Analysis Overview
SHA256
4c9b59f488b0b3dcbf725bdf5f956fb18600da0687edf728a647590cf4c6ce67
Threat Level: Known bad
The file 67580_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-13 12:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-13 12:09
Reported
2021-08-13 12:11
Platform
android-x64-arm64
Max time kernel
1064094s
Max time network
126s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.olmrcjgx.baitjyo/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.olmrcjgx.baitjyo
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 142.250.200.38:80 | ad.doubleclick.net | tcp |
| N/A | 142.250.187.228:443 | udp | |
| N/A | 216.239.35.4:123 | time.android.com | udp |
| N/A | 216.58.212.206:443 | udp | |
| N/A | 142.250.200.40:443 | tcp | |
| N/A | 185.199.110.133:443 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp |
Files
/data/user/0/com.olmrcjgx.baitjyo/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.olmrcjgx.baitjyo/code_cache/secondary-dexes/tmp-base.apk.classes5428324852729866661.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.olmrcjgx.baitjyo/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 3eaacfedafbbcb82897a24b295a633fd |
| SHA1 | aae577929793b2c3afacefba74fd48fa2ac8e8e0 |
| SHA256 | f94fb64439fa942cee0c0e6d7917a5b28fcbc921acbab6fc609fa55a46976f11 |
| SHA512 | e55c808141a6a9b29ff953e71b524b1d913dd0cae1bc6ca76b13567d324211e490de05885e1e6a0d24167666d61d074d9605c83e952b0abda7cd061a3c0493b8 |
/data/user/0/com.olmrcjgx.baitjyo/shared_prefs/multidex.version.xml
| MD5 | 08cc332264a9eca757a617879a327ebc |
| SHA1 | e360104e02b5f90f6dd374ffc5669fab4cf363cc |
| SHA256 | 6ed0905572a6bd53a8c5fe0726596de2e1ac8f307440a098e14f78184088c53b |
| SHA512 | f48cbbebabc38128185ee101e55225d48809b55495742304cd3632bfd9f53e4ae94c149f772e4301a5ec74dc7b756bd0eaf88034e90dfbf1b503ef0aa0e1bf6c |
/data/user/0/com.olmrcjgx.baitjyo/shared_prefs/pref_name_setting.xml
| MD5 | 9465ef5393cf2c12d7f8f6596fc0b7cc |
| SHA1 | 48ef3d745b7125323dfc7574bfd77afca38838fe |
| SHA256 | 52a4c6862bc0aa9d54262f11518a8152c534efa4dbaf79cf3b3bd9ec59bcafac |
| SHA512 | e364a30b42cb86ff2af2723bdafb898be17bc99731ff83e8e0b341fb17263b094d77c9512a8f8483238ff00a5b62b2d63a66700f5c4811cd89d28a3c074a69af |
/data/user/0/com.olmrcjgx.baitjyo/shared_prefs/prefs30.xml
| MD5 | 1c6b6a6a91f2ccf7ac553f9a439ad69e |
| SHA1 | 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748 |
| SHA256 | a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6 |
| SHA512 | 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e |
/data/user/0/com.olmrcjgx.baitjyo/shared_prefs/pref_name_setting.xml
| MD5 | 299ca5da9ab9b6f7b3f308bccdf2eeaf |
| SHA1 | b6679a28ba9dee1aadc1bba1f9236224a12daf20 |
| SHA256 | 8dfe20b67648f371f30cc9b6a05c704b650ce29376538698e4d1cf43c59e2cf4 |
| SHA512 | 101df23f0905b91ce28b112b814caa63f4cafafa4d47873ec08bfe8dfd03ed8cb0065863c1faf18563b819ed8e197d8224b74dc81aa8bc70c2d878b836e01ed9 |