Analysis
-
max time kernel
172s -
max time network
186s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
23-05-2024 23:51
Static task
static1
Behavioral task
behavioral1
Sample
6cb184a701a3fd962acc1142c1fe6431_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6cb184a701a3fd962acc1142c1fe6431_JaffaCakes118.apk
-
Size
17.7MB
-
MD5
6cb184a701a3fd962acc1142c1fe6431
-
SHA1
9131cbac9268b6341938ba4f0b62e9f3d82f23e0
-
SHA256
87dd8db1811ab1d284e6bef69c025ec767ac05e57fce2ce3508e0cb6c0216e3e
-
SHA512
9d49e8c547d72f64aec12c7bf7a3e9e53cf4f0f567ed794043acc5650b39673d055134b956060a7fd7c7f197c5fc3dc66ffb85810779945d8ed81406a1ddb34b
-
SSDEEP
393216:kL3ANVeKiPtIRzpF5DVa/k4j3mvwFynu4ZN/p28yDpGJ6n:kL3QEtQVDVazjXFidT/d24M
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.msyd.clientdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.msyd.client -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
com.msyd.client:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.msyd.client:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.msyd.clientcom.msyd.client:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.msyd.client Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.msyd.client:pushservice -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
Processes:
flow ioc 25 alog.umeng.com -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.msyd.clientdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.msyd.client
Processes
-
com.msyd.client1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.msyd.client:pushservice1⤵
- Acquires the wake lock
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.msyd.client/databases/DB_MSYDFilesize
44KB
MD5a543b9861f1475b07e0dd6f97923acbb
SHA17755d0cf251a693417e20d362566ef445e62eba8
SHA25685379ce5b9f984c30aa8e586c0e55e622461821ece7b738bc2aab956ee933e33
SHA5129fedb5d96ac9156a426183d892c088faced3781f7dedf162da4609dff9c6b043e42aaa6d6ccf6313a8f603a0a5433ea31a49d7748498551bb99867b279f8a42d
-
/data/user/0/com.msyd.client/databases/DB_MSYD-journalFilesize
512B
MD5736432a2a1ca56f7ad5290f46ba9a603
SHA119065f0381dd42854477205bb3740956d7a8163d
SHA256ffdf1a71f74924c3de29c312e1c2d7ed439784ef867ef4221a232c855ba15c3f
SHA5122fbdfc3b3a548c8782537af6ed021a9bc97c76bdbbe740935d30102fd192471465e5a20a247a501106602bc6be7ced07db7c7493cfa03d8717fdc1b73370d5fd
-
/data/user/0/com.msyd.client/databases/DB_MSYD-journalFilesize
8KB
MD567d337ebd4026b91304ce9066d42160d
SHA11d246ef6779a4beed53886f18baa49d9f2723364
SHA2564b123f0d15ccb12538fee9aafba08968d5919bd2e317065795c3372a4883b345
SHA512eacac5e65f77e4374f836df9736869e2e7e6ebf26572bdbf354f95fcfcb233a1561c49635c97f646ad7061957cc889224088c064fb4564598d5c832e95bd9d23
-
/data/user/0/com.msyd.client/databases/DB_MSYD-journalFilesize
8KB
MD5baa81362b1c29734ed53f38d9dd1e992
