f1380e5d89b2c8744f55a5ef24e94d10102330171210ea5910d71c92e0d73559

Analysis

max time kernel
8s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-07-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1380e5d89b2c8744f55a5ef24e94d10102330171210ea5910d71c92e0d73559.apk
Size

3.4MB
MD5

78f8e91306ef37c5ef76607c283c8a16
SHA1

dcbb90211a6e1d10586ed2b9b257db63d4e5ba9c
SHA256

f1380e5d89b2c8744f55a5ef24e94d10102330171210ea5910d71c92e0d73559
SHA512

511fee1aa30f93c9fd4d942c463e265190e830b44d26dc648a351d4f2c38b7ce56841a4f709c7164a003b9d0145786b522d3bf2e30757d8583d2e886673cb62e
SSDEEP

49152:XL9/KaBZVIo+4yc/ThZMHaToTwr5jxDVlhuoG95r/n1r8iyYDjTsn9aO:ZKWZO43ToTwr5j705r14wDjTsn9b

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.drnull.v5

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.drnull.v5

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drnull.v5

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.drnull.v5

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.drnull.v5

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.drnull.v5

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.drnull.v5

com.drnull.v5
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5009

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.drnull.v5/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
ffc13bd480a6c8e014b401dddac4bc54

SHA1
eb7ead40e51a184f92fb2e527d4bb6943acafd24

SHA256
699a6a035909a6a767baf568d85a53f6bf041f9d69426ab99d2158178deb126f

SHA512
9cb1fd991c9eac4b101590324653e9b9cdc4ffb71cb422bf53f7c40034d0eef2bd93772b20cfafc15123a7d77ee90514c47c386f617daa1356eacf51b9e30321

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b271f071154fc0e915b032be02417c61

SHA1
bb56d8a9374c6e2f6c3ee91089d494edffb5f112

SHA256
fc0706ba9cf9b0def9576c46b368d229b90a949eef9163df14dcf2e5aeefcacf

SHA512
e2bd6162ba2027ac57cb3e78967916e20ac11969eff24e0066c4a04fb8f6c4ebd81e175dd29fc0d1213e227985badd3d8ac1bb1217494391ee76bf063bd8dc36

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2061ce83e32171f8371537ac7341d048

SHA1
f3c83fc57a4a36c3449f85677548fc1264a3c414

SHA256
c34f1abf5ce058dd77b92dd797a28a457cb0036b4743bf0f474f2e1ac131bdf4

SHA512
eb678bd75ff9e57f0abe5cfe2e0e87a3a210706166892590ba44ab7e9d80ffdbb06370d23fd4a77ce00908ecff3b6a744efa8426140b010b281d7e6dd280f69c

Download Submit
/data/data/com.drnull.v5/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
10987171152640bb6483f1b2ac3bf812

SHA1
be6a7217a2286d3dc3f4085529857f5ed19af9bf

SHA256
ad5384ef7bda5c4c733f54fcd2c32b3e4b034238f711f11046f9b7bad6650894

SHA512
c4953a493f4d0c4972042a666792832de90e08053a9e2c32a7278fda1d94b9751955e39f9c527a98da6f7a75e179927df19e30d56ae294b4eb12dd4d6b4dabac

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation3494398403017936756tmp

Filesize
90B

MD5
62b26454142a67f8869ecc82dda3e394

SHA1
8ea70940c6c3aa14e7fca3dda9ec185befb83a28

SHA256
6cd008fe2443ec024854159222fac903b4b723bf7aa666505ea4159bc337daaf

SHA512
5217d927f9e69695b65c9667029af4c8d6e6cc5fba635bb83f5674a4ad8a397273b58e8ef080e64e287fe43bd5da0de1171e397d580a0be8a88dc48c25ce03d9

Download Submit
/data/data/com.drnull.v5/files/PersistedInstallation4260260918101285880tmp

Filesize
570B

MD5
34766cd4e442a6b2e155a5e516dead3d

SHA1
4b3433bf05ccc8d40f6e0c3f3247747aebeb69a2

SHA256
683bc11ff1187f3df2a6eed4cb669b58fbc4aeadc8f3d19a3937acd6bcd177b7

SHA512
0bcf588ac1509ced33295195c9ca623c2c0d04bcc59c363562d3d9c718c33fe12df38e638ff8195927002277e7baa4dcde02675b55836f9087e4dd79c4f10027

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
27399fdcabaecb135ee09ef7d56d973f

SHA1
ff64b8ba7f085853130870cc4e4aa6b9a859faca

SHA256
d55d0c545ab87ce36c8c3cf67a17d1d845c7c4df508fb864470a474df56f59b0

SHA512
c4b77a1ac838ccfd9dc24eaef84b9ffa61792e5aca205cb737625e1abf0a050fc77b0662e82b96e8f7dfb45a7052893de132e07138cf08d118a6eb57ddc3d7cb

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
60b458cbc651f18ece52504d1fb5ead9

SHA1
a4b3409d910a425b4b34a95173fcdfe1e953e128

SHA256
51a4294c3ead3a1a9e78ac19d855641bba6ea42c65d69b2a63ba8c3a7d075d94

SHA512
219877a107d8501b15f4012528851652124a495457a3190488a10eb643c00b162823f00063caff817c82d85029db20699a7655bfe94fc340d19e29d359b06b3f

Download Submit
/data/data/com.drnull.v5/files/database.db

Filesize
102B

MD5
2f4bc3d4e5440ba04e850133a84bf75f

SHA1
086f148e716d27aa8557e6ece89f7df3e888bea3

SHA256
e6bafebbfe3a8347d90ada0b447d889875f560bf0c38775d5ed61ae7af52fa6b

SHA512
e7b428c9e22d10b405515bbbe142ac8e8040c51c84c204d5773efc925c3546707aeaeb9c2d711148341bf5ea732b84a4a750b630fe85095bdbf1a4c04c19e1a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads