Analysis Overview
SHA256
d97aab6e351401596e170f056c3833bfd709cf44a2db97739a9129910fe2ece1
Threat Level: Known bad
The file 90635_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Loads dropped Dex/Jar
Requests enabling of the accessibility settings.
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-10 09:43
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-10 09:43
Reported
2021-08-10 09:45
Platform
android-x86-arm
Max time kernel
796146s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
| N/A | /data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
Processes
com.yzojnxnf.buzdnua
com.yzojnxnf.buzdnua
/system/bin/dex2oat
Network
Files
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/tmp-base.apk.classes9041591728232973429.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/multidex.version.xml
| MD5 | 103e7bfe32a1d742b807af2fa9c23c38 |
| SHA1 | 31f09d4e1a5b201b83b0d24d6e80c3f7c7bc5afd |
| SHA256 | 07b767e76c42f0510a8274ed58e413244b6c294566767ff42f779356e08653db |
| SHA512 | 293268ef2c003f3446460b4ed649d9d1b8b75cda76e696e38df9081378f7d11fb6dd39059ebd033b81bbeeb72e9b7cd62ac1f023a3dcd8409c0864f7aed04f77 |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 32402d48b275e41cc5442589a81990e1 |
| SHA1 | f76850317f3b3c84b57e91703f59b3f7d697577e |
| SHA256 | 9b69e3577180577a26eca85b5d81154ed7533376363d0e43328db7d081a275ee |
| SHA512 | a5e1cad53f86c144ec123112b7dd0428d5446e85e4e20ac1260dbfba3132b1e1bf49f4ffbeffc94a1d561ab0def8f32e42d493a1cf49b370a14a76e6523ad1fc |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | e6f382e34842e02a8777077c74ed0dea |
| SHA1 | 60767bc7c91475c1a63ba074bc8549bb3aabac97 |
| SHA256 | ae977aa24838f08096f8b0c4840fe2eac8deefe3b0ba7fdef7740a449bbd3b50 |
| SHA512 | 3eadfcd05f8b2d60293243e7ab1cc5d148fd00ef3e2efae0e121fc63b78b382967a2e625774e7a7ab7b3808cc2f71d3a66d84f7e1994627b0ac5368c59a31c8a |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 95ba1fe8212ac25b7f93d70286bd2067 |
| SHA1 | 7f9ace4b3cf417ee15fb85e8fc4f739dcdec8ece |
| SHA256 | c76e10911e6789ba8092782df40e03500064041f12fc947aee87fc7b6a07c223 |
| SHA512 | 8a6b024c14dcfd89b585cb605db8ece3787bdb4349f2fec6bed2a3f4addcc2b7dc729539004452ddabecd762f98d852edf576cf33f63964897b5203e132b779b |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/prefs30.xml
| MD5 | 1c6b6a6a91f2ccf7ac553f9a439ad69e |
| SHA1 | 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748 |
| SHA256 | a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6 |
| SHA512 | 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 0d5b7de93a6acf9c748d6dbe7823ef5c |
| SHA1 | 6334c3530922a4444959679770e9491407e76483 |
| SHA256 | 675bae044f748038651c046db2a9d0ef54ef758f0e5f94c3690e40843fb1daba |
| SHA512 | f8851efb9618265860281a92ca64200ffdec68110c3a3e77913e1f6aaee9d6fc8e8ec8d234a2cc430973710fe86bd80252a62b5326364d81ad932d3a65440506 |
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-10 09:43
Reported
2021-08-10 09:46
Platform
android-x64-arm64
Max time kernel
796153s
Max time network
159s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.yzojnxnf.buzdnua
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 142.250.178.4:443 | udp | |
| N/A | 172.217.169.38:80 | ad.doubleclick.net | tcp |
| N/A | 142.250.178.14:443 | udp | |
| N/A | 172.217.169.10:80 | play.googleapis.com | tcp |
| N/A | 142.250.187.200:443 | tcp | |
| N/A | 216.239.35.4:123 | time.android.com | udp |
| N/A | 185.199.109.133:443 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 172.217.169.67:443 | udp | |
| N/A | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/tmp-base.apk.classes1552417012707144854.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/multidex.version.xml
| MD5 | f795597cfa69f42fdd1268b109d3b48a |
| SHA1 | 5dbadfccffddb36b8ca6a9bc74150e3a7be04f78 |
| SHA256 | 828fd58d3109d7a92b3aba947ae7c7c4c81ca9bd7413943f4e29f39e68c04822 |
| SHA512 | 367154ffe449228bdf3c4fde3b43818e62814e3376f49a85e2272519507c07242bc4172525915e7940759dd50994ea2a68f93ccfcee1ce8b88234f938f660617 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 44c52368c679a3a6be8729ac55b3bd8f |
| SHA1 | 5e2ed42d84f76f7611a945349e625102cd03ea7e |
| SHA256 | 8e109c5848e320549e58f0dbc3baca4a5480d698c741cf6b5bdf6cad4f48a175 |
| SHA512 | dc09e41dd006fccd08012c1830409a3dbbfd2a07d181c103fceb728d69c2658eb61c2bae029eadca0e827c932072b6b5b34e9659e64da6b2ca61976aae16d157 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/prefs30.xml
| MD5 | 1c6b6a6a91f2ccf7ac553f9a439ad69e |
| SHA1 | 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748 |
