7bbb7bf71237b39d718c51551808378d7bd2eef1b5fa556476dc0122c3fc86f5

Analysis

max time kernel
2628330s
max time network
162s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23-12-2023 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bbb7bf71237b39d718c51551808378d7bd2eef1b5fa556476dc0122c3fc86f5.apk
Size

21.1MB
MD5

5adf86819347d720bc4e32715e93d20c
SHA1

06970c99179e43af88665668d03f00a52c6fc928
SHA256

7bbb7bf71237b39d718c51551808378d7bd2eef1b5fa556476dc0122c3fc86f5
SHA512

7563d72ebcb0ba4226dc23ee53db088ddb011616e288f32d733c3b47129f665233beee1e3ad57f8efc54a49f847da46d5dbfc0da88aaeecce2179885e7675594
SSDEEP

393216:ypESoB+vP07VOLLculZday7dd6rgnp7ctu+oqNhpaGXyv:dhnOLpdWUNctu+owaGXg

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/heyman.iseymon.com/[email protected]	4964	heyman.iseymon.com
/data/user/0/heyman.iseymon.com/[email protected]	5148	heyman.iseymon.com:pushservice

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	heyman.iseymon.com
Framework API call	javax.crypto.Cipher.doFinal	heyman.iseymon.com:pushservice

heyman.iseymon.com
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4964

heyman.iseymon.com:pushservice
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/heyman.iseymon.com/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
ed73a80eb949bacc52428b8d5a087fa5

SHA1
07e973549a2cee61ffeeb6439abc419cd8a489a9

SHA256
f0ead1ad60e0cc310c1a40685c28fc7a69aa346604552816c51dd3c1718a1e76

SHA512
4bc26c18ca3a2edfe38ca1e14ad1e1415268b4a69cdff3c0f8e2b8fa910c67c2e4bc4f32c21274e586e8e139122ea3dbde7ec507c4722b4a9a778ee2598090b8

Download Submit
/data/data/heyman.iseymon.com/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
5061e4948844f7d366972ac8005e9f13

SHA1
a2b79a1c79afb095ddebf0f16a1f9db64482bcaf

SHA256
3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45

SHA512
223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

Download Submit
/data/data/heyman.iseymon.com/cache/jsb.version

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/heyman.iseymon.com/cache/libweexjsb.so

Filesize
6KB

MD5
7daa126a59a44091b737186c77697355

SHA1
3d0edde6aad106a18b3c5e139bc5b17872544920

SHA256
075f5431397263562da0a61835f543ff13c708f4b5c4a4588a93f5ef08254c5a

SHA512
1dff58d4598278d53a4f571152142de312c2b1494b0c9f6a908e281845a041bfd4c864726fec0ece1c6d3994f13622ac7310aef479bca71e42a071f8d2307cfe

Download Submit
/data/data/heyman.iseymon.com/databases/pushext.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/heyman.iseymon.com/databases/pushext.db-journal

Filesize
512B

MD5
018d0789c6ad1419cf4ff8262f4a2c18

SHA1
faa22d796e1eb49aaf7191a051329f400909c591

SHA256
412f5056ec7c3207c186dad2ac2ce52819ce3bae62e199de3261894231f47113

SHA512
3514ac5a4ae6675cefa7b7f58a377810c57774fef02107ebf383440c382ebe4aafc77bf5c8bdf6ba042bc2564f1f3a81ab49dc023b16a98eacbd823357737221

Download Submit
/data/data/heyman.iseymon.com/databases/pushext.db-journal

Filesize
8KB

MD5
83026a085aa8334612de0f1d4a7f7ae2

SHA1
555fc2d77ae19181bb72a8a9b006de51c33ef2f7

SHA256
9fe69a39e9098f0cdcd1d43530eb4338727e19e0ed0edc0d5da63123c4102f49

SHA512
2209ffe5a9049e5ba72ceb0d72be3c185b1f6b3cfd9152c61a56288a10dd401ed481646ba3311d31c0cd92d0cf4cf3afc410a3cf0135860a8db109f657a8ddb4

