87dd8db1811ab1d284e6bef69c025ec767ac05e57fce2ce3508e0cb6c0216e3e

Analysis

max time kernel
176s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cb184a701a3fd962acc1142c1fe6431_JaffaCakes118.apk
Size

17.7MB
MD5

6cb184a701a3fd962acc1142c1fe6431
SHA1

9131cbac9268b6341938ba4f0b62e9f3d82f23e0
SHA256

87dd8db1811ab1d284e6bef69c025ec767ac05e57fce2ce3508e0cb6c0216e3e
SHA512

9d49e8c547d72f64aec12c7bf7a3e9e53cf4f0f567ed794043acc5650b39673d055134b956060a7fd7c7f197c5fc3dc66ffb85810779945d8ed81406a1ddb34b
SSDEEP

393216:kL3ANVeKiPtIRzpF5DVa/k4j3mvwFynu4ZN/p28yDpGJ6n:kL3QEtQVDVazjXFidT/d24M

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.msyd.client

description ioc process

File opened for read /proc/cpuinfo com.msyd.client
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.msyd.client

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.msyd.client
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.msyd.client:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.msyd.client:pushservice
Acquires the wake lock 1 IoCs

Processes:

com.msyd.client:pushservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.msyd.client:pushservice

description	ioc	process
File opened for read	/proc/cpuinfo	com.msyd.client

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.msyd.client

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.msyd.client:pushservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.msyd.client:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.msyd.clientcom.msyd.client:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.msyd.client
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.msyd.client:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

11 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.msyd.client

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.msyd.client

flow	ioc
11	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.msyd.client

com.msyd.client
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4289

com.msyd.client:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4369

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.msyd.client/databases/DB_MSYD
Filesize
28KB

MD5
c6d4cde82fe9484f92da61c073d7c9e6

SHA1
2797facb734ce0419831f85cc145f41db66b15d7

SHA256
e6b3dd97146949dce7333e7bfdda207da186bf54d0d1696a97aa57316f56ad07

SHA512
c26cb8083ea369ecc75c9b1b0265b277bccf2b3348e1626cc47c4e5345efff9f02366868a18f889738fac881bb3d41531aa10261d28afa6ac16fa38eee0ef488

Download Submit
/data/data/com.msyd.client/databases/DB_MSYD-journal
Filesize
512B

MD5
2933edc7b3f33a59f5fbcac1998cb5a0

SHA1
471a978ea41ccf040bf747e011002de8cb3ab4ba

SHA256
1a77c32781b78374df7e0202b932c951925c39f5c520297cba047e2e1daf3613

SHA512
3a5af70e7b94ca8a1c054ccf898b071820a68a0425b3e070ff65d98bf9166879cc147e81bf2ef1b89641d32b03f53ab4c7c35645c488ed9728c6a5870165afdd

Download Submit
/data/data/com.msyd.client/databases/DB_MSYD-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.msyd.client/databases/DB_MSYD-wal
Filesize
88KB

MD5
4fa1289539769455085179e1af5e8157

SHA1
7a9aa168f3672bafc9f4fe54618f08665e4f2765

SHA256
993d913bb3d7dadda618815e2c492659ec831ae06113105541039b6f8b1e3e9e

SHA512
9407d716a346d557d745d938855343928470caca59af1425340f723d0bf7475d429416ea343586cb24f64f1d2a070ea5bfd1ebfd42c1a908e537ccd178c7440a

Download Submit
/data/data/com.msyd.client/databases/record
Filesize
20KB

MD5
05ea4b6aa62574933a66f73d1b2eb268

SHA1
f370cf4fadc1ca6cbe626fd9cbfb6166dc49ab08

SHA256
0ab3d2b3eba341e6dd3a0d136a5295a36972c90f97a64a49b475571d1fe27f42

SHA512
98e4f6fb3ed54e0f340a9b2777f2c5d5dc00e660170c0fa25a7f8162180242010570d12f61696e0c10ce36f88ed280e7b31c78c67bc50caedffd9d00a50993fc

