Analysis
-
max time kernel
176s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 23:51
Static task
static1
Behavioral task
behavioral1
Sample
6cb184a701a3fd962acc1142c1fe6431_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6cb184a701a3fd962acc1142c1fe6431_JaffaCakes118.apk
-
Size
17.7MB
-
MD5
6cb184a701a3fd962acc1142c1fe6431
-
SHA1
9131cbac9268b6341938ba4f0b62e9f3d82f23e0
-
SHA256
87dd8db1811ab1d284e6bef69c025ec767ac05e57fce2ce3508e0cb6c0216e3e
-
SHA512
9d49e8c547d72f64aec12c7bf7a3e9e53cf4f0f567ed794043acc5650b39673d055134b956060a7fd7c7f197c5fc3dc66ffb85810779945d8ed81406a1ddb34b
-
SSDEEP
393216:kL3ANVeKiPtIRzpF5DVa/k4j3mvwFynu4ZN/p28yDpGJ6n:kL3QEtQVDVazjXFidT/d24M
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.msyd.clientdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.msyd.client -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.msyd.client:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.msyd.client:pushservice -
Acquires the wake lock 1 IoCs
Processes:
com.msyd.client:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.msyd.client:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.msyd.clientcom.msyd.client:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.msyd.client Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.msyd.client:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 11 alog.umeng.com -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.msyd.clientdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.msyd.client
Processes
-
com.msyd.client1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.msyd.client:pushservice1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.msyd.client/databases/DB_MSYDFilesize
28KB
MD5c6d4cde82fe9484f92da61c073d7c9e6
SHA12797facb734ce0419831f85cc145f41db66b15d7
SHA256e6b3dd97146949dce7333e7bfdda207da186bf54d0d1696a97aa57316f56ad07
SHA512c26cb8083ea369ecc75c9b1b0265b277bccf2b3348e1626cc47c4e5345efff9f02366868a18f889738fac881bb3d41531aa10261d28afa6ac16fa38eee0ef488
-
/data/data/com.msyd.client/databases/DB_MSYD-journalFilesize
512B
MD52933edc7b3f33a59f5fbcac1998cb5a0
SHA1471a978ea41ccf040bf747e011002de8cb3ab4ba
SHA2561a77c32781b78374df7e0202b932c951925c39f5c520297cba047e2e1daf3613
SHA5123a5af70e7b94ca8a1c054ccf898b071820a68a0425b3e070ff65d98bf9166879cc147e81bf2ef1b89641d32b03f53ab4c7c35645c488ed9728c6a5870165afdd
-
/data/data/com.msyd.client/databases/DB_MSYD-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.msyd.client/databases/DB_MSYD-walFilesize
88KB
MD54fa1289539769455085179e1af5e8157
SHA17a9aa168f3672bafc9f4fe54618f08665e4f2765
SHA256993d913bb3d7dadda618815e2c492659ec831ae06113105541039b6f8b1e3e9e
SHA5129407d716a346d557d745d938855343928470caca59af1425340f723d0bf7475d429416ea343586cb24f64f1d2a070ea5bfd1ebfd42c1a908e537ccd178c7440a
-
/data/data/com.msyd.client/databases/recordFilesize
20KB
MD505ea4b6aa62574933a66f73d1b2eb268
SHA1f370cf4fadc1ca6cbe626fd9cbfb6166dc49ab08
SHA2560ab3d2b3eba341e6dd3a0d136a5295a36972c90f97a64a49b475571d1fe27f42
SHA51298e4f6fb3ed54e0f340a9b2777f2c5d5dc00e660170c0fa25a7f8162180242010570d12f61696e0c10ce36f88ed280e7b31c78c67bc50caedffd9d00a50993fc
-
/data/data/com.msyd.client/databases/recordFilesize
20KB
MD5b09085748aec9cb2041ae353ad9616b9
SHA1d73c4b56ff4998208825d4b09545933c527f5107
SHA256fc37e4d824c90213a4b61b54cf8b2e0d3a00db39b7650bb2734e723ece8c19b9
SHA512e21351efa83722a8885848e9da965540463b62401c0e550b60f84c8e67e891d0629b92fbc690fb66fa01debc58c674ed763b7578814c90429b028cd68c9a3be2
-
/data/data/com.msyd.client/databases/recordFilesize
20KB
MD58f35367f09609bcdd4c5c7201cca953d
SHA19061568aa2859c7d2cf7b83af0d55b7fab8f3351
SHA256f4769d70f5ba34dddbdedb014e8540f2809188383750fbc048d32bce3963aa07
SHA5124c383ba95ebd47ad5ac4628c90d7d70fcc17839866791855c2f9b11807ef1c4897c3def91f94d26a526298deea5d6820663786a52d75cd119aaec947ec527a47
-
/data/data/com.msyd.client/databases/recordFilesize
20KB
MD5a188b01f5d8bf4b1f916b7b893466dd4
SHA13cde8e45c70a18dabfc266e28ae2ac78bfc5b6c2
SHA2564f377ea080896e111b7326780191352e57202dc27a584abc08e9fbcfc22f34bf
SHA5123cdf1a005749278c5971bbbfd70cf9a891f64ddf5a97a768559cb072827b27b0e4f3bb27f6a50a3a823e1e3d35996c66a745033e2d6e2a02dd2bf57d13bc1360
-
/data/data/com.msyd.client/databases/recordFilesize
20KB
MD566405c33860db3b493e6d7b92e9eb812
SHA14687e2f2bbde562b9a636f40cf1e0ce4ce175bdf
SHA25699b3fdc551cb3da9341c962f3eb7eaded2fbda914bf5ed3f50559f6a5a1ab295
SHA5122a78fa009dbb0c9846994d0ee866d75497fa258ffc03dc9d081a6e1d4e9798dfbaccdc8bfe87fe1eff4f0e2870d9ed4ea845b2990ea71625f22638d59a29f2ec
-
/data/data/com.msyd.client/databases/recordFilesize
20KB
MD5245cffafb0aed75fe7f3269ebca68029
SHA132a21e7edefe4cac92f2fca97ab11cd5f18bee88
SHA256b5cd05212105c2a799d74e3973cfe1218090ddd82f1da55b042004bf4a43f82d
SHA512305d398ccec3bb84d0d30113ee3e257b278111cbfc192a00c5a02855d871a94e1195be125e720f0e3c0b6f5bc00cba5860c9ecf69703ba5092c6d0a2ca4799b0
-
/data/data/com.msyd.client/databases/record-journalFilesize
512B
MD57afab05413a00dbc05b4aa629ca45550
SHA1a9b789ea1ca100ded5b8fb1c15a89e3532ffc069
SHA256b6c940dc97b5781189cb4f3941a53ed119c9ba28fb2ea1e420d68dc92657f6b5
SHA512cd5f372a949c0e56bb93a6c18ffdc55cf3619db3f02c7f4bdc1a92b1adbe41ab9945a071933e3c64546ef8f19a99ae2be599eb5d8d0012ba9fc547b55498a6de
-
/data/data/com.msyd.client/databases/record-walFilesize
8KB
MD51e92b7af49a89d8fe2de1b4e85dc8da2
SHA184680132759af7a3c485e6e29df0863c4c7172f5
SHA2569661c20be9c0da65896134b4ee60916465b936187fbafe96d69b283f823f895a
SHA512e291b021903a33e1b2c141bbf972b1fa8b03e1e442f9247a360178135c430286216453e5bdd57f1b963a66829482e8b0dc802e8ffd3c541fa5bb43a013697ae3
-
/data/data/com.msyd.client/databases/record-walFilesize
8KB
MD5fb8de91159b12dc0c0129236c92a154d
SHA1c45cc95fae9a2abd2c3f33ff599aa210377084fc
SHA256496532dccfb87deef1839b72519f8da54f6dc46c49da9eca614c030cf659cd01
SHA5128633a6bc8a643371baee8b16a045e3662b20df2014921b638eb54c481f573dd494f0bbd917ccb98d3f5ac4eed8f0a7885cff4d55df2cad12e22c4da28e012a65
-
/data/data/com.msyd.client/databases/record-walFilesize
8KB
MD5b88992a3684519ea48611bca7330b1be
SHA19836f4325a8050d76ba416f461ced48e220b8e05
SHA25670c5feae18d651414926f97bac7e2a2d0590daeaa36c386f5bde2dc30fb7b7b7
SHA512bca3eae99ec13b94c23b91f7e7c1cd85c27d0c67b772c975d50140b9ff0cce8a01594a90f0c7b95dfe18046177d73b0d4faacd24ce15eb25bbeb8abd23e61541
-
/data/data/com.msyd.client/databases/record-walFilesize
8KB
MD5ade1dcc4d2f22f02703fc54724fb8761
SHA15573f3686b94ccc5ca21c16983814556321287e3
SHA25662b04a521229c0680653ec81732379374ceb701abdedfe2addc57f3ffca7291f
SHA5127c52a44fa967ca9e6021b9ee2935df45de91d3d207ee17577c50006bc0d42ef3ed24f065a466b3b57b387635d71043bc4f0e79ff12166bf23862230eba413db7
-
/data/data/com.msyd.client/databases/record-walFilesize
8KB
MD56be3991741399c9877194a63df5da042
SHA16a729f1c5e48518103e5ae1fb97a950fb81ed399
SHA2563708e19446a80767d2c516a726adcf2790da28f1dfde1357ff838daa2981c62d
SHA512c2ec628b2c794b47a8784cf009b56f03646be130abf8a9a5b213dc6b998da98c2dcd869499f7fd0f43247ca55b0f8275df31b12dea758cf16c9d8845b84c95f9
-
/data/data/com.msyd.client/databases/record-walFilesize
40KB
MD59da0900b3e23e353a47c29a0ffefc200
SHA17c21c082c62177c1afe5846024993badb8f79dc1
SHA2564b84cf97386535eae942aa35e271657b5c7b1dfaa636629ab421ecbfadc852f2
SHA5127d5b25ef13d4af2b8b579108ac3667a1bf492bad87e6e6b6b91fa7f7a4b45884efc4830fd824bfe4b67fd994d8d3a4debf8a975cf6fab29897baa511c3e03c11
-
/data/data/com.msyd.client/files/mobclick_agent_cached_com.msyd.client17021309Filesize
649B
MD5bafa46f0ee47fb7a6345cddadbde0e7c
SHA16e643f605df3d6e2b734d992e8fd5e8819172244
SHA256b77415e5366136b558a415ec18b7a206b846f8960e6b801e82ff63db8163a493
SHA512c34bb9c56f362c474c4b3cc6db3aee5c2198ce2f0dc8e451c95226b6f97c8b18bcdece0e57e7902eabd5c6efe385a0f60a9080785fa1312c52848cdbc61de50f
-
/data/data/com.msyd.client/files/mobclick_agent_sealed_com.msyd.clientFilesize
553B
MD574eb3ac200f933076faa6b617468238a
SHA151a1a3343a627a77c536449bf4fc01c8ea16a728
SHA256249df2ebf1347c81d47916bb73563e60d38f1a49765a5bb18f7c4c63edd324f6
SHA51236c96515cd20ad0c30cd445c1642cb0b4b3050ec2e7c0b5c4323b8d344de1c9989d6c82b529df4b26e5c1fe04130bcadfe6ce7409864a6ddb7ddca7f3288c989
-
/data/data/com.msyd.client/files/umeng_it.cacheFilesize
211B
MD555af500d7fc0c54ea7cb200c4c6aaadc
SHA130ec24b73665d787be05f6460f4017e64167ec1b
SHA2564ea8ea8458dab0871ccee319d8ca7e4542b0e17763436cd66eacc5a6b0d3b88a
SHA5124f319dbb792c510fb34b9903aa867364c0cec93c339af8b2b145c0661d790ab950baf8d17482ebc0780ca937dedaa97d5cd5055d10a99c39bc4d9bf9e31e4675