ae61ad1285e10bf40eee86ef759bffe15ba8caa3507039019ffa09491b5aecfa

Analysis

max time kernel
20s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04/07/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae61ad1285e10bf40eee86ef759bffe15ba8caa3507039019ffa09491b5aecfa.apk
Size

3.8MB
MD5

01d05d1f6a46395ad873f0d70f7cdc17
SHA1

47c9dcd77b70b4ee1a8975e80be13afc365025ae
SHA256

ae61ad1285e10bf40eee86ef759bffe15ba8caa3507039019ffa09491b5aecfa
SHA512

3b7f34395094f675833095618bce3fb65c409dce24ad4386bbd21ad5b82b100d8022389e5a2aee2171f8d10ad9dd1c50bef7d501a1ba8c8bd76f6ec647cfaf2b
SSDEEP

98304:vQsNgBCK0b2W94SdeAHIWRmtqSToTwr5Le39axM7n2x9QZuAWb:PgBUb2WuARHLgtPy7n232K

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

com.drnull.v5
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4502

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
f3d7510276c24245f89d719744a16fd9

SHA1
fe86114cc132c932451a2945196aec561dc1926f

SHA256
42359329a051740070bf91a81ddbafac023a9143ed6e0449113f7540259b7381

SHA512
36581bce4bc4a61a653f01e6c2d428a90b77debdbf6b58d4ec0dfb9be83aad215605036c047493e291c2a57c4ba4a06a3dd0ca4aa75c766dbc8512af3585f6ea

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
548324e1c55bf60a8ffe906397f8461a

SHA1
f01004fff19064e3e955a67b7a3812512ba45c1b

SHA256
4c5d59b8681e123d6bf1f9e28bee8f9e95036110a806dac6f14b1d6b2666f160

SHA512
d7283ecaaa70d1a7bd69b849e36216ba6c1d768844a529a7d76a7c43d8d2725f33824fa900ee312aea2d99cd40a14becf52ae00c74b314f2645f1497fd92fa49

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
f12c72d8897649432803c4b886c67d38

SHA1
4b4cb3bc7aded215f5a7ce91f915de9945b6b999

SHA256
da8e79e26b9422b5186abd451d690a3e559b705de23416baad4cad28546a0040

SHA512
5913b94adf1457b5d5f5111baf5657a4b8530be70cbb0024a5b7d57676b7d3505cc6edd9bde083585445e4871d715369a87dcab8bbc5b77b6a461cac35b3c420

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
230d1916c0aa72ab2e1104beef7f83aa

SHA1
20adf155426d23bbe2251b293b197b25c80e8672

SHA256
fd23d05f5e6c3ea94bb99e3f8dd03b5c8934c3b788aa8fd927467c3d66113ee6

SHA512
15781c24bc36b6eb3fbd74801229342e10e2d1aca18038d0159ec3ae5a1cd9eef3803f6f16915d6d1411991e62f8ce28b4fc8669ddf1cd07ea84451e0c5597d5

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation1462846933063252667tmp

Filesize
90B

MD5
32847ffc33f7ec3f55e0e7c3927ff191

SHA1
1247218ee3460b65a4e44ed32bb3cb42faa18683

SHA256
e9b010697a2d5551e4c588dbc26cc9105db41de7c14bcaa24ac9c9d60b7e5fbf

SHA512
ac7b35c688dba81d579237bca0dd8964ef7fe98547ba67c0c2dfeccd00d5485570f1baedb5f65c88d569a7d6ab5c824dde2ae67af00defeffaf45cb595977cd3

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation6877496770868308816tmp

Filesize
567B

MD5
355d4ef93dced4a6ca214619ab842d7b

SHA1
24e988866895981abc65d83a0b1d57a800fa0261

SHA256
2dd3a95a7bed2955da59769b8654e389f03ae483d81c3d6b659d7f69ac0451de

SHA512
fc2c2351a582a11d9ffd3da10f85a4973e1680dbf506600551f1b2e6ac53ba00e1fac494f545cdea605f96113e113a747fc5be249c531c547023d62f9249e41e

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
52130b044a0235fcf050d7ac686f0c6e

SHA1
4f11bba9b1bb873af9924b901b0de6c362aad3f7

SHA256
90424b1701f857569ed1e5a0567341d09cdd9a4da5c7b0ce41f49f005f2e15dd

SHA512
f89a22fe782c5471b5333aa7c25cc56176a649d0d0a9b7cd72f9f9eaf6e9cfbc08ac762220ccc7ad0683d09537010c6a87c35e7a5d7720eb6b2c0249a9aa4e37

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
bd0d21205299ef2291f621ee3c79f250

SHA1
7bb69fd02bf210c8eeb400b65c76840a430ada18

SHA256
5f638d4564eee2d578c923aa7d57d6a398093f1e89c2f899f4ad81fe60a6ce22

SHA512
df71d580b144b90df21313aaf2213860a3ce4b0cd0f82446195c0bb90d8e6bf25a99f0e7aa54ca3528faf0e0411e620ffee0e097b68c0100fd1cbfec47210161

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
e39386b7769aabbf01dfe88a221ba6fb

SHA1
840ed49c7ea479656b29a14ddc111b0cf3c145bf

SHA256
730e48fb416131ec6f050f45629f4e146ee30a2e461473d0b102db3d1944e22b

SHA512
bbb06cebee6b25e43d7fad53671b0a2b3f478d235bb3ba78b5bdb396dd19f66a1ea95a576fb4ec46c7ec7ee5348c6096a3d1444c0f297f42f1036734adc7ff2c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads