62d69980bb71b9fbda4180641173c521c69728cd93cd7292ead7b3e753c04bf6

Analysis

max time kernel
9s
max time network
148s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
13-04-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62d69980bb71b9fbda4180641173c521c69728cd93cd7292ead7b3e753c04bf6.apk
Size

3.5MB
MD5

09665496aba5eaef8f311eb47d6db475
SHA1

9a2f37d2f9e2bc2567e20c94cee7ed6982f7de76
SHA256

62d69980bb71b9fbda4180641173c521c69728cd93cd7292ead7b3e753c04bf6
SHA512

2300105968c120fb28e5c49c577715124baba48431ebe8a493a2ea3a081f85179ec8531220888c5839567a86a704cddbcd870fc8aeafe651447b3c93924c2c89
SSDEEP

98304:K1+hKSo6QcUiaJToTwr5LXAelkCmdQGYw/cWKklO:K1WKSo6qi2QeS1/5O

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.drnull.v5

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
1a1d5ecda7930e3d002e47efa6f7a9bb

SHA1
42ef5de89bb7b240c6a1adf8d884d7e2df4e3907

SHA256
3c6413f891821e56ebce8816604cec145a15c9affbb354af977c889254e82eb0

SHA512
9284f2b099341bda5497216d52dbfd8285c3151376612895596cdf8b9af398e68a49792577b6c034486bb26d3464021776fce72331bdda989438ddf54b537779

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4994ab69a2e29fb585584b98ff02990a

SHA1
63f8230adfe269448391e15c5effacdd5d0f4243

SHA256
25f72b68d2cbe6777929267325610be47898a807482c3fcb7073014a15e93e60

SHA512
74fc628fccca56d7e92cab9ac269f9d3048da835ffb28147f42857168b304ac075772a90f96dd71dffd35b0ba3a447d0c1ff0f5a9a9e66484ce35923fb98d866

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
d3fc5a07521b0aa4bc74c20c8ff5e63d

SHA1
9ea8b04b7aebffc4f16d70b8c9bd006580667f68

SHA256
b8429b57a5356cacbb48a2b17bb87a1335fc86014153fa89ac1856f96274869a

SHA512
0848385e60bb6626fafc5518c90fcc1661189b9a9a0f206a1eab22e54476d46947a88a1daa0c146e97902deb1f1d9d72a0660d952167109e9c5acf5335580114

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
98f8b3f2d5b1414e5a94ab91f07948fa

SHA1
6d41c54e47c189ca11f41bae2fabc418bd70d8d6

SHA256
8159abe8102bc06ed58836c23082b00128b0105c3b2192389cb8ce26839d3a85

SHA512
0e8ec72b001bfb553e9f4a5d9de2eb59e617535e7d65f75fa4176a99c11175958dc67a25fbd347ea8276e57aad52d88778287fe9e247ffcd06e49d55cb3209e8

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5735540351959811517tmp

Filesize
569B

MD5
ef702137c1b885bd3fc2eb03969ce38b

SHA1
eff33389ca3216d45cb7a069af3e8947720bb91a

SHA256
4ff80c9e98b7c263150a6453030d851b72ed7b9b0660e08185ec2c2e3fa3ec08

SHA512
8e5d7f3382b580f82f17d69a913a3dda86543576404b12c49934199dfaf89244ee36b540e81499857c534d068da1e81c748fbd1c9f6f39c097ae1f797fe07a77

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6016808758144464898tmp

Filesize
90B

MD5
8d2a8aa7944e7fa14d6f1dd2a8f99bc5

SHA1
4904487af26e3946cdb486eab41ffc54200059da

SHA256
62267c7785ab4a5a1c5c28d2f106a67232505e7b479e6eee65549f2fe19a7a4b

SHA512
b02d6962252b5f99436bd0b0baa078d190a37f92d20be93b2ee4fa659e23abc01129fc42deb228026cff911fe15f1bf3cc8f4e89013944a4c30b9b2a02c83b3b

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
99c16c72bfa5a67540657f519b5b742e

SHA1
5046a4996a9f8382b9c9787ab3890b471230451c

SHA256
ff076ae93376538338579cc61e32594e84805d55d6af4b9334cc371a189ceb8a

SHA512
d029e6e63f919b345f82b0b2f48323c573aa4a835da1fa4ad9b157ba97eb1a27ab2f4486ca13ef7d96993be1b2fb2b4bd613c1614c5762c4074ef5441362a313

Download Submit