Malware Analysis Report

2025-01-19 05:28

Sample ID 210805-v983241axa
Target 09586_Video_Oynatıcı.apk
SHA256 f6dbfb0b634288955450f2d779f0d17f9cfa0bf9499341909245156ccc9a1adc
Tags
hydra banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f6dbfb0b634288955450f2d779f0d17f9cfa0bf9499341909245156ccc9a1adc

Threat Level: Known bad

The file 09586_Video_Oynatıcı.apk was found to be: Known bad.

Malicious Activity Summary

hydra banker infostealer obfuscation trojan

Hydra

Requests dangerous framework permissions

Loads dropped Dex/Jar

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-05 05:05

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-05 05:05

Reported

2021-08-05 05:08

Platform

android-x86-arm

Max time kernel

347496s

Command Line

com.jcojmdvo.eqdlwqn

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A
N/A /data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.jcojmdvo.eqdlwqn

com.jcojmdvo.eqdlwqn

/system/bin/dex2oat

Network

N/A

Files

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/tmp-base.apk.classes1610037005743609916.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5 7d1b0c300e83de3683210cc957b4d774
SHA1 cfcba1a09e674960d6609da5110362f1da935e95
SHA256 0e848818155f3ba5668ac76c3fd927b4281f175ac4bed95a907b276b03dd59a7
SHA512 60b66289ec0cf9145021a77d17fcd4feba0e7c8d3d7e55c644cff81d024df5432f104fc981af96ffd12bd849a4a619486bcfb50523b39784614d85030f952287

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5 9c861cfc19b86e6929cd077831779bb6
SHA1 f3815d9aba7272873617be3a0e04cb9df1a328b5
SHA256 c170e9e573b482d149a23fe78713c6e2cdbb61535ac14d5fd2645d8a15ffad1a
SHA512 dfd0bb0ba26087f47267e83970681200dea11c2bf4158af4dec9b33a436bbebaeaf47bb1b585788dcb16cd300ed207d2c0c2b674087552047a3bf4687e08dd36

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/multidex.version.xml

MD5 314351ef5977898cc3244eb41a5c5b6d
SHA1 4e00dafd07f11e058419283fa4fa284d743b4498
SHA256 45eef0d9c652edc8806a192c36c3c22821f0583e38b03bf7eeb7cb51c105dee2
SHA512 5c916e11809d6c62f0901d00d0a23cbfb9ec67338138164a1ecc1b60df2667d8fec7309f1b6d86b2aa5f0b02bc14c6716e2ac5929642e4578c65f52475f5e493

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 372c52c540cc4ef80ad26a172ad36075
SHA1 a393b8063382598cfd170591d546311ee691495a
SHA256 7841c5edf625fab9dd5ab3a22681da1e14545496a5eec1f7baabcd07ad9841ca
SHA512 da9a213b4d9f4916b38f36d40f689c37cb3a57926d55a80253e915700553933901bdc6ab848051d15b780f3531613b3f0ac834901393f4e11defa8f6d4b672f1

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 a83befb48f3870046404e4d6db9110fd
SHA1 f374afbd643ab791b0bdf77d5b278a3f8edc29ff
SHA256 efe2c08abf24f7848c07dfa0caf46c1605b47787ee781f61fcb63d892270d84a
SHA512 9f3f3f58f78232981f662dd7ca7856323b4e925a7b2bf522131ad824ed518715d76e607679f881f5875abdf2f5e5fe90348f25b6734066c1e99a2659d83009a8

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/pref_name_setting.xml

MD5 45cbd6738d7a870796aba30907dcebba
SHA1 10e4a2c462c67ed8332818635106fae7c0f76cc6
SHA256 c636e2f121166ddd036ae1fbc3a9662cc4d90d8196a5bb7c60a47a19c924b064
SHA512 f01c5446acd91696c8f270178153d37acabecf8579ebde823972dacf35bbf87f9fbe4a9fefc243aa17c8a274ff669a8c9975bdb62d561850bad7401be5a66005

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/prefs30.xml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2021-08-05 05:05

Reported

2021-08-05 05:08

Platform

android-x64-arm64

Max time kernel

347499s

Max time network

156s

Command Line

com.jcojmdvo.eqdlwqn

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.jcojmdvo.eqdlwqn

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 224.0.0.251:5353 udp
N/A 1.1.1.1:853 tcp
N/A 216.58.212.198:80 ad.doubleclick.net tcp
N/A 142.250.179.228:443 udp
N/A 216.58.212.198:80 ad.doubleclick.net tcp
N/A 142.250.200.14:443 udp
N/A 185.199.111.133:443 tcp
N/A 1.1.1.1:853 tcp
N/A 172.217.16.227:443 udp
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 216.239.35.12:123 time.android.com udp

Files

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/tmp-base.apk.classes608697551017772285.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 588e83008876f2f285eab4828a24f317
SHA1 39fcff812e3940acb6a90d7e5c337dfa71b3f223
SHA256 91c854f41706550af73c3fe1279eb0b6a971cec172109b55f30dfe71ce451479
SHA512 d34317ece6dd5242002309db8bc416a40d7bdf1faba71548cbb622b68394794e6eb476bb02a33a65f6501e251e31bacec05253a96ec4152d031bffa2aab5c44a

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/multidex.version.xml

MD5 31a7de7f72e4cd4f01f9711a73197163
SHA1 28be23cd944bbe3b00ed681cc29311b588411dbc
SHA256 07aff015c7fabd11b2bb72f4e624e41dd8160120cfd37aabcd075516fdf1843c
SHA512 adea7c9d37a63cc9dc3f621de3df81fc831a42b4e16f6003d65d5527f9c3fb8601dd345cd3049506c446bbea9ad6de7749bb55bed16f90c756f64e38048fa011

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/pref_name_setting.xml

MD5 e9a2f22d372f0d4d47ef5411686c605d
SHA1 2a7453176ab028965301dfc3bba016e020af1fd8
SHA256 655944a75bb4ca792fb17940f6841844e285e6eaeef8b63b1559fad1f6f653b9
SHA512 864f1f761ee4b652a5cc5508f1deac0b8a3f0321ecfcbba288630edef74afe6cc72d7d4f462452c8a5752b6ff4f0b2bce3ca79ed564602d7696c39d0546d2d5b

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/prefs30.xml

MD5 1c6b6a6a91f2ccf7ac553f9a439ad69e
SHA1 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748
SHA256 a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6
SHA512 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/pref_name_setting.xml

MD5 25d5ed3ac0b125bd3264bb4fdd31824c
SHA1 fda5b6307639bdc9dc10cc1199da9ce30979b526
SHA256 207d572151cd74f4f27d29829524eb75248844e3d61bd88b44fb8ebb72ba79b4
SHA512 e316f42e2732bfe118f3764b9f226907765e99e63973fb6eda11f5747ff432a98fb9c74c6fa5ec947a01227dce64e89e4ff8ac6d87b4c2957bdd7cead2bb83e1

Analysis: behavioral3

Detonation Overview

Submitted

2021-08-05 05:05

Reported

2021-08-05 05:08

Platform

android-x64

Max time kernel

347490s

Max time network

37s

Command Line

com.jcojmdvo.eqdlwqn

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.jcojmdvo.eqdlwqn

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 216.239.35.0:123 time.android.com udp
N/A 1.1.1.1:853 tcp
N/A 185.199.110.133:443 tcp

Files

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/tmp-base.apk.classes4400047099036418104.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.jcojmdvo.eqdlwqn/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 588e83008876f2f285eab4828a24f317
SHA1 39fcff812e3940acb6a90d7e5c337dfa71b3f223
SHA256 91c854f41706550af73c3fe1279eb0b6a971cec172109b55f30dfe71ce451479
SHA512 d34317ece6dd5242002309db8bc416a40d7bdf1faba71548cbb622b68394794e6eb476bb02a33a65f6501e251e31bacec05253a96ec4152d031bffa2aab5c44a

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/multidex.version.xml

MD5 3ddbb84ae3874c24aa6e921453f4d5b4
SHA1 1f96b5ee16921827da961cec79820f3568471ae8
SHA256 abf7c6f9032613879ea94968efb705aead786b38f72d77f87eeb93f9d6780850
SHA512 b08a514bea3f014bbdd4dcc7045f37ff400907d90322f83614fbf4398fd845f8f6ef7eefb82f6ef3f1afc8bdfbaf96641bfadb58af2c2910bb6542f46141c7d2

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/pref_name_setting.xml

MD5 2f9b70dce7e4a9953825bbe30153ca85
SHA1 150fdbd811f13c8c67756d535b4e36a9f80711f8
SHA256 a8468692a43f36b7663092933df9122702354e0e6e874625deb6175abc26d825
SHA512 4bba19cbfd64a506ff9c1574773241a3cbb3a6893eab34667efb1885123ce80c8b3f398fe0bc30c7c1a4cbc2a35e5aaeec419b8f32c6b9ee2db2622ce546d73d

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/prefs30.xml

MD5 12d6ab1d27552f5788e1667ec0eb1360
SHA1 f0c1a775a55b7bb45fe65579b526cf4360c0c4d6
SHA256 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18
SHA512 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32

/data/user/0/com.jcojmdvo.eqdlwqn/shared_prefs/pref_name_setting.xml

MD5 03a5d226a9df6243b2168e43c7d1ccbe
SHA1 a8625a00f767b6db101e53d1d833f7175c901c73
SHA256 dd98d07866791074da9fd9b16a09ef751837f94d651e9b5bf93c7d0dc2053013
SHA512 3492a8012ed2765c7fb011fef7cb7703ecba2e9826aedfa3754d6d378728467b8d561391e4508472f92c6cf196cb2a9f11626a1f93a7293ad581b339dcc1c3b5