Analysis
-
max time kernel
479395s -
platform
android_x86 -
resource
android-x86-arm -
submitted
06-08-2021 17:45
Static task
static1
Behavioral task
behavioral1
Sample
34081_Video_Oynatıcı.apk
Resource
android-x86-arm
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
34081_Video_Oynatıcı.apk
Resource
android-x64-arm64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
34081_Video_Oynatıcı.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
34081_Video_Oynatıcı.apk
-
Size
3.1MB
-
MD5
9974bad66a83878b2307fa9906b47c02
-
SHA1
d412add72df906b015bbd855d99c7d95fa58e546
-
SHA256
d48f7a62bd78239ee8381d924088e6e6e048884bc0a9ee538bb2b6a70cad527f
-
SHA512
b22d0049fc94ebee37565eba70591d3ebeb028c6e63ab52381cede49f244a883335387198766f757085e27a598b5b33ebb91f4bdb7b8c9878f59c83ea034c29d
Score
10/10
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip 4780 /system/bin/dex2oat /data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip 4750 com.ntbxausy.rctrzgu -
Uses reflection 1 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4750 com.ntbxausy.rctrzgu