
Size

3.5MB
MD5

09665496aba5eaef8f311eb47d6db475
SHA1

9a2f37d2f9e2bc2567e20c94cee7ed6982f7de76
SHA256

62d69980bb71b9fbda4180641173c521c69728cd93cd7292ead7b3e753c04bf6
SHA512

2300105968c120fb28e5c49c577715124baba48431ebe8a493a2ea3a081f85179ec8531220888c5839567a86a704cddbcd870fc8aeafe651447b3c93924c2c89
SSDEEP

98304:K1+hKSo6QcUiaJToTwr5LXAelkCmdQGYw/cWKklO:K1WKSo6qi2QeS1/5O

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.drnull.v5

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4273

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
35609cbf8049e6cd2f094ee0106d79bb

SHA1
f071d3ffc45d7d7c460b4942c8a60b6d09d3ac21

SHA256
b85d4b5875e50d71fb05355d2d8536c8f19dd5b81a6ef6f37ac7fcba5a00bdc5

SHA512
2a27f08faeb0dbc400d0ecd10ae4832c80b8f4805fef6ecf2405e075edf98d24f012e50cb6560487bce839b41977c9e93a32f8004ef794f9ad0962b363c9f9f6

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
0dc63a8000c0307eb97cea033cf61bc0

SHA1
8593aad9455880dcd922f170e8b8fc24bfc08c08

SHA256
75bcac7b937ac342290191697879676cabf8f8813a7e04697cf78ad79cb19354

SHA512
0193cb82efdc55f64e1852957071d7dbedc6cd1444f494a074f7f6dc5893d7ce0e38903eee7e017914ff07b9b3761462442853ba77229ebabd0f6ab5e7b749c3

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation7173374497847742868tmp

Filesize
570B

MD5
4af25467a1741685f7a4fc5f717b78d9

SHA1
f4c2bced504fd370478113aa1490ba617983cba1

SHA256
3cf0f641b633e91c6844b1f537de368582ffd0c679875a9d651e4a739630b7c8

SHA512
8ac7ff19b2e51512038588cfe36c6f3e01026fbc35e9ba28b77ec9be7a5c3d934556d93d7787bc403b8f2c5890ac6953149ea425914e13a1af25b8cea1465b6b

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation7758526837328681837tmp

Filesize
90B

MD5
7a143668c5fbaed469c797b938078b8b

SHA1
7cab0e698f4dfbcacba06fa10209572e706c6e46

SHA256
1f5875905a6d6ca4e3639b39dcd3fb84469d64703f710a4a0aa3b98cabc3b394

SHA512
c08bb3cf35d3eb743e0a33995d63dbf22eaff93fd0114bbd624e3d68443f283553c4c4aeab0c81965647adf6270a8dc4060383559611be015cf5256169b84417

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
4031251a0023c10a260192bf20dd4b3c

SHA1
0bf14e76c7a1390a55f56ac82313ed268837d4cf

SHA256
46ce306b32ddac709b90d60200ffe4744d3a482232c97a12c0129ceab9c360ee

SHA512
3dbf6a1f99b657be72c27805a571fc297c0b5563e6582bb03832b79fb426f1c049e5e190e16fb25e3e90406d5fdf451c9a22028655658dc5b4ebf3537c987c0e

Download Submit