Analysis Overview
SHA256
a47d4dcdbbba7f39617c21269ef012d37c9c2830975767aac9c8d724459d6ba4
Threat Level: Known bad
The file 80371_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Loads dropped Dex/Jar
Requests enabling of the accessibility settings.
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-07-29 14:56
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2021-07-23 23:53
Reported
2021-07-23 23:56
Platform
android-x64
Max time kernel
3586883s
Max time network
72s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.phkdggua.elxnqor
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.239.35.8:123 | time.android.com | udp |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.110.133:443 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
Files
/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/tmp-base.apk.classes665678707396736953.zip
| MD5 | 6b6789fb4fefe71a0fde94b685dc9f6d |
| SHA1 | cbbb4d98d0cbd7a8fbe2cf80ddbbce2589f6f8a1 |
| SHA256 | 7846326b6dd92c9a72aac4a44f2a60963f72eb6b94a64866c3abafa640281062 |
| SHA512 | e3b33597ce98c031205f0af1c0a50193641af6660fcd38aa04e49ecd5deeeb12e276a88c7573057372e49ae2101721f336d7a45f8938840a2e8b911422380977 |
/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 478fff52f7752a4618c8a9a1f7186c2c |
| SHA1 | fee852714a0c6a897e630b6efe5c75ea6a333449 |
| SHA256 | 662caad62213fe2c58f026125596737605176eafa307e26319c9d3d70dc48902 |
| SHA512 | 03b15968e890893aeb61c912500c764a1b886d5d84412a33041c34de963e7007a1a37c681b3506e2c21399a8ffa297d118d1b54a1ca8a32e48cefb086a184e02 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/multidex.version.xml
| MD5 | ceb2aed4d0759fed95bd697c0defd876 |
| SHA1 | 3d619c2bd50342ea555dae4381c6178284b53be6 |
| SHA256 | b7b0e89aab392bb329287a527d3fb15f8e1efa262256aceb6103075b4ad14d33 |
| SHA512 | 578fe84458520a65a9fc0ded29671e99b30d39f60bb469b14ba917e051aa795a7576d65165e062767cf5461194ada3548a60ae82953a819df380be4bfcafd7ae |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | 93c8d2f050ab9209072bb9d9707dd1ac |
| SHA1 | 12add4a31ab15ccb498d7c2a4205d688440cb229 |
| SHA256 | ad81ed9dee8dc418db36becc45cc80796cbb4093ee0d9a402e9e850893660397 |
| SHA512 | 0629bbd8850111cccd7eab9397dda6556cea04f95b86f583d586b6d15fd7a74158503ceccbd894b3427b924d7691fc13e6a659f3774f7a91e538f95b49426b68 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/prefs30.xml
| MD5 | 12d6ab1d27552f5788e1667ec0eb1360 |
| SHA1 | f0c1a775a55b7bb45fe65579b526cf4360c0c4d6 |
| SHA256 | 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18 |
| SHA512 | 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | 88c88729ecdf8469b1c7bffdfba433b4 |
| SHA1 | 3189e584100382f5b58cf50cdcd7699aa47c9358 |
| SHA256 | 24784485cd6d2fc30ff999b4c5b4b08d2e404a511e92a9e49852b74c56236390 |
| SHA512 | b7d4c29302e86cf888e9ec10bbb46a9f601d691875f20b99a761f9916c34e84e9e5b4d5971023cc3bb8f9ea28a6e2f6b8bfc52d4add9628f7760ce441d7a2e67 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | 83f20a60a75ef6a3c62465292abf5eb4 |
| SHA1 | 87e922259f74ebf02d3ef1f13845f6b21a007740 |
| SHA256 | 56e823e6b951e8700c1515e957dbbfbc1854467ea0c0eb15a1a8cb3008aee2d2 |
| SHA512 | fb4261286812c197e3e790305fce7e962e3553b542e440e56cb5953c1546f2c282addf6e52fac5197744874a91993d9e24248de59a2e3e1278240ed35d809a44 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | 01bec880513a6f2b7241b0e670660b2a |
| SHA1 | 1a6b70e481322a299baffbdcf876fd5ece1f7097 |
| SHA256 | dec8bf6a42d43987fb4008e639de4ab4261dc046ceb5af093c431c78f1f0a1ae |
| SHA512 | c849d375a9e5c36e26b912e0e2c693283b2df751357e9fe748a695ae3d5335027ae56c1d7fb48828fe15eaa6723212a62461aa56a2b4ee41471e951e0c14bb15 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | 9a13a50ba3a9feecad905f8385052f12 |
| SHA1 | ea2ee38b7e6383ef20518b50cc5a515fced8c376 |
| SHA256 | 969412497c549390ca55a9efef25765b0d5572c4a423f54fe253d0c8631d157f |
| SHA512 | b954148e2c239365afb0ed55a787a621e33a8005df32c7695e0d2b9e83e4d028b98f423e0e840ba5325733b785b1bd484320699c7cbe3c2d259b441281ac6600 |
/data/user/0/com.phkdggua.elxnqor/app_apk/payload.apk
| MD5 | 3baeaa766ea7f31a9147208efd957c75 |
| SHA1 | c701de3d0e55425394ccbf8e0967639e86f3c54e |
| SHA256 | 75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d |
| SHA512 | 9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/prefs30.xml
| MD5 | b6e8ab9e578df49e49a2d8c311208934 |
| SHA1 | 3380b6137e8ec4331b488262547efb72a619aac6 |
| SHA256 | c60680ed16146c956b1ac45c515f65f4228d793711cd599ebb41944678e96a58 |
| SHA512 | f60d44387cd84bcd4d8312f80fc64e9a94855a42ca6ed9f0ad716ba90409f94bd1f2358c8afdfe3558c5d92c2e449afabcd1885beece4eb194080c417b4b9272 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | 8c946a3b6788862fe4ab330a05ab7180 |
| SHA1 | 08a8c68fcf228146dc49671a313b7902547d2117 |
| SHA256 | a4376781c5fd1072e039e05ff8f395f2d5d60e71612907d80b595f099f3d491b |
| SHA512 | 85c69e43def1bb75da146d1f8577b1b25dfa66698f6faa46da246a577a4925cdd9ed7ff85301174fb22219bbcd2d0c36f5028a0a36269f4d381f309aef1f5e89 |
/data/user/0/com.phkdggua.elxnqor/shared_prefs/pref_name_setting.xml
| MD5 | e16a32fdbcbdcb768456c5932f8f5222 |
| SHA1 | b70fb011836c9d3f1283dc17953dffbc5e579c7f |
| SHA256 | 258003a0e07b5800a8c046e185065a4610d4bfa3bb1cdfc7d9fa23fbead77afb |
| SHA512 | 9de5cddbfd3cdc93e8fadcca7b65b557c77964a28a613efb6b6be962bd286fb309d9402a5a7df96b8d2e63df9e132c11dee1d7023a46c1ef91e19df804253b47 |
Analysis: behavioral1
Detonation Overview
Submitted
2021-07-23 23:53
Reported
2021-07-23 23:57
Platform
android-x64-arm64
Max time network
186s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 172.217.169.70:80 | ad.doubleclick.net | tcp |
| N/A | 185.199.109.133:443 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.58.209.238:443 | udp | |
| N/A | 142.250.187.237:443 | tcp | |
| N/A | 216.58.209.238:443 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.108.133:443 | tcp | |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 142.250.179.163:443 | udp | |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |
| N/A | 206.189.7.28:80 | dhruvgreenwood551.xyz | tcp |