c5a34dc7c972762248b36b48cce65b830830e973086cfa62f56bbbcfed185e03

Analysis

max time kernel
15s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5a34dc7c972762248b36b48cce65b830830e973086cfa62f56bbbcfed185e03.apk
Size

3.8MB
MD5

7112e3ec8af8fa4a7b000ffcf1f8a464
SHA1

84a6ecfe08c97f871ff8aa4907254395b0524ce5
SHA256

c5a34dc7c972762248b36b48cce65b830830e973086cfa62f56bbbcfed185e03
SHA512

a31f17f3af0b6d8d550bb9ca766d87f066c63a9b777545f02022cb8535bdb111ec92e2e782b738acd84154820d608ce4e35cb94a4d83896ee42c47b70f12c3ab
SSDEEP

98304:g0MqkFtV7Q1qcuPQeYLfToTwr5LVHSthcr3WsNrGiGS:fkFthQ1IAxCyr3W2H

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.drnull.v5

description ioc process

File opened for read /proc/meminfo com.drnull.v5
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.drnull.v5

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.drnull.v5
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.drnull.v5

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.drnull.v5
Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.drnull.v5
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.drnull.v5

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.drnull.v5
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.drnull.v5

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.drnull.v5

description	ioc	process
File opened for read	/proc/meminfo	com.drnull.v5

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.drnull.v5

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.drnull.v5

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d2e63aca89fc8a9135b5b3a658f27c4b

SHA1
191f0a3b267395687d3f0e3d6ccf1f2f07866b32

SHA256
e6442eb599c81fee8e325acaeb4b2b109d41f4b3034748740aa650f4198dcb3b

SHA512
ae4382e0892958232a11842aa769632bfcd0528b278c53229c4ad158ce3751162bc98da249dcebaf957378b52f81bdc9b268297e80a2fe9401e8346388d384a4

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
e029d9ca9877656ae34bef911a340d79

SHA1
fa755e43de010992cbeaeb1169106713cd7b0cad

SHA256
21b62714f4bfabd3fa249090b3f62454f1265023a17b7bd471e39ea2ef3ccbf2

SHA512
bf525ad3362ac42fdf777c880fcd7c76e523f91e30ea066231634b4e31887e843e0349805144b6ec735503feb03cdb9823deb76ea06d8f096933b9f58f704eed

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3064439581048372493tmp

Filesize
90B

MD5
29d5aea6f2c1cbd18cb483489f8ee178

SHA1
2dbc827a4910ce2530b08c333249d8b7f4288fd9

SHA256
28e483b703df47356a6f7083607efdf90750a82602aa7fc75565c294bd4ca765

SHA512
e0df0882380022e31aeb1c57d80a7a2f6afa04cbf5ee84c0406f3803b4d821ab697930719676e18c5eed894b21f73c58d42791839a2918110245073a439d5915

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8108308383283452666tmp

Filesize
569B

MD5
cf5f5c52a41d5dec0bc108d599378093

SHA1
95b7ef491cbe8ed87fe3e2a3be49fe8a2c3c298a

SHA256
6f01f8cbf43a36f9af38c4b99c7229d8d7a109f2e8b4a13cd7cba139f3c87d74

SHA512
dddead3892a06edbbbebb8ac77c7dd46bde86c9df8ba773ad054b7eb9fd6de644740c96361775ca99f592572efb4eb4bc6ee61f2e28fe2b46da503c06da9d8f8

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
cb3c1182d168de391a0d2cae677e1ad1

SHA1
961e1ed3a1dbfaed4683f78cfa195f38058f4c5f

SHA256
64409e8d2d903cafbcd4047d404d62e9f3347e3aaf0beb6c69b7a459bff3d157

SHA512
cf7c11151a72d06b62bee576e65cc74119453bb8b5e8f918b06de3b085bf398849b382325de19c7729419053b0d9339368d902c571cc411d97424a13970210d4

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
e1d4da66d9d9918146a7c099d8501c78

SHA1
b17520383c53442e52e20064751a298d8496ede6

SHA256
42141ca03f43d8623b61a4338cbe908b05a82605591e5cb810352747fbcbadbd

SHA512
97523f5e78a21e9101191fd4f4524c1660221f94e2ff41804beab1e02cf54979d3f9d73a4756b82ca8783c8efd8e45eafdd7a251fd41792808fca057d3319457

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
a3a46e909a8e78da96fec170d7c9931c

SHA1
1350f37fe2d097bebe682fb5da95699407568a6f

SHA256
3d2f7886105fd69b367dfe5e2503d15906624d36c8654268e4cb0cc2283765ec

SHA512
1395714a6ee8a37f7757ffddbdef6a4978624d7547f58015308e7c51e7bf819d3e32070d7def48be9b85458db918afa6755fbbfe0e1a45d9c2519e273bd70b51

Download Submit