SHA1c43618dbe23fe0f8f033828cc33582761de7d38a
SHA256829658e0b1f319d3e0db5dea42e078c5873830f0e2bb2587fdc47fcbdaa09229
SHA5123bd726c4ff8a2afec46ecf6e7907a128b3f96b3b0d350431b2aa8a57c666046e4115e3937075e630d951ab33514866a0afc85ba5901e86bc328a4ce4ae7cbcf8
-
/data/user/0/com.msyd.client/databases/recordFilesize
20KB
MD5d7c412f3393ef62becb8fbeda2672a4e
SHA1595be27badeea05145b3c4f91d33397894a14786
SHA256325519e82939224eebf346f26810d306cd2c5a772e675d48aa8d14080af10a8a
SHA512af610f43e98f926fa2ea635efa204803234a95f016fd8b2655159c8ab4bb169350f20c5e5a312f7397f5497644ce366f55f90bdc4ae998d6a9293814b1259d3f
-
/data/user/0/com.msyd.client/databases/recordFilesize
20KB
MD5170be37be56814009644e2ebfddd155d
SHA12865a6078fb1e3a1094dc3c64f6c4a66c97fcf1e
SHA2561e5537b6c2aa291bd9ff6274a2d4ede84eab925dbc6d2eb250e1b4521ae129d9
SHA512df555e5ea60ca5516a97efafd592beadbfe8896cadf45fe19431898d05e0bb8231a003bade2c0e2c1bef891b4044999cb087e2cd3a4a2014b6cfd8e2b0fb1bf2
-
/data/user/0/com.msyd.client/databases/recordFilesize
20KB
MD513b1da1088152007c4061f106de84c17
SHA12bbcc1fb4ad93c4c644ca8bac62b507d9796d3c5
SHA25669c044f9510d967af153e6cdad819d8cdbe21ff4ce437ceea429dea2c3663ef8
SHA512390609fec4a38b2bd2ad194f4ea5569d36a58801b5e356cc217e00ca1f0210cf2ceb523a9b55b8b2cec4676ca48418cfce236c07b88084d4261d00349912dad2
-
/data/user/0/com.msyd.client/databases/recordFilesize
20KB
MD58df3d1d0140b2ba40141f58bcb057505
SHA16976c9c0ac0a86e8ce5941e3e5db0347de6b2cc5
SHA256447895f89cf3dac3b3e7b2cc128131baca3d0b819c5f59c7287cb0deead29b62
SHA512f3be8feff02a5eda406b4d12f9e709ddf7e5c4c67ad0bd24c5b8068e8ce1e4387f4593dea0f138132e478d15972cf534f71dea27da50f2d5911f0a6c22e814f4
-
/data/user/0/com.msyd.client/databases/recordFilesize
20KB
MD573f619e9184c5059a157004bcd9064ec
SHA1b3151366365609c371cc4d4dcebbbf82c78ef77c
SHA2561329fa34fee79c6b409c107cc8fbdc26aa1428456f38e8d60e3a351e9d5140e4
SHA5123486505af469685eedd2985b8e48c7ae67c4556f11bca5b61fa368c21f8f30be2923074632ba5e45d36a3f3aa0038a53b5f862e09640e0048f53e14209ebbf0c
-
/data/user/0/com.msyd.client/databases/recordFilesize
20KB
MD59e4a2bcc4853422ec277eeaba7e2068e
SHA17e77b9692dcc71999f67c6bb75229769de7e9daa
SHA2561741724e35ce722b3dd061d226bd24e76aded33b7eb3938b992c76ee2d026149
SHA5129256d4a030366603a24cc415c65fa4402fb576b6acee6e7f999a5365cb54a26b4ba9997480766e50b61459562e7365cba594cd2f9df92b588ca2931301dc4d0e
-
/data/user/0/com.msyd.client/databases/record-journalFilesize
12KB
MD5138e8643df6d77dc28051ace9cfc6b7d
SHA1fe2f6674fbd92bba258c30bfc3118487cb42d804
SHA256e3fa438946a64ff24e7aff947031f67f8271afcc8012f1463747af46573346ff
SHA512df0a1079b5f9145d4c9fb943e2b85f7dbecaab05f871b0c603acd8c68583653b06a961988b5f48d767f9600dcf77e512ac8c66b831f45c1166a51e0e23cc7d23
-
/data/user/0/com.msyd.client/databases/record-journalFilesize
12KB
MD55b19230eb405fd6509f5c4c86e7240e2
