Analysis
-
max time kernel
6807s -
max time network
190s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
01-08-2021 06:27
Static task
static1
Behavioral task
behavioral1
Sample
01836_Video_Oynatıcı.apk
Resource
android-x86-arm
Behavioral task
behavioral2
Sample
01836_Video_Oynatıcı.apk
Resource
android-x64-arm64
Behavioral task
behavioral3
Sample
01836_Video_Oynatıcı.apk
Resource
android-x64
General
-
Target
01836_Video_Oynatıcı.apk
-
Size
2.6MB
-
MD5
5f08b7472011f988eb20f0b9619408a4
-
SHA1
35f6b95f50b8a4dd63a4e353b7e92deec0216f5b
-
SHA256
8e6271b1777abb0402a1b08bda491a17e4743d57053e312f3ff8918fb0dcfb55
-
SHA512
db54bce5751f89c764d6843c44d325b4cf7efdb17721ea4902a47175337acecb38c115e62e254b8cc8275d1de65a0d025212b3649629460b35d61f2d5b3a2e49
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.zhnfylbf.qdbnohw/code_cache/secondary-dexes/base.apk.classes1.zip 4304 com.zhnfylbf.qdbnohw -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.zhnfylbf.qdbnohw -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.zhnfylbf.qdbnohw -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4304 com.zhnfylbf.qdbnohw Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4304 com.zhnfylbf.qdbnohw Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4304 com.zhnfylbf.qdbnohw