Analysis Overview
SHA256
6253cac300eabed08691f1dd70f93ce86513ce98d2a577007efa0cb3a2560aa5
Threat Level: Known bad
The file 98173_Video_Oynatıcı.apk was found to be: Known bad.
Malicious Activity Summary
Hydra
Requests dangerous framework permissions
Loads dropped Dex/Jar
Reads name of network operator
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-09-04 22:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-09-04 22:09
Reported
2021-09-04 22:11
Platform
android-x64
Max time kernel
3000896s
Max time network
156s
Command Line
Signatures
Hydra
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.dhmqdmkq.ibjtwkn/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Reads name of network operator
| Description | Indicator | Process | Target |
| Framework API call | android.telephony.TelephonyManager.getNetworkOperatorName | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
| Acesses field javax.security.auth.x500.X500Principal.thisX500Name | N/A | N/A | N/A |
Processes
com.dhmqdmkq.ibjtwkn
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.110.133:443 | tcp | |
| US | 216.239.35.12:123 | time.android.com | udp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
| SE | 178.132.78.156:80 | kerrihuffman1237.online | tcp |
Files
/data/user/0/com.dhmqdmkq.ibjtwkn/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.dhmqdmkq.ibjtwkn/code_cache/secondary-dexes/tmp-base.apk.classes241187091308527696.zip
| MD5 | 6971ffe821832058875dfb93c16c1850 |
| SHA1 | 352bb340ba440467fc20b5910c582c556fd441d5 |
| SHA256 | d6f5a82a061d8c3ea36d6ef4e630a40e411dba64a9add7f5b14d5cb5af0df3e0 |
| SHA512 | bb1296d358d2ba9c47ec2a0c9abc46b4dc1bfe2cf42de03922838d6d2eceebae642ef6fecc4fbc05c584f11348647960d9aef2302443c62b0158b024a5ee489a |
/data/user/0/com.dhmqdmkq.ibjtwkn/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | 3d0f6518a0fd4d068283d6822177d144 |
| SHA1 | 0b7122cf891bf804f161aa40dca2e44bc044bedd |
| SHA256 | c558cd6e6c71cbe0c7082bca2617da1d49f1e3323345b729cf33a8072995de09 |
| SHA512 | 2ec557cca2873125f4969ec716bd23090150fc6aef344f430519edbf1eef96f959180f5148771ad6f1f747c193316fc25413f915473571ee8bb2d9de8b67ef9c |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/multidex.version.xml
| MD5 | ebf3f70940476de7ceef49694e7dd6a8 |
| SHA1 | 791019ac98dcf1087027838b1be08261f9f9a5af |
| SHA256 | 484dd43bc6adba19f683ea88611836437a64dbdbe050ff9c35d90166757fc364 |
| SHA512 | c5cecf6e5877f6b5f7a19305f9429ed2ccabe379575c0f510ff786df10034cae3c00f43c40cc91d05c7288e570e3d4e4ecde1388b53adf3a4ce3fbb390479d5e |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/pref_name_setting.xml
| MD5 | ffadbbb359172fe72de9bfceac381aee |
| SHA1 | a2e79713802e2f63d7655f2451fdbea0e3ebb2c3 |
| SHA256 | 6cb0f7fe03270464925825177c5721e8c0efbd08a24e98ba8f96f895554f7e71 |
| SHA512 | bc47d184ab653c180e93bd468b032879122a3165fc788f2bd14d2aa10c1e3b1cac14305b2ed5bd4f10f9e75ea2c09f4c44832d0e06ec6cb0726ac3770d14cd16 |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/prefs30.xml
| MD5 | 12d6ab1d27552f5788e1667ec0eb1360 |
| SHA1 | f0c1a775a55b7bb45fe65579b526cf4360c0c4d6 |
| SHA256 | 52e178aa40fd1c71b3a4e8fdfb73fba744ac754430d94697f4d2aaa6823c0d18 |
| SHA512 | 87eb0dba3f5fbb8801a5b8a07849c8634698d64333f77d548f4596221d2f3d7cba7288ebb0fe0b7f9357add2636b07c6e9cd24aa887dd6cce6d22a1b7e2d3d32 |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/pref_name_setting.xml
| MD5 | 8423827f1cd383f71cf4ad816a7a0d5b |
| SHA1 | a48e9eb8d06f03d51cf3f579e79b280ee99fd319 |
| SHA256 | 3061ad18c96750b60a16c201fd44450f3c104be2a1c50fdc7bbeb648ea455953 |
| SHA512 | 7f36f9ea84f9736b8a6e31ad9bbfc4e54bdbd149c690b076c9fffef4c5c863ef3a189f367051fb60cf588ffc1c4d5552212969947994e928cb89e3363a1a2267 |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/prefs30.xml
| MD5 | e019bcf7d0a40cf2c2683ad78aceaa46 |
| SHA1 | 5efe2f7866e4ef6ee10d1162a9abee52896f0063 |
| SHA256 | 81870b3cb6496af6490dc493a0df888e99364eaa7127b60560850020d29476bd |
| SHA512 | a07e93bcb0750c08d08ee98aaca8729954c69390c4a6dcfeee4f0428e059914994f393723c9fac4d0da89afbf25cfc8e6691fed738ef20b655d97ccdf2976dd6 |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/prefs30.xml
| MD5 | 48d52a59268f60a0d2fa9839ac2d9cda |
| SHA1 | c312ced945a128b8a22be6d0177f3b82dfefd265 |
| SHA256 | f8494898a3bd94e4c9477aad03692250fcc321ac9f9136bb27a27f9652e07425 |
| SHA512 | 5faf6a6a57cdb8a156c774e46002782a9a2c5c9d32cf581f1c138f282ddc065120c08c1144d2277fb950cdf4473ae4ead23e7afdd2fd634688144cbf59be7f2b |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/1222122121.xml
| MD5 | c28fc2966426ac4c63611d586af79930 |
| SHA1 | c77b20b082268e67f454eac4d536a903d1001544 |
| SHA256 | abbc2492c2f66f9ee33c6f918cce44d12ca5f02ccc1219c25c5d37b3802b0017 |
| SHA512 | a259e504f93233fdce545621a8593afa9ffd48c90abd3e0d589d44ec9a5d4409aa65230114a9a5ad983f447a450fc94f69a2775fabb14e78ed656bd734c11635 |
/data/user/0/com.dhmqdmkq.ibjtwkn/shared_prefs/pref_name_setting.xml
| MD5 | 02c2f1cf26917cfaeec1fed3d1350157 |
| SHA1 | 1db859b0d24d3014604b77d850e1f95bf7346523 |
| SHA256 | 8775b77679de28b7df7c8717fb5515701fd04b428b9a292ad8d1cf46d9bcacf6 |
| SHA512 | 4b2ba8c1cf9cf16473fd83f5adf5a344edec6aaadc37be533df6801450ef6ce223252e6371bca7b78812965fbfa2ed710f7a25592c18d4a5b7eb861c71649042 |