14786e3fe720be26cbd551badf135dda21c3d0e664d962b95b1ed88081ed5843

Analysis

max time kernel
5s
max time network
145s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
14-04-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.apk
Size

3.6MB
MD5

e6995652396ac7a0219cfb57a95b6374
SHA1

8a5aaae0b26e62a39a75831c1b5e5461bd522abb
SHA256

14786e3fe720be26cbd551badf135dda21c3d0e664d962b95b1ed88081ed5843
SHA512

77cef5499f9660abf90726d520f60ac44cf5f92d6bca161a80db830613bf8e060a6d2e4e09678df2fa2cd4ee13ed2beff9b5a7f65b6fa572e4b6d97ceb6d87a6
SSDEEP

98304:+1+hKSo6QcUiazToTwr5LXMmFgY35gy88XY+tEaI1:+1WKSo6qiccmyAXFw

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5029

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
1d4f65f51e60282692b16d23a98030c4

SHA1
d2541a3539d5c8a0edafb379df86f4479a9d8573

SHA256
46018ef51c0b60d6481cdd9d49a3552cb3e570b87fa5035a2adb33d2575b29d6

SHA512
8d294e213f9a8f3ec34764665133dc115aab8c99d8602803f58de8daf07325157bb3ab016a400883af7e71955235fe6eb75b9c5369f69266b42b98575dd31fff

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7a095c375bc93b43b5b2cdf49dd599b4

SHA1
2e688339e69ecf517cd6ef7838c0398f255d6a53

SHA256
472b65fd69d25a22f5533ec0bbfdbffb1c271e3571a15721a821c47aed157893

SHA512
ebfc1b006f004565e687863d75af5b76d92dc44584b3628a35439334da691b933725d69c50a8403b28ce0024e23b27f7ebf8470e9b3beb48c9b1222709448eae

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ff7ee27ddee4f5fa5888dd26cdb43708

SHA1
50b0f281bbedc636975ad4d1f5dd37a76f8bb294

SHA256
cfe84443b26a47366f9b842c6a4ead7ffbac483693703ffdaf4d1f4f9634e2cc

SHA512
4a60811712af62707d37ffcd52eb98602a4dd40512a733094d4fcb78a4f973a722c0133e0678ee3d757c67835302953fb58ba9328f71be7dff38494266e26cdc

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
c1f75caf7cf170f0b93ceb18cc8d6e50

SHA1
75f30194270924f3d76411217490e4f336497920

SHA256
4a3557ebecbb7b217f33b4c71459a9c4348afa6974759aa8d517b106f6617400

SHA512
c65c0833a55529b168cc220b6c08c6e6c94496ef9b981a033ec4368c8c1333437da55a658a6f91123699af3ecfa2f536918029e2b435799e23bebe05c3758bde

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation2689621367771554687tmp

Filesize
569B

MD5
b98ac56e1290965079bbcb5e356b7e11

SHA1
d36f00c03c8b75c9811f3355277a4adad3e1327b

SHA256
de179b22cc6c9ec6b3756f713972e457e6a33376e2ef7d45b04eb65a89f887bc

SHA512
5c830f1b08478d3dd1b69efcbbf4c2eefc39ab9901ab7ba1119a0fa2db111b8672781e74d01994370b7589fad51b3ae57e4bc44060846eb6ff91478fdf5b2993

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3666812137122680232tmp

Filesize
90B

MD5
2013b622517a4a835bf4b787df2b8ec5

SHA1
592fa048916bd7f9e6bf7562479dc77ab20a3a5a

SHA256
9f1346a7aba44574584581ec755a7a9cd3e253791d9df5c8c1c404cb9c9adacb

SHA512
741b781baddb13cf5bee60fd8a27bbf89f7e75d10f96d8ec6edfcf06740cbae9e6be73ec41d49825afbb6df435340eeaa8ae2eafd11e3446e3a4a6ec500daa7f

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
e88bca47fde9b2a2e27af03f6db14490

SHA1
2fc20e7c13864e408d6cb14a878de2e4335fe709

SHA256
933e26f963789e8ba3a73ffe0e7599944596250f831d128ac3c8c0393e5c8da8

SHA512
85ca792bb0bdc2f9b26b41b474afca2f23b77b1e2c92bc1360cdccc23e7a0a798fba3cc9aa76108c6e927c804816fa0508dd81942f3fc9ea98341d4a40ba5873

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
97bcf627d44b684625a403bc8f31befa

SHA1
ac200810e2d8ba5e5d35ae7556797b9677dcf51a

SHA256
7d80e10efbb2bf9ec3a093da9a99587ed74895ae9f32c9971ab4e9189b4c4936

SHA512
7a96d1c0d11d8db07b13c800006029e0e1bc42590ab0e16825015756bc47f8ad7e287e1079f1885abab03da6876f21acd6a5853487840d46c64b48bf538e2eaa

Download Submit