86fd0b4a0731cbbe38241ba277f98a4c7c3f88a2585c4ab88dba80fdf9418b99

General

Target

86fd0b4a0731cbbe38241ba277f98a4c7c3f88a2585c4ab88dba80fdf9418b99.apk
Size

3.4MB
MD5

1577e6c6c1f38c25d6e1b2ee6fcde30c
SHA1

2716d45d033cc761079e17bdaf95bd03dedd9857
SHA256

86fd0b4a0731cbbe38241ba277f98a4c7c3f88a2585c4ab88dba80fdf9418b99
SHA512

e70e51f0103dadaf3380fd139cd1d7ee0f59c9c3263bb169388e7b17ce259609817bbeb6465082bff1296d5e6713bd8a8a042eed5d035d6b7d72ff582ef964be
SSDEEP

49152:NLZ/VatSV2Bo+4tdc/ThZMH4ToTwr5jE0rljwvsrhEZGDQ69kw9kK1iD:PVmSwX4qToTwr5jTlU84GDHX9k4iD

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.drnull.v5

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.drnull.v5

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.drnull.v5

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

com.drnull.v5
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5146

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

System Information Discovery

1

T1426

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
7c6889fe3ad60d80bf7f3c08898ddbcb

SHA1
525ab82a6e6d99324228cd13ba80a69a3c7e0b18

SHA256
f58c9164d05dd772510eb00751e8b8d707612c042a10dd9486380b925783a4af

SHA512
0d68466083b1cec5a6528964fcf645b0252447e79f9038907b6dc5817f4bc874bac0a9263779f96a905ede72da9a02759176811d68e766577a1aa0460e02d681

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
16ff89a7748bf67094e55418aed66a04

SHA1
98357400f39400d1a8b558909dc7fe1d34beab5d

SHA256
92e44a8b3124db4557b1a383719b2440ce4d4d9b9305b36b3bb4e4684cd13358

SHA512
a61ef610bed78bf386f487d3211b7db63b3ee2a785a1c1b4864515d04467cf8405d7693ee739118b91b0cdc174f993f6c40285fdacb727c2a40c6f39937ec705

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
eb89b4f537546691f82128a2c8b8cb3c

SHA1
d30a61d45b2ea3cb24c40f319464dcf2bff4c7f9

SHA256
c8ed36a0a21419a93327ca58a28f52f56525b5dbf4120d3505bfc9e50bb10944

SHA512
6f87e5d53ad5f7a2fdc03446f47745af45c0345923da87901005a692b583dcd5bf60f86276ae14533c00d678d24043108d6da534de3f43a94301cce29910f2d5

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ef34121406a3aa783416af0483679f52

SHA1
528582df41f23f2fa57e48e1d72748914913270c

SHA256
7fa896b8db476a0b0237152fbea1e73b1f472be943633f423a3e69734023ec50

SHA512
438da33c4ef04fd5501d94b2491faeb687425afcc031dbe0f4b9fe05234e3b970ac48f8cac8f34bc9b2b8502b8e1a414e95dcd39d61d3c17458547361ea9171c

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation7136898187527235708tmp

Filesize
90B

MD5
8af725f8f2344d0bfc6aac45f5ffc233

SHA1
7a80e663141dcef94b00b8c8f25d43250f07240a

SHA256
da29a3f6a8e7164bed5cfa5744d7c3a9470f65866802c4c22e852891f68af591

SHA512
c4ce2b197b0f9152bee2142c4d37b34cea61f32f3832dc21b89ecea83c34992c3ddca14082a079b096bcbda5b90b10983f62a3648a373fbce3f1b0e685fd8703

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation8019419225932855509tmp

Filesize
568B

MD5
7f2cb25eb138fb3f3ca9ef7460e76506

SHA1
5b1e6de8be2e1e739fb626933d58cc80594537b8

SHA256
c705181030c19d0aadcc545e3e1925991861ac9f40265f6822b4b694b4dafc5b

SHA512
4be08e42d67eacadfb227350bb8871e435d8f21d3c69773bf12f6edc60da6fc576b5fa10ae12acda1387439f4a068629f9dc4c045a3510fb6c4ef4e5d760d4d1

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
5a6330c4fbcb24c7bb9eaf3eefb5c604

SHA1
57a9f02464d2f3c3ffc7978dd235c68dd25cd21a

SHA256
d205e275d914933eb3ed18073d63467229cfc71321350b2e8a416684de28ae5a

SHA512
4a6a0b747d1ef93974389855928a877226986f99d5a11b36a869eb738af7db9d229904b70915dd15353397eed7e90733555aba57bbe67fe61496843cac964317

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads