b17fec8f357130122913624fa16dcb12442bdf3851a02b2aefe5593167636b2b

Analysis

max time kernel
8s
max time network
148s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17/05/2024, 05:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e8d2d68ea46ffdc1c21c3af0699be9e_JaffaCakes118.apk
Size

26.1MB
MD5

4e8d2d68ea46ffdc1c21c3af0699be9e
SHA1

3410b56eb08db1db175e0abecf5074dfcd48eaa8
SHA256

b17fec8f357130122913624fa16dcb12442bdf3851a02b2aefe5593167636b2b
SHA512

9af6a2294245947f6a6d31b073ed655e5b1b946e7ecd24f929cc6856bdc44b5e66dc95689b9cebb82c7287c20c8d36ec1465d41ab0ce49c55ed3d37f69611d7b
SSDEEP

786432:P5Q6kax8MJveravd1sjpk7SF/ClJL7ud7XlBYvv5nL91b:PKxOvaavEjpkWF/kL6lXlBYvv5nL9F

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.heuer.helidroid_full/files/stares/updates/sta.jar	5107	com.heuer.helidroid_full

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.heuer.helidroid_full
1⤵
- Loads dropped Dex/Jar
PID:5107

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

172.217.169.8
DNS

stat.anquanxia.com

Remote address:

1.1.1.1:53

Request

stat.anquanxia.com

IN A

Response

stat.anquanxia.com

IN A

107.149.163.133
GET

http://stat.anquanxia.com/ad/update.php?country=US&systemversion=29&packagename=com.heuer.helidroid_full&cpu=&stasdk_game_tag=%E9%A3%9E%E8%A1%8C&sdkversion=105&fingerprint=google%2Fwalleye%2Fwalleye%3A10%2FQSR1.210802.001%2F7603624%3Auser%2Frelease-keys&imei=null&model=Pixel+2&android_id=1054a0bb5eeba9dd&versioncode=14&brand=Google&uniqueid=6944bc33-7f56-4cc1-8f19-c5ff4a924e02&key=58c78a21df71eaa53d88c0080b918f0c

Remote address:

107.149.163.133:80

Request

GET /ad/update.php?country=US&systemversion=29&packagename=com.heuer.helidroid_full&cpu=&stasdk_game_tag=%E9%A3%9E%E8%A1%8C&sdkversion=105&fingerprint=google%2Fwalleye%2Fwalleye%3A10%2FQSR1.210802.001%2F7603624%3Auser%2Frelease-keys&imei=null&model=Pixel+2&android_id=1054a0bb5eeba9dd&versioncode=14&brand=Google&uniqueid=6944bc33-7f56-4cc1-8f19-c5ff4a924e02&key=58c78a21df71eaa53d88c0080b918f0c HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
Host: stat.anquanxia.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 17 May 2024 05:10:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.74

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

216.58.212.234

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.42

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

216.58.213.10

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

142.250.178.10:443

tls

14.1kB
7.0kB
17
21
142.250.180.10:443

tls, https

333 B
40 B
1
1
142.250.180.10:443

tls

3.2kB
6.8kB
19
17
172.217.169.8:443

ssl.google-analytics.com

tls

1.3kB
6.0kB
8
8
107.149.163.133:80

http://stat.anquanxia.com/ad/update.php?country=US&systemversion=29&packagename=com.heuer.helidroid_full&cpu=&stasdk_game_tag=%E9%A3%9E%E8%A1%8C&sdkversion=105&fingerprint=google%2Fwalleye%2Fwalleye%3A10%2FQSR1.210802.001%2F7603624%3Auser%2Frelease-keys&imei=null&model=Pixel+2&android_id=1054a0bb5eeba9dd&versioncode=14&brand=Google&uniqueid=6944bc33-7f56-4cc1-8f19-c5ff4a924e02&key=58c78a21df71eaa53d88c0080b918f0c

http

985 B
5.6kB
8
7

HTTP Request

GET http://stat.anquanxia.com/ad/update.php?country=US&systemversion=29&packagename=com.heuer.helidroid_full&cpu=&stasdk_game_tag=%E9%A3%9E%E8%A1%8C&sdkversion=105&fingerprint=google%2Fwalleye%2Fwalleye%3A10%2FQSR1.210802.001%2F7603624%3Auser%2Frelease-keys&imei=null&model=Pixel+2&android_id=1054a0bb5eeba9dd&versioncode=14&brand=Google&uniqueid=6944bc33-7f56-4cc1-8f19-c5ff4a924e02&key=58c78a21df71eaa53d88c0080b918f0c

HTTP Response

200
142.250.178.10:443

tls, https

1.2kB
40 B
1
1
142.250.187.238:443

android.apis.google.com

tls

4.1kB
7.8kB
19
19
172.217.169.14:443

tls, https

128 B
40 B
2
1
142.250.200.10:443

semanticlocation-pa.googleapis.com

tls

1.7kB
6.1kB
11
11
142.250.178.10:443

semanticlocation-pa.googleapis.com

tls, https

7.6kB
40 B
4
1
216.58.204.68:443

tls, https

645 B
40 B
2
1
216.58.204.68:443

www.google.com

tls

8.7kB
12.3kB
29
40
142.250.200.46:443

520 B
10
172.217.16.226:443

520 B
10

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

172.217.169.8
1.1.1.1:53

stat.anquanxia.com

dns

64 B
80 B
1
1

DNS Request

stat.anquanxia.com

DNS Response

107.149.163.133
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.187.238
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
304 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

142.250.200.10

216.58.201.106

216.58.204.74

142.250.179.234

172.217.169.74

172.217.16.234

216.58.212.234

142.250.187.234

172.217.169.42

142.250.178.10

142.250.180.10

216.58.213.10

142.250.200.42

142.250.187.202

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.heuer.helidroid_full/files/stares/updates/sta.jar

Filesize
1.8MB

MD5
2c7e5cf6ce19853349cf4855aa6f6c2e

SHA1
79ae3d41e9db5e2c18678a24019938158cf41447

SHA256
9343c0370eed443445df91033156e60ba5416de9f8a63e5d555b67b8a76e6191

SHA512
5451363363dd55b9ea79186d3ada8de2658b72df194a3db3a087ab4abf8218723ffb5de92f3e785ab7fea510e8a7cbdadf33db842fb22c52a33551dcb748121e

Download Submit
/data/user/0/com.heuer.helidroid_full/files/stares/updates/sta.jar

Filesize
2.3MB

MD5
c6c63be3b89eb603f4627853e1607e4b

SHA1
766971709d8dd316dabbf8e11acb03744ec66ae2

SHA256
74e9a4a0a3187ca1c65673322a56914e4c9c256b7a67445fab5517cce176e366

SHA512
c5985e1763466d2ed918a43e38cd60198ba8ae7789343a135815e010be9bf04f77a7a904238b41b394690a65b077cfc8da388af38b80d23267dfbed452f60baa

Download Submit
/storage/emulated/0/data/.systemid

Filesize
36B

MD5
0f8b0c7a51a18c6fe0716e619bed8dd4

SHA1
cef4717f06232a144c4073e227c4ddec19bc7e79

SHA256
d970acbcf070d8c88576745ce4f79f4c2d530981c1fbae872304ed9b6d1b2e1f

SHA512
cc664f0ba9c2e563f1093cb9b51487c4c3e5cd53f5d2bdc2400d648c1cce6bc4a2171d6e7e8301957c6009e6338c51b18a5dd71f3d4e4a6188ba29903ed693b4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.