Download Submit
/data/data/heyman.iseymon.com/databases/pushext.db-journal

Filesize
8KB

MD5
0e625699adf543c91631216c8210d4ee

SHA1
15995d0882354ce7eeca969be3eb3423587ecadc

SHA256
1acaf2a6b193b70f45e82eb026660c87fcc1e87856e44ba91ed1d6fd6bfabc58

SHA512
f751c529fa2ee8ec15190b1ed67faa035a80b397d942d9727dad279a3e7faa7bf367246380d1884ecbc5725899a53f82a1ee4ec0407aa3ff70eb77a97a91719d

Download Submit
/data/data/heyman.iseymon.com/databases/pushext.db-journal

Filesize
63KB

MD5
13f7c66b8640db829f8b26e38276802d

SHA1
632d39e8337875f1169f578b947a7a2ebd907ba5

SHA256
4040a217e349f706c5f281e7eeb2fd231c77d83ebe07454db009265e4e74dc6d

SHA512
6f136ad73a64e9f66a9688e75098d812f16bcfbd41facfc9b63fb1b3065432e44c1d5c99676f71b5bb69e4ffeea663ecbd899b84a52b9a7d8fdbab47f6197578

Download Submit
/data/data/heyman.iseymon.com/databases/pushext.db-journal

Filesize
8KB

MD5
667ba5a68fe7ed2b65035cbed05e55e6

SHA1
2acdfed6bee229782a6689be9c1103e66067c401

SHA256
e8d852c7c0f84dd201970b9e2ef377d5ac688fa0323bc62111c15e01b768af27

SHA512
030ea2e862beca1b29c7fda2b3fa9a293a26a9372203213886f8c54db24fcce24451ecfe6ec1203b666a0b99a89d584504f8c261823dcee3bb502636258891f8

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db

Filesize
28KB

MD5
447a72f7f2a44c5b4ce4fae052b559ca

SHA1
1c08fcec2653051110b313ca1a3d683bd80f2850

SHA256
1475908d2dbf7d3f2a1bd1dec748f65b0e5c9a73fe669b484747abcae1307e5e

SHA512
a7b79501a7d2e6642f973ef19d613ceea679c541660a7ad1c3bc999ba9a79e3ea8d72ffe6dbc9a2f756fe26652f58940f4b7e8b8a6064f920a8de38c94f1e4b1

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db-journal

Filesize
512B

MD5
ea689af3afcad611c6f7ed16f73d4bac

SHA1
2da8332c85258f800fd4eb1c996b12ab94c9b3a8

SHA256
14e18047f46a5be37f03c3c70da4958200b6539f1b0afa3637606071e01242b1

SHA512
5c05bb2a8fbd5b62edb430126f0a1921bb8161068040ed9a887617f949815ef611050b932f44a609771638a941ad17ffffb77bf998575d61a98f7e3c57e771a7

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db-journal

Filesize
8KB

MD5
ee9b5f67b39ba1834370fc0bf2f852ec

SHA1
f14a4881c62e4134f64cd3f15c04aa55ca290213

SHA256
d572085781a560f63c5f4c28288df679df104f97f04c8a6bd8c5062fb9164fe0

SHA512
fc897980c355f6b56be4ce3c75f3f7bee605a85b8194a4990fdac033e19634e7cfde26abbda66d8ea3aaf18e41e9681343c9a5b6c70f039b8ac499296509ef28

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db-journal

Filesize
505KB

MD5
20b706f1a6efca076dd6de9249da967b

SHA1
8f25d9fa27b448c03976c3c3588a8fab83f8ace6

SHA256
4a62bf1664f823e90fa55c9334b1212107090ad790f9dfcc51052c2854dbf356

SHA512
21c9f9025840a3318cd637c3330f2bbc33a7850b4e51e0943f5111442d0dce8b1c8fa0b785e3f55841e6a4d69e0f8b236466f8af08cb76b7f3faa3241ebcecd3

