Analysis
-
max time kernel
719407s -
max time network
46s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
09-08-2021 12:26
General
-
Target
87362_Video_Oynatıcı.apk
-
Size
3.1MB
-
MD5
141f171526468a833b82651bdc5076e2
-
SHA1
bd25a345c660790d0afd89a89c51616d0fe87ce8
-
SHA256
d0e3ea241c345f8988d9f0b9064c1ac1cce7bb2390b28021ee925097372a8308
-
SHA512
c1b41d1ea501f7a5f3ca883c554c443a7178b417d7957d3b1f28d8a0aa02162f891f519e2d43b9dd2bc07cb07e6014fbc241b6be96299a66f3dea2b16db8aefe
Malware Config
Extracted
hydra
http://courteneyguerrero584.xyz
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Uses reflection 3 IoCs
Processes
-
com.glvygfsf.qnnlsls1⤵
- Loads dropped Dex/Jar
- Uses reflection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/MultiDex.lockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/tmp-base.apk.classes1813085655365805824.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/multidex.version.xmlMD5
3c9bb86049c8a16e72804d1e97c457bb
SHA1e400c59f82dbcbd9391b95399d2091028900b4b7
SHA2560ffccdb37a3f12af7cd4f3c8261e95f7b152412f11df9c6df67878d398551a26
SHA512b0ba1e821344787984a296f42a073a339181a5bb3f375418a367dd90a6ac57c5dcc3cecd9f23b16584160c36dc58baa9c5d809e74341a695b64c7e4b78a278b9
-
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xmlMD5
dc3ad32401cd8b4416451149a20c63d4
SHA15bee2d2fc8c13509c5a6a7e6701477634a540ee3
SHA25691f3e809dc61149babad4cfb910933018fae200c7a4ecef5211f5b4a79d88d77
SHA51298be3abd0ece156dffff7ecc7056adcb2eff50c6657367db343e7740710573e78cc637f2c29431f7b93a3ca85d7969d6af9739fa7ff8855e035a2791c04c7973
-
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xmlMD5
b47b9f0fb6a00c4f64997182fc06c27f
SHA1b387b5b27c8b4f9c0eb5d2ba69ae7bb30c386f1b
SHA256ff9fa30823b0c346ae036364a4e27475d6bdf74e5e3728b09390b50112bacdc4
SHA51247d848661dcfc9607ac8ba25966fef426a811f8cda0920c08e1a2025efcce709aa57e90a5d29b64c603f92b0a738065fdd42d7064355f0dbffd23c289d2ccdba
-
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/prefs30.xmlMD5
1c6b6a6a91f2ccf7ac553f9a439ad69e
SHA1270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748
SHA256a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6
SHA5128a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e