6a944ca56981593bbe69ce973705fd9b65d3d1c1b7452dd3b3080f48cd7c65c0

Analysis

max time kernel
8s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240611.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system
submitted
23-06-2024 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a944ca56981593bbe69ce973705fd9b65d3d1c1b7452dd3b3080f48cd7c65c0.apk
Size

3.4MB
MD5

d126056d0dfec21565be6592c9ba809c
SHA1

75cace7c3062ac7fc714cd14ee02d558dc6771a2
SHA256

6a944ca56981593bbe69ce973705fd9b65d3d1c1b7452dd3b3080f48cd7c65c0
SHA512

549819d7c455f85d57e04c7e90c0543134b12bda158b62432524f168877dc0fa019ed9562a3a7ed155e6d898ff1926a2e5fe9aa68c799499620733193d4f52b8
SSDEEP

98304:QQmGSOlhFgcJvDLkRCQDOiRToTwr5L284/7+znM1a2anbM9YsA9rSMY:BmGSKFdJbLkctu287zM1a2abM91A9fY

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.drnull.v5

Acquires the wake lock 1 IoCs

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.drnull.v5

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.drnull.v5

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.drnull.v5

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

com.drnull.v5
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4340

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
8859ec16aefc92b343749216078694f0

SHA1
290466447b74d8aca76d6f2b28e7d18ac17acac0

SHA256
fd6ca2299282e4b99de92a030b0c47f49957da32fb885c06381f7f8d03a4aea0

SHA512
3f6b973024e31c338cb02c83865b33800d43019b42be4423e4916f0a8777466e1fb0232c8efd5215d1481009c065d2f8c00c7acf3392c7806ea29078b0f29114

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8b73f8d4e9471cf38ff221f971adeb64

SHA1
8dccfed1248ddf079a86480fd66b93a47e493292

SHA256
57c0343e9f9fd4afd6ef5eec369eeb6e5542b9ff5f67a6d5874e440e794c2d21

SHA512
5a07463140bee71b1cfb943f41ac52062b98b648940e9de5eb0c7491ef1f40f972fc27d9a3f26369c8d57ec61884cc287083928319e19d12caedfa16dfa78b84

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f1765208c6ab8d5788f637cfd8753eb7

SHA1
0c0f16d7e02f6ced9225e60291fd7b8b04d2a134

SHA256
1b95e3201f4ad226f76763599e4b8607e90a20b366a541f77602605cdcd582d7

SHA512
6f60e2d5bac7a68c20dd9a0245e51e40da7ad42995d23813d31fc8dc417317c4a98731f961c9cb682f96d8602476263c0a6de2fb613fe7b38fce4a60c10a1d57

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
762087e3c2813b48b66235f6fab6e5b1

SHA1
e2308629bbe8e5100c3ef23f4688c2bea6992867

SHA256
aa6505a89f7353bf3a29d8396de2b5e6c43214e9d8995cd03547f35c3c83a53c

SHA512
8ed184496c364b2a118dc233b857be72404fbc4aa474ac9402470416b76da47e9783b3883a7f670024f9f3392bc5f51e78d65116e7aa5279018669fe2111b49b

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3047339848606866946tmp

Filesize
568B

MD5
96fb9ea3da4893bf3025e77c02f7fa5c

SHA1
646f22a0be4b76b89ab85747a28ebd3225c8307b

SHA256
7679f89b2a2becd0e65e2631427d12b7b5b480e8b095c7c926ae826b308cdc7a

SHA512
c4c2a6b22d0740b3e73e448c0536e00e4065868bc7e35087fc8d4fae0d27851323e1b7f18a997d9f076557e7861550b7b44ac00e84bfa0a952bc839e56d255d2

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation5654834791709532223tmp

Filesize
90B

MD5
f357c41de9131e2bf16c2255b97da7cd

SHA1
06076771b3133d1d3722e7bdaae0e0647d149bed

SHA256
5d34b079d536dd02597f8cbe2a58f271136e1d8af1b9936f42eca108844a7914

SHA512
c69f76bed59780a8e50b3d758b3e4993024b09f9e8d065fe13b21d1504d2daae2d49b1002f2238af4f1bc9723cc087ebf6e1c42aa6498f55461b3a025a6ca2df

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
57073ac7eba1780038cb8716f8b2269b

SHA1
1ea0167ec71383ed3a7773d5f2c56e2f97773d41

SHA256
c5b185e895fb396720928a714ad0a4256e5d1dbe5ee7f429e160fe9eb8fa3465

SHA512
9729e3004bd3e6f4d1c93a35c9eedca0d85bb1c325f75aec54405be4a9af035292503965786eb3207fab8fa8c1b708fc851c12a55b5784a8c969b78b6544ba9c

Download Submit