| SHA256 | a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6 |
| SHA512 | 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 6ff786c7cec27925d922db98bbc328c4 |
| SHA1 | 4f0fe6064617bb714cb30364a6d4ff6861022ec1 |
| SHA256 | 681b196642eb2d820165e0720450a800c148e514551aaa6cd306db60def07d6a |
| SHA512 | e60c4c398796d309f7ff9594abe651cc9b58a3c81a2ffa9b622ef4c569f8764012cea5ea453d549bf5eba6f5bc9084a9be161d15e242219e6c2ef988b51b9d04 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 1e8ed43b5a3242a4e9ce92f5b480ce2b |
| SHA1 | d1b17bace26575b10b81bdebd40f1d4aa9322798 |
| SHA256 | d43f09d69f88e192bd0cd4c0317417ba0a3300303774be7a3c8b26d13a7d0973 |
| SHA512 | fc3bb0bce88fde44053c43fe531e4bb9dec9056ee42b52b6c60afa2ff5d7703308e5e80b482d5dc707ffd405335d6af06533354c3e227f05df50be3b58931130 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | f9ab69d54aafa4649294b94bb92889e3 |
| SHA1 | 75218f5f433e33f6295cad484cc77d013e3ccfca |
| SHA256 | d98b42dad6258bfdaee3fec789136ff604527c1998fac263765b48443af64451 |
| SHA512 | 166f328a39e32907d40118afb330d1ca4ee2636428f6df92278bfa9c3c96746086e15570e3b5358bfbdc46c97cfb5fcb4f5dea085540c5559d00874b1e57dc85 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 96b991292a38b0d9824e5aa4efb8a999 |
| SHA1 | a6b1289a7f0f473f6a6af16c4f5d885dd223e938 |
| SHA256 | ad18beb4ff5e2ad8212f710fbb6b86b86004ee6e771fb478abe88dd29db93e91 |
| SHA512 | b6d3e918252c46e5027c923e630765f3f8812466b9bcaf11e693221e6e7713c2610d36c34b4acb5c6ea98876196b210f4d7dcee57825779534741eb9f7e08e7c |
Analysis: behavioral3
Detonation Overview
Submitted
2021-08-10 09:43
Reported
2021-08-10 09:46
Platform
android-x64
Max time kernel
796157s
Max time network
41s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.yzojnxnf.buzdnua
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 216.239.35.8:123 | time.android.com | udp |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.111.133:443 | tcp |
Files
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/tmp-base.apk.classes6187634471320622312.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 1de1a89fcfe7132e7316ba9aa0378891 |
| SHA1 | f8557610d3324c26b9f678b78f1ad0de217780de |
| SHA256 | 49372c251b8d10d64ffa2893108ba4b880d78fedf8d91f31b0236a4ce8824786 |
| SHA512 | 51335324446c479f3e957fc7720263a233164cab5e11c29d7296c0b6b80b7d09208c75a823f60b8bf645389ae544ad1c5de7e87ec5d0e22228d49a6b63bd1a41 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/multidex.version.xml
| MD5 | 0ff6a95a261d84315d048a848694af36 |
| SHA1 | b9b0efae2523fd4cb8a2e2627479d8a98257a808 |
| SHA256 | b64379eae179985f9f7b66ef8a546643d41c74eec756a8d8497dfffb8c8e764e |
| SHA512 | 71c06a02da3d6e3adf46edb9e2b0bb2bd33a4d145dbf148e3e0f1f2a0bd98e93bb2f754889530e03d40e2efd2230549361f546eb586b3ef66ddcb0a7777af961 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 70af10446607cc51283e6cb5b5f37ded |
| SHA1 | 823213f92293f2ee981b439963d6db6228c4f63e |
| SHA256 | 13cc154bbfd7682270ee80e70ac9b7799e6ecc19d6c189b992adce2f1678623e |
| SHA512 | 45f3560c299c9814d5020eceef579c53d2295ccde50863c10a88b382ed496527a6c63830281ec6376ad64309cecfc80812c7194066b685b4a50126c6ead9ead9 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/prefs30.xml
| MD5 | 12d6ab1d27552f5788e1667ec0eb1360 |
| SHA1 | f0c1a775a55b7bb45fe65579b526cf4360c0c4d6 |
| SHA256 | 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18 |
| SHA512 | 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | db511be38c324d7edecf200fdbd374e0 |
| SHA1 | 0e2b431e227e4a035c2f00294d8868787fca4c95 |
| SHA256 | 65a68aa2872595fe8de234ee729211627e5c289f0c2a96b6f6292f01054a9aee |
| SHA512 | f29f2e0a3177e30bb2decc36b8f4ddb38356bb1ec432e08d257fb7ce1590248db4b4c06ad227a3b97bbd38b8c8b949ebbc9143e14dab4d094cee60fe37e8b137 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | c7fedd8830bb408acddfdbc43670283b |
| SHA1 | c2f997927f95afe17eef966eef39abff20107eab |
| SHA256 | 1182549a073bc85e1223282471af7f6629cff8fdadf9eb41070ddfa754250e78 |
| SHA512 | 70fdf32c14f4e9003d3ac8d865700063eedc000f66c025d0facc9806d96a9c25d5704a0e2697834a32e9055c5c8163ed6404e4958f6d067cac87350741f07181 |
/data/user/0/com.yzojnxnf.buzdnua/shared_prefs/pref_name_setting.xml
| MD5 | 52a577d437eab31f88345e3a1593bd14 |
| SHA1 | 2484e4a479d78794e89347c8c29a50bd328993ae |
| SHA256 | d3685357fafdd92b68788e8350422f6ac6250ab58d7d874b80cbe0fb330d57f8 |
| SHA512 | 824907065296e8f1f16a49bd33e4a4541f95ad2e99a38b87453cc2ce797e78214691cbc09754e7856d1fa46a14152d599a57c62fcdf404c3b804ce0a4752714d |