Download Submit
/data/data/com.msyd.client/databases/record
Filesize
20KB

MD5
b09085748aec9cb2041ae353ad9616b9

SHA1
d73c4b56ff4998208825d4b09545933c527f5107

SHA256
fc37e4d824c90213a4b61b54cf8b2e0d3a00db39b7650bb2734e723ece8c19b9

SHA512
e21351efa83722a8885848e9da965540463b62401c0e550b60f84c8e67e891d0629b92fbc690fb66fa01debc58c674ed763b7578814c90429b028cd68c9a3be2

Download Submit
/data/data/com.msyd.client/databases/record
Filesize
20KB

MD5
8f35367f09609bcdd4c5c7201cca953d

SHA1
9061568aa2859c7d2cf7b83af0d55b7fab8f3351

SHA256
f4769d70f5ba34dddbdedb014e8540f2809188383750fbc048d32bce3963aa07

SHA512
4c383ba95ebd47ad5ac4628c90d7d70fcc17839866791855c2f9b11807ef1c4897c3def91f94d26a526298deea5d6820663786a52d75cd119aaec947ec527a47

Download Submit
/data/data/com.msyd.client/databases/record
Filesize
20KB

MD5
a188b01f5d8bf4b1f916b7b893466dd4

SHA1
3cde8e45c70a18dabfc266e28ae2ac78bfc5b6c2

SHA256
4f377ea080896e111b7326780191352e57202dc27a584abc08e9fbcfc22f34bf

SHA512
3cdf1a005749278c5971bbbfd70cf9a891f64ddf5a97a768559cb072827b27b0e4f3bb27f6a50a3a823e1e3d35996c66a745033e2d6e2a02dd2bf57d13bc1360

Download Submit
/data/data/com.msyd.client/databases/record
Filesize
20KB

MD5
66405c33860db3b493e6d7b92e9eb812

SHA1
4687e2f2bbde562b9a636f40cf1e0ce4ce175bdf

SHA256
99b3fdc551cb3da9341c962f3eb7eaded2fbda914bf5ed3f50559f6a5a1ab295

SHA512
2a78fa009dbb0c9846994d0ee866d75497fa258ffc03dc9d081a6e1d4e9798dfbaccdc8bfe87fe1eff4f0e2870d9ed4ea845b2990ea71625f22638d59a29f2ec

Download Submit
/data/data/com.msyd.client/databases/record
Filesize
20KB

MD5
245cffafb0aed75fe7f3269ebca68029

SHA1
32a21e7edefe4cac92f2fca97ab11cd5f18bee88

SHA256
b5cd05212105c2a799d74e3973cfe1218090ddd82f1da55b042004bf4a43f82d

SHA512
305d398ccec3bb84d0d30113ee3e257b278111cbfc192a00c5a02855d871a94e1195be125e720f0e3c0b6f5bc00cba5860c9ecf69703ba5092c6d0a2ca4799b0

Download Submit
/data/data/com.msyd.client/databases/record-journal
Filesize
512B

MD5
7afab05413a00dbc05b4aa629ca45550

SHA1
a9b789ea1ca100ded5b8fb1c15a89e3532ffc069

SHA256
b6c940dc97b5781189cb4f3941a53ed119c9ba28fb2ea1e420d68dc92657f6b5

SHA512
cd5f372a949c0e56bb93a6c18ffdc55cf3619db3f02c7f4bdc1a92b1adbe41ab9945a071933e3c64546ef8f19a99ae2be599eb5d8d0012ba9fc547b55498a6de

Download Submit
/data/data/com.msyd.client/databases/record-wal
Filesize
8KB

MD5
1e92b7af49a89d8fe2de1b4e85dc8da2

SHA1
84680132759af7a3c485e6e29df0863c4c7172f5

SHA256
9661c20be9c0da65896134b4ee60916465b936187fbafe96d69b283f823f895a

SHA512
e291b021903a33e1b2c141bbf972b1fa8b03e1e442f9247a360178135c430286216453e5bdd57f1b963a66829482e8b0dc802e8ffd3c541fa5bb43a013697ae3

Download Submit
/data/data/com.msyd.client/databases/record-wal
Filesize
8KB

MD5
fb8de91159b12dc0c0129236c92a154d

SHA1
c45cc95fae9a2abd2c3f33ff599aa210377084fc

SHA256
496532dccfb87deef1839b72519f8da54f6dc46c49da9eca614c030cf659cd01

SHA512
8633a6bc8a643371baee8b16a045e3662b20df2014921b638eb54c481f573dd494f0bbd917ccb98d3f5ac4eed8f0a7885cff4d55df2cad12e22c4da28e012a65

