Malware Analysis Report

2025-01-19 05:30

Sample ID 210820-spkm3425ns
Target 01549_Video_Oynatıcı.apk
SHA256 b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401
Tags
hydra banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401

Threat Level: Known bad

The file 01549_Video_Oynatıcı.apk was found to be: Known bad.

Malicious Activity Summary

hydra banker infostealer obfuscation trojan

Hydra

Requests dangerous framework permissions

Loads dropped Dex/Jar

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-20 20:46

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-20 20:46

Reported

2021-08-20 20:48

Platform

android-x64

Max time kernel

1699914s

Max time network

31s

Command Line

com.wlfuzvxs.ojrcbuf

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A
Acesses field javax.security.auth.x500.X500Principal.thisX500Name N/A N/A N/A

Processes

com.wlfuzvxs.ojrcbuf

Network

Country Destination Domain Proto
N/A 1.1.1.1:853 tcp
N/A 1.1.1.1:853 tcp
N/A 185.199.110.133:443 tcp
N/A 216.239.35.12:123 time.android.com udp
N/A 216.239.35.12:123 time.android.com udp

Files

/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/tmp-base.apk.classes5388884089713346931.zip

MD5 8d6301c6023c23f1304017135fb8fe06
SHA1 aadb7b28f83a6c5d85821f22324adc9006d810bf
SHA256 ccfbfcded26f985e98123d46ed3ad6c1149183f6301e1f774a72957820c07278
SHA512 cd095d3c5369315cb51678ec94f40658fa177c37d4c74a107a0ae28cf0db0516816583385e7ca7182234cb21f5bf25084e23387fdd8bd5c00304c2161be4f795

/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/multidex.version.xml

MD5 65aeefe0686928d16c7583a3a22c45c2
SHA1 1eb53586328ed9ad6248fe7d59ee70557191f347
SHA256 6ae9bd2fe184ff9245d96ae11bb849fee2e266a9c91c15ac334ab8f331cb2fc6
SHA512 57fa9d92cac2794c3ace3d281c9d99326726e3194b082acca2952cb0d4ebc5efadbb45f9b3104c4972a49cf92effe26ac7104e85db6b19922d163209639ad967

/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/pref_name_setting.xml

MD5 7ef4de25a0c2279af53359c2ad16c116
SHA1 43a0e89a43b08e054e2cdd99218b8cbc7c7516b1
SHA256 24a2c5ef303132a3bae9231f0a027110be8849f9c936262851a142d5d0db6bad
SHA512 c425b4417b081d640376022db665c012e87e00d09096c50bf624245fe44bec8b03075ad1d48c0ea1306da687205eb209643021e1873b5675b1a2a57b3dd60d1a

/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/prefs30.xml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.wlfuzvxs.ojrcbuf/shared_prefs/pref_name_setting.xml

MD5 84d6b10c9b6bb5cd72198dabf665d21d
SHA1 a1a71225cf1dbf3527ba00f43446f7ed52202e43
SHA256 7e52bcc9d4a2f17662e5b7015a64b5fc41da3d35751cd98bab63430c29c15573
SHA512 0c99707822259219aa1bf44037a77865d8509147ba3eb19108d4061f977de83ed8cadfd306d4fd167c432e238a41916bb9d6c1e98ccfc0f052bb0c0baa9111b8