Analysis Overview
SHA256
d0e3ea241c345f8988d9f0b9064c1ac1cce7bb2390b28021ee925097372a8308
Threat Level: Known bad
The file 87362_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Requests enabling of the accessibility settings.
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-09 12:26
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-09 12:26
Reported
2021-08-09 12:27
Platform
android-x86-arm
Max time kernel
719421s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
| N/A | /data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
Processes
com.glvygfsf.qnnlsls
com.glvygfsf.qnnlsls
/system/bin/dex2oat
Network
Files
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/tmp-base.apk.classes7639912305192254497.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/multidex.version.xml
| MD5 | 36cafb87392a623a78f1991f58e7f15a |
| SHA1 | b06a6ef8b47d3714469b8588538f06d3a27dc5c4 |
| SHA256 | dfc61b8565b32faae6bebe0f93d7ad50b0b0aa36dc04b9c60b1454fd8b81b312 |
| SHA512 | 40b403ba4c694462f4907ad1af51621909af39f15d8800228c3c97aac95afa85f9d7714e5b7ffe58e6cdf54d96429ef3bc6ec84048d19924a075a7717be576ca |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 727b2451a3b4f9028dd281fc0aff076e |
| SHA1 | 18e9ccb7dc848f581be8670e156e7f36b1290824 |
| SHA256 | 9272b6f21623f681569a72cad8c86a95111b1b555e1b88c1066e9b2f590c6928 |
| SHA512 | 2a735eed2364cb1f8a6a0f5c6e2a5235914e2a2d00bdf6d7aaca56f53398f57bd5bd2b1972ab7ee24100b17e822bcbbe80517c16c8f89f017cb7b7d910d96721 |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 51d29952a045e2d79eff3e467b1bf0af |
| SHA1 | 9d027093b36e264e498118d7b31bd9bf8e24b8f9 |
| SHA256 | ed5a0461dbaadd0c6889fb4b42373a95e8793a0e7ca011db0a2dbbb2dc1efab6 |
| SHA512 | 9d7f491e793aeeea82f55e02741683548ed4810463cf9b76c9c1499727e11159b5d36d32d6fa55b9dc24857665b41f71a836dd50b6b3da697fea17a94897787e |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | e9e66a1e489e89eed1c90efd4fc08fbe |
| SHA1 | d1bb7ad8d4ca286bc6eda915b46221ba78159a54 |
| SHA256 | 43714d015783e5ababc7a04e9aa60189b6f1846efbbf83bb72cddd2018f0e39b |
| SHA512 | 10ce84b07a228d3f37b00548177e48620cc6312ca992f19be5527750b1f4c797124f6d40440c169f1bc292ae779d89cdf37eedcf764eeaf2c97792c7ff8a8ba5 |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/prefs30.xml
| MD5 | 1c6b6a6a91f2ccf7ac553f9a439ad69e |
| SHA1 | 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748 |
| SHA256 | a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6 |
| SHA512 | 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | d139ddcb8080d9fe2035461d7935a52c |
| SHA1 | 255014ad9ceb65d2fc530f249e6b242a95896432 |
| SHA256 | 1284bebb82bbc49f4e2e33eca8c2cc3d6d748f5acdbdba8c8de6b6034c30f829 |
| SHA512 | 6c02e34e2a4fc7014adcda4f0373176764b14ae2e549534c3de3601f6fd2aa88f133d0315d2c089aa0eff79773531b6d46ecf5114b781dce0dcbac57c351e6f2 |
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-09 12:26
Reported
2021-08-09 12:27
Platform
android-x64-arm64
Max time kernel
719407s
Max time network
46s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.glvygfsf.qnnlsls
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.239.35.8:123 | time.android.com | udp |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 172.217.16.228:443 | udp | |
| N/A | 142.251.36.6:80 | ad.doubleclick.net | tcp |
| N/A | 142.250.187.206:443 | udp | |
| N/A | 185.199.108.133:443 | tcp |
Files
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/tmp-base.apk.classes1813085655365805824.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/multidex.version.xml
| MD5 | 3c9bb86049c8a16e72804d1e97c457bb |
