Analysis
-
max time kernel
2043857s -
max time network
48s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
13-10-2021 13:23
Static task
static1
Behavioral task
behavioral1
Sample
76032_Video_Oynatıcı.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
76032_Video_Oynatıcı.apk
-
Size
8.4MB
-
MD5
4d1d88ed96379c4b6b72b7f3f1727a97
-
SHA1
691e2571c920f2dd184ff96c4ca05e89e2da2efc
-
SHA256
ea6058517e957895fbd3c26cac63013df3442ceea289123c7afd4bd0b24bea82
-
SHA512
8c7a25f81b67d42c9e9c7eda696a332cd136d01a5455af721b5c038117045f5d482aebfc4fd5a9ecdde408a64c9835cac72c14b2400e7a487d575650f6210b4b
Score
10/10
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.yfaehapg.yctcscs/fjjlykjjgn/gjcdvqcbjylfogy/base.apk.ycb8ysz1.gfm 4910 com.yfaehapg.yctcscs [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.yfaehapg.yctcscs/fjjlykjjgn/gjcdvqcbjylfogy/base.apk.ycb8ysz1.gfm] 4910 com.yfaehapg.yctcscs [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.yfaehapg.yctcscs/fjjlykjjgn/gjcdvqcbjylfogy/base.apk.ycb8ysz1.gfm] 4910 com.yfaehapg.yctcscs
Network
-
GEThttp://ad.doubleclick.net/ddm/activity/src=2542116;type=ytmusic;cat=youtu008;ord=5946167711072;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0Remote address:142.250.179.198:80RequestGET /ddm/activity/src=2542116;type=ytmusic;cat=youtu008;ord=5946167711072;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0 HTTP/1.1
User-Agent: GoogleTagManager/4.00 (Linux; U; Android 11; en-us; sdk_gphone_x86_64_arm64 Build/RSR1.201211.001.A1)
Host: ad.doubleclick.net
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 302 Found
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 13 Oct 2021 13:23:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://adservice.google.com/ddm/fls/z/src=2542116;type=ytmusic;cat=youtu008;ord=5946167711072;dc_muid=*;dc_lat=0
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
-
GEThttp://ad.doubleclick.net/ddm/activity/src=2542116;type=ytmusic;cat=youtu00c;ord=1;num=1142167518002;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0Remote address:142.250.179.198:80RequestGET /ddm/activity/src=2542116;type=ytmusic;cat=youtu00c;ord=1;num=1142167518002;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0 HTTP/1.1
User-Agent: GoogleTagManager/4.00 (Linux; U; Android 11; en-us; sdk_gphone_x86_64_arm64 Build/RSR1.201211.001.A1)
Host: ad.doubleclick.net
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 302 Found
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 13 Oct 2021 13:23:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: https://adservice.google.com/ddm/fls/z/src=2542116;type=ytmusic;cat=youtu00c;ord=1;num=1142167518002;dc_muid=*;dc_lat=0
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
-
864 B 3.5kB 12 9
-
4.9kB 13.1kB 44 27
-
142.250.179.198:80http://ad.doubleclick.net/ddm/activity/src=2542116;type=ytmusic;cat=youtu00c;ord=1;num=1142167518002;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0http1.1kB 1.6kB 8 6
HTTP Request
GET http://ad.doubleclick.net/ddm/activity/src=2542116;type=ytmusic;cat=youtu008;ord=5946167711072;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0HTTP Response
302HTTP Request
GET http://ad.doubleclick.net/ddm/activity/src=2542116;type=ytmusic;cat=youtu00c;ord=1;num=1142167518002;dc_muid=FE3F14EF316A00B107DFE15EF2807C5F;dc_lat=0HTTP Response
302 -
1.2kB 5.6kB 7 5
-
727 B 3.8kB 8 7