Analysis Overview
SHA256
f9a4dd42e1694b390c2c6e02b25c7cbf57947ab28aeea1f67ed54bc09de422d7
Threat Level: Known bad
The file 79624_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Requests enabling of the accessibility settings.
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-07-30 12:28
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-07-30 12:28
Reported
2021-07-30 12:29
Platform
android-x86-arm
Max time kernel
4150542s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
| N/A | /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
Processes
com.axvfqumr.gzlamtk
com.axvfqumr.gzlamtk
/system/bin/dex2oat
Network
Files
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/tmp-base.apk.classes4309444463039259700.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/multidex.version.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 009d5aa9ade8b7626144887eb356749a |
| SHA1 | 0c90de0b01b9ed510e7bb9141f805c2be0958b4e |
| SHA256 | e77620c9f4e3057cd9726edfd9a8d54059826b4a11d38ba0d9cb37caf250a030 |
| SHA512 | 2b8a9654345df31714e89017d3832c152a1abdcd8a0729a5762405d31960ac7ff81e188481600c78081690cb082c967423c6a1e6d8dbb81773ac5c07e0a23db6 |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | e134c9eefab6287f907cde730b6b022a |
| SHA1 | 30dff918cd01a5d2f4bdb23240b61d221a0792c8 |
| SHA256 | 8932159554fa8f4e4950aff48653e82df933f0c8beb357811002c731736a39b0 |
| SHA512 | 3eaac85c3e96301adc298cdb727d777205c0b3a2ea6e99ffbe27d130c788c5e9e44fe3e1a407236867bf71d709d6e45b83ad70c1fa4a14646889397f1ff51473 |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral2
Detonation Overview
Submitted
2021-07-30 12:28
Reported
2021-07-30 12:29
Platform
android-x64-arm64
Max time kernel
4150543s
Max time network
75s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.axvfqumr.gzlamtk
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.58.213.6:80 | ad.doubleclick.net | tcp |
| N/A | 216.239.35.12:123 | time.android.com | udp |
| N/A | 142.250.178.10:443 | udp | |
| N/A | 142.250.178.10:443 | udp | |
| N/A | 172.217.169.14:443 | udp | |
| N/A | 216.58.212.200:443 | tcp | |
| N/A | 185.199.109.133:443 | tcp | |
| N/A | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/tmp-base.apk.classes3919991389376536625.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/multidex.version.xml
| MD5 | c80a83073af8ed1cff7165995a9ef6b1 |
| SHA1 | 29b6f4295563eaf5553a64c0ea3027dd9ed56465 |
| SHA256 | a66165d4e9c133df3de3bade1d0b41de77e843c6fcf7773aa98f637445248986 |
| SHA512 | 89544979f7c637ca59ea83cfb02a8e487bf051accbfe751c1e020d96e3c4ec2caec662cb64ad053da943d35e0543c60a9eed67dd03e35ae9ffa91fe2a7db13af |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | deda1c53df33b7365afe0d188bcc1c2f |
| SHA1 | 6baa212c18ae696f553c4e0032621adb1fcf9250 |
| SHA256 | 0bd9a4b0f794a3bb7669def1c02688744616b2ec94d0361f6b00b7f9bbf40f09 |
| SHA512 | 42ff46797176f2033450f6421cdf52d1b724d7618117dac617892704fd62067b8d6b83d05a5656dfa17438c5fa2fe802e3df9a0db5aa7a7f372091c96b5f6774 |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml
| MD5 | 1c6b6a6a91f2ccf7ac553f9a439ad69e |
| SHA1 | 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748 |
| SHA256 | a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6 |
| SHA512 | 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | 3560a7887ed7c02ebd2e0b82eb518ae6 |
| SHA1 | a9decc3b7eb8ecf628a8aa58774ae4760f074063 |
| SHA256 | 173f32031ff90c297504ba4be5c3dae314494b4e55707335d9b40b5b8032fea2 |
| SHA512 | 79cc913dc94ca21f7c00c757894d121f8fd128edeb845981fd859e0d508c6dab04d59f7b2c9e174303dd9cb2d48a2e1f1c4a528ce02a2f0bf5920b09e92d36c4 |
Analysis: behavioral3
Detonation Overview
Submitted
2021-07-30 12:28
Reported
2021-07-30 12:29
Platform
android-x64
Max time kernel
4150542s
Max time network
33s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.axvfqumr.gzlamtk
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.108.133:443 | tcp | |
| N/A | 216.239.35.0:123 | time.android.com | udp |
| N/A | 216.239.35.0:123 | time.android.com | udp |
Files
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/tmp-base.apk.classes7847346767771763537.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/multidex.version.xml
| MD5 | 4ee5e60e1991b7b04fcedfdb7cb64180 |
| SHA1 | 1d55589dd838bc1d006bcc5739e25cc83231f490 |
| SHA256 | 4e389d65f02eb10efc16d51422da6d0b1894432637a761856e9ff3442345d1ad |
| SHA512 | 9d882b64047c701d21625c765c6955b92ef8d4b75e8f769db4234df9b5fa87f64c519a42f2c6617cee7b0f8f3ad60d7dde2ced8747b8296dd972bedc9261373c |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | 08554bc0b13487a6aa8d393e5a1fc72d |
| SHA1 | 106d798dfac362565a754b7c06ebede4c8175597 |
| SHA256 | 660bbafce88754884a4c44d7e7544e549654b4e71375d6c83dc66315b414739b |
| SHA512 | 5e31cede6a15606b40a67f9e4139df5df7d72ec1fd32cb2963c474b625a7d1b0f2abeb95929bc210918303a61266a22088d7884c4847535ee8359c6128ef4863 |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/prefs30.xml
| MD5 | 12d6ab1d27552f5788e1667ec0eb1360 |
| SHA1 | f0c1a775a55b7bb45fe65579b526cf4360c0c4d6 |
| SHA256 | 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18 |
| SHA512 | 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32 |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | fc5d0a9143a48d8b100d4629e3fbccfb |
| SHA1 | 1083211f009133ae6909ed7a88bc06c7ef0dafc1 |
| SHA256 | 86988ccc9a4ce2743a85fe217f1ed5478a75aa7cf3c56a067b0d14964abb8ada |
| SHA512 | 05d598558e4bafa965d729bbe2137868371934b0d6184cb926db527d9b767741776b00fab0d3f675f088465eef18084f9d9e14f1ca03fc891d594f96df5159f7 |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.axvfqumr.gzlamtk/shared_prefs/pref_name_setting.xml
| MD5 | 5f854fd1a111d406e531922b4789972e |
| SHA1 | fbcf6ffdbb19a420c7b07b8ee20d2445430c3c95 |
| SHA256 | dfa8a55940d35e88c0b4400fea4b69594cc193b8b20c93afdbb870bb7cc4c747 |
| SHA512 | 99e414e5a3d7cd7821c0886438c2fe4865b86fd5cf83f4a38c36032fbdb3251de01e0380d308b490913caf688aadb7b4b4dd3cc8d4807018e83d64904e36e230 |