SHA14eba56a45d0c35700cd26ed435da3a7bf801637f
SHA25676f78b428d315b01786d6361a9e1b940aeace9f7e3dc668fbb89ff386266d0c0
SHA5127d8476732b83aff0eb80d04ef969068927a9bf270d3d578cc3c49ebaab98e7079f53bc2db180e1529ca903b77d684d340f2ea6a8ef1408f6a520aa57ac3b1095
-
/data/user/0/com.msyd.client/databases/record-journalFilesize
12KB
MD5ca1c52e952b3b079ac0687e672127fec
SHA142207ec8f833b198a4bbe5a907f417432a3fdd1c
SHA256343cbbf37344030dbb61e1afa25e4ffddfa6fd8606770a3e3b665c4bb9a31665
SHA5123891eb987bc4e22697685983f7cb4fa7207d07ab6305571c5e197b6aa8aa9daf26e47158598c90425a32e5ef03db5dc9e96c5789c3bf133d8712c184a795c17a
-
/data/user/0/com.msyd.client/databases/record-journalFilesize
12KB
MD59867e2d0cdc39b0412328eefcbaba353
SHA1f499f32a73dc500f4b30e0c00ed4ee0d511a611a
SHA256299fc2e3a799a88281eb2a5c4486e82253d35fb75e59121b9b33efb3e18393eb
SHA51230f137c401d9376bbcd66afa7adab4663814ff90daa9cbf63188a1d63274adba57fce8db340cc15be642513e4925d30436752cf3087c04ee203dc3a951ec3cca
-
/data/user/0/com.msyd.client/databases/record-journalFilesize
8KB
MD52a39e2c1059606e1cc387866f96159f8
SHA1f73e6f893e16c103660bb187f46cde5014edd60c
SHA25689ea3e8b73b66616506020f3236aa7640d9518b26d735a976217958ee5749a49
SHA5129e4e9f8efa8a6bd63a7a613a5e761cddfda8b5326b1a57370ce9b25eb81fcac792bb5f250cabe23190ed2bd85d600246e97017a1f6f80c77f25cbed3392cc99a
-
/data/user/0/com.msyd.client/databases/record-journalFilesize
8KB
MD5c1e013649e1ee34de645f4e42c4153e4
SHA19b80fd347b3ea65e13c44d2f6071d9d227641392
SHA256706a49f601d36aa6b36ccbbba75a6b3e75df4837b1aac3e5c5ea43c0c4833fc2
SHA51219fddb8aa720f1f00b55cfc77818990cb3879c1bcc42fc0d61d3ee5b7dfb4579761b83b475632e6b1dc13b823d0f8054ae11a731084aeed8dbe866cfddc2850d
-
/data/user/0/com.msyd.client/files/mobclick_agent_cached_com.msyd.client17021309Filesize
588B
MD5fd1bb0d114ff59176938e7259c92af4c
SHA1ae716b18e61497ea74f29da3414a717ecbeee14d
SHA2569f28e96b1e277d064b04f4fe9ebf4073718f74682e7de8ebac1bf809816fc876
SHA5128553084d93676b3949876cb8765512550a7c79d1dcd2ec01a61dc96e793e87a034595f5ac7beda1cef160f95a032400da78f2f41cbff9bc0b2488fd17aefd233
-
/data/user/0/com.msyd.client/files/mobclick_agent_sealed_com.msyd.clientFilesize
527B
MD5ef204ac1b7b93726244eedf89a742855
SHA1ede56dd563be0b78471e590e9e6822ea81a819c3
SHA2567a132a15a3509379dee4ab096873328395e103dbe21c65f2ee53015dd36161f5
SHA51279fbc61dd7c6d359b381849f169a7dadf9b78fe8f98e5e29ce4e8ddef6619ab8a76762ba4129ee1393366d1f29e236813f549bca12fb5c649a5c60dc7783ad63
-
/data/user/0/com.msyd.client/files/umeng_it.cacheFilesize
4KB
MD500a2b62319ce96c715d8e1f3ffb1dd15
SHA127cab4d7015a7dc9006b0881776d7286f43f4c20
SHA256401715510a546b00f5237009a6abd8a282183bd1bf6e617cdb6e2de6f684004c
SHA51277fce5382466623032b72440859af738afe4658459b8ecef66ea95ec548a7424e76c260ae63ca1190117de7c118704d01721197cf53ea7ebd2b53af356f994c6