Malware Analysis Report

2025-01-19 05:28

Sample ID 210723-513anp2bh2
Target 80371_Video_Oynatıcı.apk
SHA256 a47d4dcdbbba7f39617c21269ef012d37c9c2830975767aac9c8d724459d6ba4
Tags
hydra banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a47d4dcdbbba7f39617c21269ef012d37c9c2830975767aac9c8d724459d6ba4

Threat Level: Known bad

The file 80371_Video_Oynatıcı.apk was found to be: Known bad.

Malicious Activity Summary

hydra banker infostealer obfuscation trojan

Hydra

Requests dangerous framework permissions

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-07-29 14:56

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2021-07-23 23:53

Reported

2021-07-23 23:56

Platform

android-x64

Max time kernel

3586883s

Max time network

72s

Command Line

com.phkdggua.elxnqor

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Requests enabling of the accessibility settings.

Description Indicator Process Target
Intent action android.settings.ACCESSIBILITY_SETTINGS N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.phkdggua.elxnqor

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 216.239.35.8:123 time.android.com udp
N/A 1.1.1.1:853 tcp
N/A 185.199.110.133:443 tcp
N/A 1.1.1.1:853 tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp

Files

/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/tmp-base.apk.classes665678707396736953.zip

MD5 6b6789fb4fefe71a0fde94b685dc9f6d
SHA1 cbbb4d98d0cbd7a8fbe2cf80ddbbce2589f6f8a1
SHA256 7846326b6dd92c9a72aac4a44f2a60963f72eb6b94a64866c3abafa640281062
SHA512 e3b33597ce98c031205f0af1c0a50193641af6660fcd38aa04e49ecd5deeeb12e276a88c7573057372e49ae2101721f336d7a45f8938840a2e8b911422380977

/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 478fff52f7752a4618c8a9a1f7186c2c
SHA1 fee852714a0c6a897e630b6efe5c75ea6a333449
SHA256 662caad62213fe2c58f026125596737605176eafa307e26319c9d3d70dc48902
SHA512 03b15968e890893aeb61c912500c764a1b886d5d84412a33041c34de963e7007a1a37c681b3506e2c21399a8ffa297d118d1b54a1ca8a32e48cefb086a184e02

/data/user/0/com.phkdggua.elxnqor/shared_prefs/multidex.version.xml

MD5 ceb2aed4d0759fed95bd697c0defd876
SHA1 3d619c2bd50342ea555dae4381c6178284b53be6
SHA256 b7b0e89aab392bb329287a527d3fb15f8e1efa262256aceb6103075b4ad14d33
SHA512 578fe84458520a65a9fc0ded29671e99b30d39f60bb469b14ba917e051aa795a7576d65165e062767cf5461194ada3548a60ae82953a819df380be4bfcafd7ae

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 93c8d2f050ab9209072bb9d9707dd1ac
SHA1 12add4a31ab15ccb498d7c2a4205d688440cb229
SHA256 ad81ed9dee8dc418db36becc45cc80796cbb4093ee0d9a402e9e850893660397
SHA512 0629bbd8850111cccd7eab9397dda6556cea04f95b86f583d586b6d15fd7a74158503ceccbd894b3427b924d7691fc13e6a659f3774f7a91e538f95b49426b68

/data/user/0/com.phkdggua.elxnqor/shared_prefs/prefs30.xml

MD5 12d6ab1d27552f5788e1667ec0eb1360
SHA1 f0c1a775a55b7bb45fe65579b526cf4360c0c4d6
SHA256 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18
SHA512 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 88c88729ecdf8469b1c7bffdfba433b4
SHA1 3189e584100382f5b58cf50cdcd7699aa47c9358
SHA256 24784485cd6d2fc30ff999b4c5b4b08d2e404a511e92a9e49852b74c56236390
SHA512 b7d4c29302e86cf888e9ec10bbb46a9f601d691875f20b99a761f9916c34e84e9e5b4d5971023cc3bb8f9ea28a6e2f6b8bfc52d4add9628f7760ce441d7a2e67

