Analysis Overview
SHA256
b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401
Threat Level: Known bad
The file 01549_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-20 20:46
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-20 20:46
Reported
2021-08-20 20:48
Platform
android-x64
Max time kernel
1699914s
Max time network
31s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.wlfuzvxs.ojrcbuf
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.110.133:443 | tcp | |
| N/A | 216.239.35.12:123 | time.android.com | udp |
| N/A | 216.239.35.12:123 | time.android.com | udp |
Files
/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/tmp-base.apk.classes5388884089713346931.zip
| MD5 | 8d6301c6023c23f1304017135fb8fe06 |
| SHA1 | aadb7b28f83a6c5d85821f22324adc9006d810bf |
| SHA256 | ccfbfcded26f985e98123d46ed3ad6c1149183f6301e1f774a72957820c07278 |
| SHA512 | cd095d3c5369315cb51678ec94f40658fa177c37d4c74a107a0ae28cf0db0516816583385e7ca7182234cb21f5bf25084e23387fdd8bd5c00304c2161be4f795 |
/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/multidex.version.xml
| MD5 | 65aeefe0686928d16c7583a3a22c45c2 |
| SHA1 | 1eb53586328ed9ad6248fe7d59ee70557191f347 |
| SHA256 | 6ae9bd2fe184ff9245d96ae11bb849fee2e266a9c91c15ac334ab8f331cb2fc6 |
| SHA512 | 57fa9d92cac2794c3ace3d281c9d99326726e3194b082acca2952cb0d4ebc5efadbb45f9b3104c4972a49cf92effe26ac7104e85db6b19922d163209639ad967 |
/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/pref_name_setting.xml
| MD5 | 7ef4de25a0c2279af53359c2ad16c116 |
| SHA1 | 43a0e89a43b08e054e2cdd99218b8cbc7c7516b1 |
| SHA256 | 24a2c5ef303132a3bae9231f0a027110be8849f9c936262851a142d5d0db6bad |
| SHA512 | c425b4417b081d640376022db665c012e87e00d09096c50bf624245fe44bec8b03075ad1d48c0ea1306da687205eb209643021e1873b5675b1a2a57b3dd60d1a |
/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/prefs30.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/pref_name_setting.xml
| MD5 | 84d6b10c9b6bb5cd72198dabf665d21d |
| SHA1 | a1a71225cf1dbf3527ba00f43446f7ed52202e43 |
| SHA256 | 7e52bcc9d4a2f17662e5b7015a64b5fc41da3d35751cd98bab63430c29c15573 |
| SHA512 | 0c99707822259219aa1bf44037a77865d8509147ba3eb19108d4061f977de83ed8cadfd306d4fd167c432e238a41916bb9d6c1e98ccfc0f052bb0c0baa9111b8 |