1e6cccce8a46aff2c607ee4092f5d2c778e3b0b6d7ae0ed7ac673e5702d0ddec

Analysis

max time kernel
5s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28/06/2024, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e6cccce8a46aff2c607ee4092f5d2c778e3b0b6d7ae0ed7ac673e5702d0ddec.apk
Size

3.5MB
MD5

39f9c0603e5a3422f5c41071680ebd81
SHA1

2ccdea0c77d2c3447f0d89cd43379f64eadb934f
SHA256

1e6cccce8a46aff2c607ee4092f5d2c778e3b0b6d7ae0ed7ac673e5702d0ddec
SHA512

2a0a1591103e2a911edc3c4a32627838da6437f07c17b4378c229a11f54251fac597e928542fe233c1b6e26f04f55f2651a3c94ddcd75808dc1bb9edf3078dc7
SSDEEP

98304:t/uLod7dpDnoagxlToTwr5LCzdOGAXk0Ji0KV:E69XY/9XkOM

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

com.drnull.v5
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4491

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
e33078906b0e56528105ca39058f3030

SHA1
90ec97559cfdfaa67764dab3f1d0da3b5909f02a

SHA256
130964bcd08d971753e6eba87980ba6b6d4ac4b61fc4644dd80896a1653ff8d8

SHA512
4d8537258e23ada1ba2f2580b70c3083bcd18a8d48954617f450e76dbd6fedc6e2dbb9c77f9a66c5d9a201887c08b84e0a5a0674d585531ca1409eb4d1f00135

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9ebc797ab10d708c3d274d65483aa8f0

SHA1
a6846f2c18eb6b866e30aa82238f3af9687ccd4a

SHA256
834d6515f2337fc774666eafd61a49ce326dd3653adc459d1f9e0889729b5864

SHA512
d409d1f7bd36a3954f12525ea891f20b76529d5026ad70c0cb8aa9db6f025a892690cb24e023be5fe3b63ba4b9f2594797eb8c2ac1c0563b3d1adfd1b0d75c59

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a296c582b55dfd122d7a0dae925a23a8

SHA1
dbdcabc44640c84c1c77d511c29ac60704cac5f9

SHA256
1dba073735fda759cb8202b38d3354707074f6c74d8e103d48e549210b8243e3

SHA512
f2ad6bdc849b26c51fbd8d663330a7bd54fce63ff80b8769edfb0ee8c299800e7b4f70f534c52b6f0240bb7e372049ae7bc4d5eb615a416c2c68a70df76a5d50

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
3cc6ed59a663502b9c8e26a7a9fd7170

SHA1
2b014a87803bf5f63f2be76317fcabe6296b05ee

SHA256
fbf8bc324c78e8369ad6a9209b6a20083a092f893eed62df928977b8561dda0a

SHA512
c6dfc11034c5d89d7a1bf71bc33853d2f2e9fa5010fa5c6aceba90ac32edd724798d976d50bad26e57df6a398c9b29a31ae1510f99e71b909f5c0b8c4112e303

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation426461025295228060tmp

Filesize
90B

MD5
b03e131189b09972ea1bf5709756ab6a

SHA1
20622dbeef5e532d1cea04c3ddd986f8049849e3

SHA256
3ee336181c5a297aa282c2ee37dad777b00cb230be83c58bca24e10bd006c251

SHA512
56ea2ed7eb069e40e587bbcb7ce96ffa28b7ce98da0ddc79844f6957955d4b074488fd7ec233451dfbceb969cf2862a54f63059df2ce30dbee5e85f26d4d4c6d

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6957834668154504640tmp

Filesize
569B

MD5
74d131d6b06dfd6030ce37689770c77d

SHA1
e31a08965f581a63bc729ffd6ad1476eda07315a

SHA256
8b8d22971488299123bce10852023806a8fa66989fce1d59e3a2fb4236456f2e

SHA512
ce8038617c737d4ffb10869e6802637dbaac74a7e7d8167cd4abcc517e3dc3335ae686d9bb1e214ede565bed861ec0861a2dd7499f4f3fc82337a0062dd4004c

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
d843b7fb4ba0ab475fd9a649e2f46b4c

SHA1
33d841027b55fd2fdfecc1acea67e18df4df77fe

SHA256
b7148b29a91b2c3ffd27ca6973c1f076f57a9f0de041fbc6a93a026c5d3c9c00

SHA512
35207281a5549dd2ff9c3cfcca6c140befcc5f73a3642d6cd95ae66511568507d18edceffb2bbe9189ea20147f32d2decda73de153dee78f72e3e1ef26e774b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads