972a2e076c94d82c48d353a8349c863fc03248a0cb48d1fa105e7f829bda1dc3

Analysis

max time kernel
21s
max time network
151s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
15-05-2024 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45001d9d887b615960c98210b98148c1_JaffaCakes118.apk
Size

17.3MB
MD5

45001d9d887b615960c98210b98148c1
SHA1

2445badb997a0258ab908df192c885e29a84aa58
SHA256

972a2e076c94d82c48d353a8349c863fc03248a0cb48d1fa105e7f829bda1dc3
SHA512

14d05247c71533f4f0a4cabef9b9fc292c41a85bb739a87d5df1a2b20d7c610650ac0e1770a54c870b6400eabe0eb06cbf4bed3b7c11d0bdae8fcc007d298d98
SSDEEP

393216:83B8LiVSBhvlv+PFCutaVKgu000aTip19L7XLRlbuGkK:2ZVSR+PouoKgsiX931oK

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.iloof.heydo

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.iloof.heydo/mix.dex	5145	com.iloof.heydo
/data/data/com.iloof.heydo/mix.dex	5145	com.iloof.heydo

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iloof.heydo

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.iloof.heydo

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iloof.heydo

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.iloof.heydo

com.iloof.heydo
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5145

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iloof.heydo/app_bugly/rqd_record.eup

Filesize
352B

MD5
9703be3c99c7a5337f780e1973736b58

SHA1
53fa5bd0da90d03a17088787b2d3e9f8b60712bf

SHA256
d149f1c236449c221dbcd22549097e57589e59ca82412b89fa6e60e114551d8e

SHA512
ffd0fcfd07ea24f7dbb66e854c140ced8cbf0cbd7722b32d3b0377e5e30d726423692dff0345cf927bdd6685a77575772c27177fb99dbbc8e6ee68ae0285562a

Download Submit
/data/data/com.iloof.heydo/app_bugly/rqd_record.eup

Filesize
1KB

MD5
481515fda84a55d05fe5ecfcdc8791dd

SHA1
45ef835c07dfdace13d12d2bb3e3614aa9f94335

SHA256
12f27d65d51805f86f9fe61df2e9a86a82751c1f9ccabe5d50a2b59d78db6c71

SHA512
84b227e28a5425d2a21913d0d4c6cb0782c32e0892a970c3240aa99018ae4292e56570391ef563985b8442f59dd8283f859cfd6a5955178a989efad565749293

Download Submit
/data/data/com.iloof.heydo/app_bugly/tomb_1715756387160.txt

Filesize
19KB

MD5
33608b8347774a678bbf72d24590241b

SHA1
8568f283070649c4416b88386487d643b09910e9

SHA256
e074f697a61a98ddf0ef9032858ea94ab5b0cb6295bef89b2b138504a094942c

SHA512
3e427130d6548534ea26cdbd618226d9d56237d40d79fa505522e6a0384acf6f238c56faf3e70911887bcaf12369d62f696164a782641e51ece2059b7650a110

Download Submit
/data/data/com.iloof.heydo/cache/tomb.zip

Filesize
4KB

MD5
b953593c1c17f7e70b20c670ff0f41ff

SHA1
98f4ca7ac48557166e2efd1b80a870d41d4b8cdc

SHA256
9419a2d4dfa6dd7c6b8658b190e3f87f182760efcf4eb936d660cc73dbdb647f

SHA512
11eae6de0d58d1b38a8d91830af67a168b5d42255a93bb894ec15b6a3e0c98ef5bb3fb5612e7daaf651c786ea2f0454d56904d4b3a9a8f53260e256e49ea7a89

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu

Filesize
164KB

MD5
90f01dfd2070dfa5ee7ed3c5d8390693

SHA1
2320027cc08979c65b70825648840f03ceef2690

SHA256
1b7411293cf5e4e2657a74bdafd34689d28bf18dce8ffd3f1a832e21cf500260

SHA512
d4ba04558fca89dc81eaccd9924f0e9a375549ddfa64119fdc191fba8de421a3403087560c7964e9b19ef5589be4d95eaed3b826237c7b4d8df1a88efc54750e

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu-journal

Filesize
512B

MD5
6ff1b63cb680d7ca96537f81d3cd5cc7

SHA1
7d29cc05e1d3382fc515450c09dc45753f28d04d

SHA256
c2023df5a05a43e988c9f41772cbf830a37bb48db38fe4d96effb329b4538797

SHA512
8079fdafe320fea79c0e57f481ee2cc635678f820042e29b77fcfe23f976797f06c64c5810f0fbf56bd486685b3b0a51e85738f465613fcdd77c039e0d773b1c

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu-journal

Filesize
8KB

MD5
7ca5a9be8ef1e067b335a799265e3290

SHA1
c2c7db89fda91520b577d0b8293febe906c8622b

SHA256
37bbaaf6a984c48973c38b472acc3d3a38b9872e8565a9df0fbb49cd92cd4ef1

SHA512
5243c3c45ffbb27666817b8f9b9a0a9b13c67cb8bd6ded26b0336bf0a48888a38cce345d62788a21146eb91b341550b6e6b72248f636b92afe488bea8fd08a38

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu-journal

Filesize
8KB

MD5
94994e01e260025e334471138d9f5ab4

SHA1
7ea667e45a2505ab1e31d29527017eb9f261de0d

SHA256
63c24771f3b22c6dd203a96f551163c7823037e3130202d42385b4f5d5823714

SHA512
e10a5d71fd90992f64239f3db0eaa0737cab1a29d0fa7c0beb13607db197edf36f51abda5b3e5c6c2251badf73dbab7f2ed9a0748a41be1634acc99995de57d8

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu-journal

Filesize
8KB

MD5
afa0ec656674b3f3f05384578ce6cdb0

SHA1
fb7f0fffdd0898f67ad011f5c18393d53d5f7382

SHA256
2dc32eefe2c1586abc8225fc19ddb43a94a0e61477ff5784c53f50fa0d6ecad5

SHA512
e502aacd247ce8ed7ca6b41b8d2c5dcd8abfc8e71a8eb6e2dbe3d02d10d52b6fef6513af9eba920ce619c3d071d65a2dd69cb42d088e639a0897e62c1790b46c

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu-journal

Filesize
12KB

MD5
c10025f2d199676c61ceea1ee7317d3f

SHA1
d5b7711e9fe4084172cb24222421f8f19f2454aa

SHA256
cd8bcb654ff69268c29120bf2ad8eebf66663382b51ac2436ced503321f32928

SHA512
24829f89f58a817ef36a53fa240339e6f7749f3002026ee4a5853420673d55360d45432abb586fa902fdf8d01e80ff7ef89e15522027dcf9c8430990fcf11ee3

Download Submit
/data/data/com.iloof.heydo/databases/bugly_db_legu-journal

Filesize
12KB

MD5
29841f29d5384400ce3aab6391c98dbf

SHA1
e4df41083a48aa33ffc84d6a664114d1130b57d2

SHA256
37dfc845093dfb82a1739dcc546a0b21b53ce8d6dc38d0a865d7497c515637bd

SHA512
1dbe24e05991292febd86dbe490dfa93551612ea8accccd24319c3ade691686be4e64e0b6091b3894e61767d9c76bc0c8aa334efeade3724e36c3e2098c8b8aa

Download Submit
/data/data/com.iloof.heydo/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads