Analysis Overview
SHA256
f47c788feac2cb7b395ad9b38949f29c88d01b6dd9c94dda87f2e243bb340bd3
Threat Level: Known bad
The file 80456_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-26 21:47
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-26 21:47
Reported
2021-08-26 21:49
Platform
android-x64
Max time kernel
2221971s
Max time network
46s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.ckygogqt.hlighrp/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.ckygogqt.hlighrp
Network
| Country | Destination | Domain | Proto |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 1.1.1.1:853 | tcp | |
| N/A | 185.199.108.133:443 | tcp | |
| N/A | 216.239.35.8:123 | time.android.com | udp |
Files
/data/user/0/com.ckygogqt.hlighrp/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ckygogqt.hlighrp/code_cache/secondary-dexes/tmp-base.apk.classes5344370357065131963.zip
| MD5 | c8abc1e798410d55498e125c195a7b07 |
| SHA1 | 65af7895893a556ceceff5c05f315f43f4310f9d |
| SHA256 | ec73f21149ff5a7617fcf94642532042c88bf68f68780913e3203d30fc816880 |
| SHA512 | bfe5c344f7ac36074915fbaf1db6b2c39592950be621136f9b673169d20a871c4d95f84c919881aa103b4e48afd1fb308afc57e1eb07df6537e0359bf0720e23 |
/data/user/0/com.ckygogqt.hlighrp/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.ckygogqt.hlighrp/shared_prefs/multidex.version.xml
| MD5 | f18cfcead263b8e74977475c3a404207 |
| SHA1 | 3c4130a97c3697ad8d007579363669038dcf9045 |
| SHA256 | 968b20028fa08be3681f0f297f67706932bae713874a5e4d3fd977fd03bf734d |
| SHA512 | 59463e02524a50165af2b4ff1ba7be50454da288f55f32c9a24a3fa2c9842f25512487823ac05d6e93410af0d3d5d9b1b2e628d2f84ffc43b8639735d9589146 |
/data/user/0/com.ckygogqt.hlighrp/shared_prefs/pref_name_setting.xml
| MD5 | 7c8d11e6cac76a292e9807816a4b6329 |
| SHA1 | a9a1a0a2fd11e5a8faa5800975fc95fb82649b80 |
| SHA256 | 23b00c333bb3aefb6c612df78ced834ac413ffc9ea816551cad56148952b01c3 |
| SHA512 | b6ebba8ad97986c8536dde9095f3132f15bbf2cda20318bbb24ca770120d7b4860c7cb71dd2ca1ff7609742b61d018dc4a1f3d2ff00b20c2c78bad301e2485e8 |
/data/user/0/com.ckygogqt.hlighrp/shared_prefs/prefs30.xml
| MD5 | 12d6ab1d27552f5788e1667ec0eb1360 |
| SHA1 | f0c1a775a55b7bb45fe65579b526cf4360c0c4d6 |
| SHA256 | 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18 |
| SHA512 | 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32 |
/data/user/0/com.ckygogqt.hlighrp/shared_prefs/pref_name_setting.xml
| MD5 | 99c9f0ae7b83bed711629e729214dccc |
| SHA1 | dc1f0f869e4f9f4b1dcedb7f0fad88ad3985ee15 |
| SHA256 | 7b6048d12a9434ff6ebdcb1811120db09b6217363166fb4775306adac9345c4c |
| SHA512 | 678e83bb92b735cba3647a5c7e7a3f7d13ac080eb1f27822aa43448ed916d937312c93553bf4f03998c7aa9861721b53a4e9e7c734c21c9e7d802baa500e6905 |