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 83f20a60a75ef6a3c62465292abf5eb4
SHA1 87e922259f74ebf02d3ef1f13845f6b21a007740
SHA256 56e823e6b951e8700c1515e957dbbfbc1854467ea0c0eb15a1a8cb3008aee2d2
SHA512 fb4261286812c197e3e790305fce7e962e3553b542e440e56cb5953c1546f2c282addf6e52fac5197744874a91993d9e24248de59a2e3e1278240ed35d809a44

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 01bec880513a6f2b7241b0e670660b2a
SHA1 1a6b70e481322a299baffbdcf876fd5ece1f7097
SHA256 dec8bf6a42d43987fb4008e639de4ab4261dc046ceb5af093c431c78f1f0a1ae
SHA512 c849d375a9e5c36e26b912e0e2c693283b2df751357e9fe748a695ae3d5335027ae56c1d7fb48828fe15eaa6723212a62461aa56a2b4ee41471e951e0c14bb15

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 9a13a50ba3a9feecad905f8385052f12
SHA1 ea2ee38b7e6383ef20518b50cc5a515fced8c376
SHA256 969412497c549390ca55a9efef25765b0d5572c4a423f54fe253d0c8631d157f
SHA512 b954148e2c239365afb0ed55a787a621e33a8005df32c7695e0d2b9e83e4d028b98f423e0e840ba5325733b785b1bd484320699c7cbe3c2d259b441281ac6600

/data/user/0/com.phkdggua.elxnqor/app_apk/payload.apk

MD5 3baeaa766ea7f31a9147208efd957c75
SHA1 c701de3d0e55425394ccbf8e0967639e86f3c54e
SHA256 75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d
SHA512 9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

/data/user/0/com.phkdggua.elxnqor/shared_prefs/prefs30.xml

MD5 b6e8ab9e578df49e49a2d8c311208934
SHA1 3380b6137e8ec4331b488262547efb72a619aac6
SHA256 c60680ed16146c956b1ac45c515f65f4228d793711cd599ebb41944678e96a58
SHA512 f60d44387cd84bcd4d8312f80fc64e9a94855a42ca6ed9f0ad716ba90409f94bd1f2358c8afdfe3558c5d92c2e449afabcd1885beece4eb194080c417b4b9272

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 8c946a3b6788862fe4ab330a05ab7180
SHA1 08a8c68fcf228146dc49671a313b7902547d2117
SHA256 a4376781c5fd1072e039e05ff8f395f2d5d60e71612907d80b595f099f3d491b
SHA512 85c69e43def1bb75da146d1f8577b1b25dfa66698f6faa46da246a577a4925cdd9ed7ff85301174fb22219bbcd2d0c36f5028a0a36269f4d381f309aef1f5e89

/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml

MD5 e16a32fdbcbdcb768456c5932f8f5222
SHA1 b70fb011836c9d3f1283dc17953dffbc5e579c7f
SHA256 258003a0e07b5800a8c046e185065a4610d4bfa3bb1cdfc7d9fa23fbead77afb
SHA512 9de5cddbfd3cdc93e8fadcca7b65b557c77964a28a613efb6b6be962bd286fb309d9402a5a7df96b8d2e63df9e132c11dee1d7023a46c1ef91e19df804253b47

Analysis: behavioral1

Detonation Overview

Submitted

2021-07-23 23:53

Reported

2021-07-23 23:57

Platform

android-x64-arm64

Max time network

186s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 172.217.169.70:80 ad.doubleclick.net tcp
N/A 185.199.109.133:443 tcp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 216.58.209.238:443 udp
N/A 142.250.187.237:443 tcp
N/A 216.58.209.238:443 udp
N/A 1.1.1.1:853 tcp
N/A 185.199.108.133:443 tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 142.250.179.163:443 udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp
N/A 206.189.7.28:80 dhruvgreenwood551.xyz tcp

Files

N/A