| SHA1 | e400c59f82dbcbd9391b95399d2091028900b4b7 |
| SHA256 | 0ffccdb37a3f12af7cd4f3c8261e95f7b152412f11df9c6df67878d398551a26 |
| SHA512 | b0ba1e821344787984a296f42a073a339181a5bb3f375418a367dd90a6ac57c5dcc3cecd9f23b16584160c36dc58baa9c5d809e74341a695b64c7e4b78a278b9 |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | dc3ad32401cd8b4416451149a20c63d4 |
| SHA1 | 5bee2d2fc8c13509c5a6a7e6701477634a540ee3 |
| SHA256 | 91f3e809dc61149babad4cfb910933018fae200c7a4ecef5211f5b4a79d88d77 |
| SHA512 | 98be3abd0ece156dffff7ecc7056adcb2eff50c6657367db343e7740710573e78cc637f2c29431f7b93a3ca85d7969d6af9739fa7ff8855e035a2791c04c7973 |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/prefs30.xml
| MD5 | 1c6b6a6a91f2ccf7ac553f9a439ad69e |
| SHA1 | 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748 |
| SHA256 | a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6 |
| SHA512 | 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | b47b9f0fb6a00c4f64997182fc06c27f |
| SHA1 | b387b5b27c8b4f9c0eb5d2ba69ae7bb30c386f1b |
| SHA256 | ff9fa30823b0c346ae036364a4e27475d6bdf74e5e3728b09390b50112bacdc4 |
| SHA512 | 47d848661dcfc9607ac8ba25966fef426a811f8cda0920c08e1a2025efcce709aa57e90a5d29b64c603f92b0a738065fdd42d7064355f0dbffd23c289d2ccdba |
Analysis: behavioral3
Detonation Overview
Submitted
2021-08-09 12:26
Reported
2021-08-09 12:27
Platform
android-x64
Max time kernel
719409s
Max time network
40s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.glvygfsf.qnnlsls
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.239.35.8:123 | time.android.com | udp |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.111.133:443 | tcp |
Files
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/tmp-base.apk.classes4034024073546850103.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.glvygfsf.qnnlsls/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 0919b5e9b8cf76f592f20ea5a256f38b |
| SHA1 | 98b0107bd6d0a22ef6e2da1e479d3ceda7a6b06e |
| SHA256 | 0b02b766d931ec614b6ecb41159217fc0f07ee4c2664b3190f4cd566ee8d4f46 |
| SHA512 | 14ce5d59a107f1851ff5f644ee00a45843938b9bd970ceb0bde22c9ce5cd5a145c0d5ee11eabda0f93249f5b1e2c9cf9a48658a9e801946f2d24d1c33dc44f3f |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/multidex.version.xml
| MD5 | b0c4107e420c542664853c5e703a6189 |
| SHA1 | f3a6a6c8de95f205d1c83b28a0643f8b82b6b6a0 |
| SHA256 | 917a2e96fa37410044f112f182083177c8b078fd8e00930a5c4a31bc8881cc03 |
| SHA512 | b107e4614624ad9f9992b45e7dbe2404ee0b85c6d64647a9fe22a195b3f009c39b2f08c0b8e7e06ac92f867801a21ecc2c7ca8ff91f4db8a65d23448914e08c3 |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | d94f753c5c1b9c4da2cb2bf30eba5798 |
| SHA1 | 43c58b82b8a2711625b4434ce4924ccb06cb1bdc |
| SHA256 | ab1a93b57121d0cf60e758643fd37cba9eb28340df58ed0fce5609b9db3d8255 |
| SHA512 | cd8d2112b668ff24b3ddbf49e5c32769ae606e9117c1199c3dc7e1c0ec0b85c93d285052ff11dfa3b1f5a7bdcc1d19ffd3fef2301fecf63159b1c253114d7385 |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/prefs30.xml
| MD5 | 12d6ab1d27552f5788e1667ec0eb1360 |
| SHA1 | f0c1a775a55b7bb45fe65579b526cf4360c0c4d6 |
| SHA256 | 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18 |
| SHA512 | 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32 |
/data/user/0/com.glvygfsf.qnnlsls/shared_prefs/pref_name_setting.xml
| MD5 | 3250bd4508a7eb48e9c2893f54f4a0a7 |
| SHA1 | ab510b35048f616d003b6500e0b574684a2a1bde |
| SHA256 | 01038adf5e5135f213e444b442e3586fdc4bb003132d5eb0fe0f3eea30bafe5e |
| SHA512 | a6e16877eeb7d51829b80e9c97f8413510c480b185f112eaf170816173269dd455e6f53c50c8ea41576b91391a71ab64a7b4f1251047777ac661cbe224d5779b |