Download Submit
/data/data/com.msyd.client/databases/record-wal
Filesize
8KB

MD5
b88992a3684519ea48611bca7330b1be

SHA1
9836f4325a8050d76ba416f461ced48e220b8e05

SHA256
70c5feae18d651414926f97bac7e2a2d0590daeaa36c386f5bde2dc30fb7b7b7

SHA512
bca3eae99ec13b94c23b91f7e7c1cd85c27d0c67b772c975d50140b9ff0cce8a01594a90f0c7b95dfe18046177d73b0d4faacd24ce15eb25bbeb8abd23e61541

Download Submit
/data/data/com.msyd.client/databases/record-wal
Filesize
8KB

MD5
ade1dcc4d2f22f02703fc54724fb8761

SHA1
5573f3686b94ccc5ca21c16983814556321287e3

SHA256
62b04a521229c0680653ec81732379374ceb701abdedfe2addc57f3ffca7291f

SHA512
7c52a44fa967ca9e6021b9ee2935df45de91d3d207ee17577c50006bc0d42ef3ed24f065a466b3b57b387635d71043bc4f0e79ff12166bf23862230eba413db7

Download Submit
/data/data/com.msyd.client/databases/record-wal
Filesize
8KB

MD5
6be3991741399c9877194a63df5da042

SHA1
6a729f1c5e48518103e5ae1fb97a950fb81ed399

SHA256
3708e19446a80767d2c516a726adcf2790da28f1dfde1357ff838daa2981c62d

SHA512
c2ec628b2c794b47a8784cf009b56f03646be130abf8a9a5b213dc6b998da98c2dcd869499f7fd0f43247ca55b0f8275df31b12dea758cf16c9d8845b84c95f9

Download Submit
/data/data/com.msyd.client/databases/record-wal
Filesize
40KB

MD5
9da0900b3e23e353a47c29a0ffefc200

SHA1
7c21c082c62177c1afe5846024993badb8f79dc1

SHA256
4b84cf97386535eae942aa35e271657b5c7b1dfaa636629ab421ecbfadc852f2

SHA512
7d5b25ef13d4af2b8b579108ac3667a1bf492bad87e6e6b6b91fa7f7a4b45884efc4830fd824bfe4b67fd994d8d3a4debf8a975cf6fab29897baa511c3e03c11

Download Submit
/data/data/com.msyd.client/files/mobclick_agent_cached_com.msyd.client17021309
Filesize
649B

MD5
bafa46f0ee47fb7a6345cddadbde0e7c

SHA1
6e643f605df3d6e2b734d992e8fd5e8819172244

SHA256
b77415e5366136b558a415ec18b7a206b846f8960e6b801e82ff63db8163a493

SHA512
c34bb9c56f362c474c4b3cc6db3aee5c2198ce2f0dc8e451c95226b6f97c8b18bcdece0e57e7902eabd5c6efe385a0f60a9080785fa1312c52848cdbc61de50f

Download Submit
/data/data/com.msyd.client/files/mobclick_agent_sealed_com.msyd.client
Filesize
553B

MD5
74eb3ac200f933076faa6b617468238a

SHA1
51a1a3343a627a77c536449bf4fc01c8ea16a728

SHA256
249df2ebf1347c81d47916bb73563e60d38f1a49765a5bb18f7c4c63edd324f6

SHA512
36c96515cd20ad0c30cd445c1642cb0b4b3050ec2e7c0b5c4323b8d344de1c9989d6c82b529df4b26e5c1fe04130bcadfe6ce7409864a6ddb7ddca7f3288c989

Download Submit
/data/data/com.msyd.client/files/umeng_it.cache
Filesize
211B

MD5
55af500d7fc0c54ea7cb200c4c6aaadc

SHA1
30ec24b73665d787be05f6460f4017e64167ec1b

SHA256
4ea8ea8458dab0871ccee319d8ca7e4542b0e17763436cd66eacc5a6b0d3b88a

SHA512
4f319dbb792c510fb34b9903aa867364c0cec93c339af8b2b145c0661d790ab950baf8d17482ebc0780ca937dedaa97d5cd5055d10a99c39bc4d9bf9e31e4675

Download Submit