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db-journal

Filesize
8KB

MD5
09750da1026a44974a921518828d4f88

SHA1
a84f05d81e2e63b204e89b52175e999b58035903

SHA256
99feea4ae2ec03cedc81315e1fc6bde11297005719e03cdc12004838044c156a

SHA512
4a9955f36a34f17c6089de3300dde110588a99c141efd42eac576920fb1c197e27313fc582d16bbfcba9e3fd72535fc590d997e056e73ef5dce003e91e7df415

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db-journal

Filesize
8KB

MD5
54e21a70c615e8fc2253e7d8cdde259e

SHA1
a3b3c2bae3926e4bdc931ec91b6f9112db86142e

SHA256
ed12336b45943f1726b1a5f6be693465d5ceac10ad7dc9f7f135bf53b77265b1

SHA512
8d3123c40f735c8bc16caef0a2c2fbaf982f5671e0536c03880035a9bc9b6063a68c404f47ec911352625fe5f66ea9abed6cd93f323d49bada06be06a49abd5d

Download Submit
/data/data/heyman.iseymon.com/databases/pushg.db-journal

Filesize
8KB

MD5
6837dd2ade1a833cbf059b93e21ad518

SHA1
870d45bf4bbe60572edc02dedb3f90f5ce9092fb

SHA256
0c84b5e0e8444fa0413c7dcde7b8ee0d65bfd04a72d99cb40ff73a6a67ea1108

SHA512
3885eaf30c501b92903e5a71ba32610d9d53d77806e2e39db1056b47b9f718d7b93851a945210a1c7a4b8f379d762bfdd40ba23a661a18838975001dac03efeb

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db

Filesize
48KB

MD5
bcf87ac89bedd548a0f5bdd13fb4966e

SHA1
2f6945499e6b4963ac24c1dc1cf719e25750fe79

SHA256
e4995441f3a1fe3b23845682dfcd14e109b948a142dc072489bc9e1e44b11302

SHA512
703987b583cb27a98300176caad2fc6470fe748b01ddd4334825de292847ee6ac386ac11a0f713634b00eb6bf8ad2f31082cf2a966cbee54e945fb66ab52706d

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db-journal

Filesize
512B

MD5
ca767f9149449673b70596a061bfd339

SHA1
ba8081a8021d622c7706169a4b3074e0a830647b

SHA256
6d7acc9d473e5b34aa3a562c4e9769e974a633358f54e3f6b51d5a94b9566793

SHA512
b171c48981b9c36b0a7252329e0362c40aef1a078dd34a2b5df8ec93eec7c562a663fe1490ff80d0f2f43a9a642373d392b152c73b39e83130f3a3eae18853ac

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db-journal

Filesize
8KB

MD5
ace852da44365896e7eb3a37b73c1a13

SHA1
dcbc381a7650e03c1f93df57eb4e9d8dd6edec54

SHA256
dcbde4da2a3732300858f32f2839c51493cb65df2a93a93fc11f251a0b88e059

SHA512
4af4fd776affd5223d2141b8b61ae634d42fdd3c48ec3ce6d567fd9ca09f11d17dac8749828242b6c8a988444ade3dec45c090ceda3adf50ec2831af56b15297

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db-journal

Filesize
8KB

MD5
e98ed0af24b99df8afea428a8be95e74

SHA1
99d29e6fa99956be71c1b9842910fa3281d0195a

SHA256
fb209cd215f9d4f33267f950313259842fddcc1b0b910b737efcc8c52bcb6092

SHA512
f62e88b6fc00d3f24042353cd0db2931e1b88dfbf366b61e21275a1503c02ba2aec09bbf3dc55dd84d5ef5679e28f6401d4f69e2cb60337be5375718a65edd44

