6a944ca56981593bbe69ce973705fd9b65d3d1c1b7452dd3b3080f48cd7c65c0

Analysis

max time kernel
5s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
23-06-2024 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a944ca56981593bbe69ce973705fd9b65d3d1c1b7452dd3b3080f48cd7c65c0.apk
Size

3.4MB
MD5

d126056d0dfec21565be6592c9ba809c
SHA1

75cace7c3062ac7fc714cd14ee02d558dc6771a2
SHA256

6a944ca56981593bbe69ce973705fd9b65d3d1c1b7452dd3b3080f48cd7c65c0
SHA512

549819d7c455f85d57e04c7e90c0543134b12bda158b62432524f168877dc0fa019ed9562a3a7ed155e6d898ff1926a2e5fe9aa68c799499620733193d4f52b8
SSDEEP

98304:QQmGSOlhFgcJvDLkRCQDOiRToTwr5L284/7+znM1a2anbM9YsA9rSMY:BmGSKFdJbLkctu287zM1a2abM91A9fY

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.drnull.v5
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.drnull.v5

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.drnull.v5
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.drnull.v5

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.drnull.v5
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.drnull.v5

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.drnull.v5
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.drnull.v5

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.drnull.v5
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.drnull.v5

description ioc process

File opened for read /proc/meminfo com.drnull.v5

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.drnull.v5

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.drnull.v5

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

description	ioc	process
File opened for read	/proc/meminfo	com.drnull.v5

com.drnull.v5
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4170

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b694e4a8c044eb94d9a2c3640f992b4d

SHA1
246739de022b9ecb88e3e86908e884f98380adda

SHA256
997643e221ffa6cf0e6f5df372dbc906277e9986fcac6ffef64575148923033f

SHA512
573f29014c2a9da336a236d9701d304267b0bd3aa11863c477147dd201598a2cd36821ec2be848c099d9ee5d5c87a71a9df9933e1939c486082945515fd426d3

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
d7e7707b0487f8449aa242bcf2fda892

SHA1
a5bc05eb9d08f2d67bb6681d5695775866797747

SHA256
8a30772390656afae2e581f06826d74ca41d234c4d24d543fbf9fc3daa38ebb7

SHA512
fec4bcb808cf2f648bd654635cec616403c2f73abc49a80dad700770cc3032da14aab18407581343cf798c7a29addf3b6df059d6eecfdf912a1aa5beddcf915e

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3982521037690819734tmp

Filesize
90B

MD5
88a15df18135fa72e83852bed2f8ea6c

SHA1
45f13fc669d159cd5f42075e93956a8bdd1d8c17

SHA256
c1cfdd0ae9a0055f8e9cbc4ceb562105d9a7c78b07ab9da6256a93a255bbb96d

SHA512
da4d738f7571f40b3b4da4d6d534d88ae8dd5abf31a6da931bff4ffaedda1407e48d8a8b29724e2099307899aaf0a263d14bba4285e7273ce5525eb04468115f

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4720048523951226213tmp

Filesize
570B

MD5
173133b2d5b00ab98135f4cb411cb96d

SHA1
549500528378b4a92dfae80cf867e7f40a76fd82

SHA256
dd03194c73ba513c6b6746a83820d27a975f0596dd1554c8b5e4dd13e83fb9a5

SHA512
82d613eb45782b83cdb2755e9a9c75957932f7b336c032a1177cbc54eb70316b1caa6f29a20d3a78e8722366eff5c10d58b5db94febcabbdd268131c1161a3ba

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
327d550bd7bb1037cecbcdd268dbff5b

SHA1
caccd83cf7952d5d835881b66f815e394c5f5dce

SHA256
0370299e37230d2d0df3884666e5523dce6275ceac5f0ba3ff2cd55ef56e2602

SHA512
9c6e1a849573a1f95c61e8f52a62772778a1a931bb3ec5c899729f2faa4231f057da223da4abf2dcbb4b923ee1b889cef366793c57e7710898f8e411d9d85ae7

Download Submit