Analysis
-
max time kernel
479394s -
max time network
31s -
platform
android_x64 -
resource
android-x64 -
submitted
06-08-2021 17:45
Static task
static1
Behavioral task
behavioral1
Sample
34081_Video_Oynatıcı.apk
Resource
android-x86-arm
Behavioral task
behavioral2
Sample
34081_Video_Oynatıcı.apk
Resource
android-x64-arm64
Behavioral task
behavioral3
Sample
34081_Video_Oynatıcı.apk
Resource
android-x64
General
-
Target
34081_Video_Oynatıcı.apk
-
Size
3.1MB
-
MD5
9974bad66a83878b2307fa9906b47c02
-
SHA1
d412add72df906b015bbd855d99c7d95fa58e546
-
SHA256
d48f7a62bd78239ee8381d924088e6e6e048884bc0a9ee538bb2b6a70cad527f
-
SHA512
b22d0049fc94ebee37565eba70591d3ebeb028c6e63ab52381cede49f244a883335387198766f757085e27a598b5b33ebb91f4bdb7b8c9878f59c83ea034c29d
Malware Config
Extracted
hydra
http://courteneyguerrero584.xyz
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip 3648 com.ntbxausy.rctrzgu -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3648 com.ntbxausy.rctrzgu Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3648 com.ntbxausy.rctrzgu Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3648 com.ntbxausy.rctrzgu