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db-journal

Filesize
4KB

MD5
1cf61abac766fd7734dcc62e7f8a71fd

SHA1
72afd9750ec58b57527deb82a264446fcca65f14

SHA256
38690b8899c668f5d0f7b8749634c8d6ffee13353e28077000ca3ccba519b76f

SHA512
98fc6e478524fdbede316cb6fb394f1fdf767075b6959b696e284f0255688d502449191a35238783541787de454c15390e28b674679cb4ab410345b235f293b2

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db-journal

Filesize
8KB

MD5
bedcf8fe6fdb4ff1226ff4d23b91d598

SHA1
45c4e48a63446f6d8a62e68b1294a88b8f12826c

SHA256
df44ad97f07e94027b1bb6ce650089cd1fb033e53e311c6e9cdf32f91879e819

SHA512
f32f15fbba0a402ce3d83f6fa12be70c3500fce41e88370deecc4b19d611b9e082b5e9221e913f596ac23a65597b898354dc86bd4d163a75e97cf0f2b537247c

Download Submit
/data/data/heyman.iseymon.com/databases/pushsdk.db-journal

Filesize
8KB

MD5
42fc7aa1a8b06ef3d8e3f31e9d63315e

SHA1
4de408c7187385077db1909ef8501b96e4f486b9

SHA256
3954b1038d8b09a212f3e1403064968966ca39d6952e9cb3cc971f16a9bbf5a0

SHA512
26095073945bfe37b1198f046c6cf85daaa365485a59afb98e182df66ef295dc5de22136c1c9a620099f9316ee45c72d60cd6c53ceada7720af80988d4a7e693

Download Submit
/data/data/heyman.iseymon.com/files/cnc3ejE6/eje3cnc

Filesize
39B

MD5
7769d4507985f59116153463f09235a2

SHA1
b081e84d14300ac7a7947aade9c025fa83bc17fb

SHA256
5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf

SHA512
ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

Download Submit
/data/data/heyman.iseymon.com/files/init_c1.pid

Filesize
14B

MD5
ee2994d50f908dac5a64e1e41b3a84dc

SHA1
c8282ea1de84a527cbc6f768a38e8746dd2c747a

SHA256
65d8d813c871b5c03cd7ecbc67f42a9b9695ccb736e3decddcda838e1a37ca3b

SHA512
0543f0f3af77f78268ab82026ae77b15bc33e0cb754a298fa2ca45891795374d1a65148b60152434bcbacd775e685fc8d32d9126fd3ec5cb18aca26110abecfb

Download Submit
/data/data/heyman.iseymon.com/lib-main/dso_deps

Filesize
288B

MD5
c898210c23b9fc397393f8f2f49a76b7

SHA1
1d9d7323792c01fceef2af09872d89cbc895a616

SHA256
b7d37ed19df53845e3f177485ee7dc16adea7a8297872edb8b9065983df0d5f5

SHA512
2c0ca1542998277707c616d09b2f3e3345c77f06b70a01ea7e0dd626faff98bd33964448a85168e457433c2af617bf937235aebbace0ed9c6103775a57ba9bd9

Download Submit
/data/data/heyman.iseymon.com/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/heyman.iseymon.com/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/heyman.iseymon.com/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/heyman.iseymon.com/shared_prefs_ext/test_app

Filesize
29B

MD5
93e94008854ec01722536847eabe7831

SHA1
3ceb87b2c4d5bb0a74f1ed93fa1a8bb38a1378c0

SHA256
315556092441bef3b35b07d4eee18c3bcf920c8b63e13e7ba47ba86047399367

SHA512
6a7bebb5b91d46aba397dfb25e3fb57d4227ccb64740b9923e6f0c7fd73f380c4edcb01455ed6602fca787e26053929160ba88714c9f9fd775eba856723649d3

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
8bb062aee9dc97a5b6843e16313a747f

SHA1
3c8b8253e2beceffbf52cbd2d54caa0fabd142a3

SHA256
7b44efaf5d156821032b2a0008d5046ae74e4c105a6be337b76e0843e4b10b91

SHA512
990060023597ec7b2b73df061ff48402277ad02be36967ed511585a7146d3f68730152c16b2bbb8abdb8b545987488dad930dd8b99f40a6b966f5d7bf7684d15

