Analysis
-
max time kernel
7002s -
max time network
44s -
platform
android_x64 -
resource
android-x64 -
submitted
01-08-2021 06:28
Static task
static1
Behavioral task
behavioral1
Sample
86207_Video_Oynatıcı.apk
Resource
android-x86-arm
Behavioral task
behavioral2
Sample
86207_Video_Oynatıcı.apk
Resource
android-x64-arm64
Behavioral task
behavioral3
Sample
86207_Video_Oynatıcı.apk
Resource
android-x64
General
-
Target
86207_Video_Oynatıcı.apk
-
Size
2.6MB
-
MD5
be3f91e3c4126d50cd746d11a169ddab
-
SHA1
627c358b17a0221d9d856a1d3d229f6f19e8acf7
-
SHA256
3e69bc260954f7afcd9a36dcfd1a93e9d24ca680bbc370913c023f70d1e761b1
-
SHA512
c343a7c079289afa50cf76d416ae7d646214bfe79ed20b1dc4e91bb682e94a4d136fbc350b7fa5ef41ade33244dfb943358354eded2052fd875edb81f4dddea2
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.hzjvbika.mjfcpqtioc pid process /data/user/0/com.hzjvbika.mjfcpqt/code_cache/secondary-dexes/base.apk.classes1.zip 3767 com.hzjvbika.mjfcpqt -
Uses reflection 3 IoCs
Processes:
com.hzjvbika.mjfcpqtdescription pid process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3767 com.hzjvbika.mjfcpqt Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3767 com.hzjvbika.mjfcpqt Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3767 com.hzjvbika.mjfcpqt
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.hzjvbika.mjfcpqt/code_cache/secondary-dexes/MultiDex.lockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.hzjvbika.mjfcpqt/code_cache/secondary-dexes/base.apk.classes1.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.hzjvbika.mjfcpqt/code_cache/secondary-dexes/tmp-base.apk.classes188343245096509598.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.hzjvbika.mjfcpqt/shared_prefs/multidex.version.xmlMD5
433155c56ba675eaaf7d9fa2af22860e
SHA117eb639be03220073b6034635acd3e37892271cf
SHA256456308fa8fd75f9ed5199e79529544c69ad7a1f080633502a2bf80ee7dc6e200
SHA51219e694e148cdc85218eea23f88f6386f5e38217b58df66bd11e00791b0b74dacaf4284c8419100c74d530947bc2efe184a1a8b38d29082ef1ea2047b18eaec19
-
/data/user/0/com.hzjvbika.mjfcpqt/shared_prefs/pref_name_setting.xmlMD5
f958f72e6ecbf7fb0e48f805b6eb5048
SHA11175afe7fbc3e66027ea6f6f3a81351d5be4c404
SHA2564d75ff193f3048860abda8b02f30598b97312691f7906d70f0a4398da21ae4de
SHA51239319e6a4d7d17fd3c60d3854118ab82ad0b5fbcc7e9186269ccc5b9b9fa0ea0fdadf61a701c660163a76d7ca4d2393e2f890f73851197961bd56a58369aeb78
-
/data/user/0/com.hzjvbika.mjfcpqt/shared_prefs/pref_name_setting.xmlMD5
a8d7d3844f6924bfaca1ed7ad67d891a
SHA1766a23a573eb150342224f44547d418c3f2454bc
SHA2560309afdfe5dac1ce0e7edd3613c01ea27cc3572d67167bc939a9fa6b6f1c02a2
SHA5120b263c0caee98eb8b04c3348aacd2c330a4e6d37b103aebbba23e6f949fa394c62103e8e5a091c8cbcd09d05a12366f7c2b05a98bfc42045150e0d286434cd0f
-
/data/user/0/com.hzjvbika.mjfcpqt/shared_prefs/prefs30.xmlMD5
12d6ab1d27552f5788e1667ec0eb1360
SHA1f0c1a775a55b7bb45fe65579b526cf4360c0c4d6
SHA25652e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18
SHA51287eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32