Download Submit
/storage/emulated/0/Android/data/heyman.iseymon.com/apps/__UNI__36EB4C7/temp/1703435237186

Filesize
505KB

MD5
d725c0204ac941f2862dcdcf58e7e452

SHA1
b96f40b9b0d0711f19262d1d23a2b1977cfb50ae

SHA256
e2a6d4446ec01b57cecc02515d9b4a24ec2a811be3b038d46c55d2dbd08a48d2

SHA512
e8286f453d2f07561cba48a03d8fd542797863465efa3f2d89acdc274bacc9c1de8231e41bd996aab54a9a603a11ecb8a2f223bd5b800b00cb1e9d6acd4b35a2

Download Submit
/storage/emulated/0/Android/data/heyman.iseymon.com/icons/-1146883555

Filesize
3KB

MD5
261a2f5598dc84aac9c4f74d362cb6bc

SHA1
207ac982fef6b156fee0490b552f00dbc5a31c35

SHA256
e5870b73c45753de32fdc22b7028a31bb0357c4b5ca98ea70677d7af6b483c6f

SHA512
c5ec5370146cd16f1b7c5d70eaac1e9ddd3e37766849d38cd2bf2b771ba75de8bf0dbb97c8eb2f5d472c4ce1e97aa603939634ce3cbfee479dc35f97616b5472

Download Submit
/storage/emulated/0/Android/data/heyman.iseymon.com/icons/-1224589735

Filesize
3KB

MD5
ffac3d37dd244404d7e4b7abd2e021a6

SHA1
9801dc20d26b9ee33850323be03f21fab23fe5c9

SHA256
05002b5e8af7e185d7a01e88f51a96d982003f59678597e302e917c78aaf43ff

SHA512
c7845b0bd70453bfa291eb10ab1a60cb23e713746f7257a0c1ef219e30339d8a94b16b6360f57b249c366e419bd57c3604a912978e8b019abee615942a3410f5

Download Submit
/storage/emulated/0/Android/data/heyman.iseymon.com/icons/-545746868

Filesize
2KB

MD5
3d177b9baa9676e35176fbb089046ab6

SHA1
d85b4f17b3af3126a456f5a894056710a7433458

SHA256
feee17b37416044496e3e9d8644db60208b714e151ed49a8ced5f35e07733d42

SHA512
53f98f894fae1763c61197f8d8eeadd35c780411ba7369d6c3df26e528777da866ea99996d837c77bfde838d5962af83892d04b428ee18b567058a582a08271a

Download Submit
/storage/emulated/0/Android/data/heyman.iseymon.com/icons/1285727607

Filesize
2KB

MD5
2b8cfe7fb37f23bf6d6ec0322fe95f99

SHA1
7e45b425ce7fd85e2e7cfdcb7984503ffa6071f8

SHA256
f5be72140121e2b865a9d657759946b2551a87e266f3f2784611668823679d45

SHA512
482ca37edf5e0a0365edb69f596ea984bda84bbfc91218ffcc831d2ce721775b80f8dfeba84495f61af9bbc861db200d31b26afc706fd10b3a02bc67d775f695

Download Submit
/storage/emulated/0/Android/data/heyman.iseymon.com/logs/heyman.iseymon.com/crash/crash_1703435238079_2023-12-24-16-27-18.log

Filesize
1KB

MD5
4490e1a4c6a07514c98933ed945280c6

SHA1
81f0aa4d41ab11a03719679f8243686b1375de35

SHA256
492ad89a26b66eddb0cbf00caa940135cd3a7df327451ebbc2e5ca35b3fc3f12

SHA512
b5357747dd7998d4c0bf9a6055877ae454bdd9efe226924035b4a573f0daa5d0650a60ca912c134785ec4ba5eea106dc4eb9de9cc8b9438539f84f290c7d9bed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads