87dd8db1811ab1d284e6bef69c025ec767ac05e57fce2ce3508e0cb6c0216e3e

Analysis

max time kernel
172s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cb184a701a3fd962acc1142c1fe6431_JaffaCakes118.apk
Size

17.7MB
MD5

6cb184a701a3fd962acc1142c1fe6431
SHA1

9131cbac9268b6341938ba4f0b62e9f3d82f23e0
SHA256

87dd8db1811ab1d284e6bef69c025ec767ac05e57fce2ce3508e0cb6c0216e3e
SHA512

9d49e8c547d72f64aec12c7bf7a3e9e53cf4f0f567ed794043acc5650b39673d055134b956060a7fd7c7f197c5fc3dc66ffb85810779945d8ed81406a1ddb34b
SSDEEP

393216:kL3ANVeKiPtIRzpF5DVa/k4j3mvwFynu4ZN/p28yDpGJ6n:kL3QEtQVDVazjXFidT/d24M

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.msyd.client

description ioc process

File opened for read /proc/cpuinfo com.msyd.client
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.msyd.client

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.msyd.client
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Acquires the wake lock 1 IoCs

Processes:

com.msyd.client:pushservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.msyd.client:pushservice

description	ioc	process
File opened for read	/proc/cpuinfo	com.msyd.client

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.msyd.client

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.msyd.client:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.msyd.clientcom.msyd.client:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.msyd.client
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.msyd.client:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

25 alog.umeng.com
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.msyd.client

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.msyd.client

flow	ioc
25	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.msyd.client

com.msyd.client
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4648

com.msyd.client:pushservice
1⤵
- Acquires the wake lock
- Checks if the internet connection is available
PID:4693

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.msyd.client/databases/DB_MSYD
Filesize
44KB

MD5
a543b9861f1475b07e0dd6f97923acbb

SHA1
7755d0cf251a693417e20d362566ef445e62eba8

SHA256
85379ce5b9f984c30aa8e586c0e55e622461821ece7b738bc2aab956ee933e33

SHA512
9fedb5d96ac9156a426183d892c088faced3781f7dedf162da4609dff9c6b043e42aaa6d6ccf6313a8f603a0a5433ea31a49d7748498551bb99867b279f8a42d

Download Submit
/data/user/0/com.msyd.client/databases/DB_MSYD-journal
Filesize
512B

MD5
736432a2a1ca56f7ad5290f46ba9a603

SHA1
19065f0381dd42854477205bb3740956d7a8163d

SHA256
ffdf1a71f74924c3de29c312e1c2d7ed439784ef867ef4221a232c855ba15c3f

SHA512
2fbdfc3b3a548c8782537af6ed021a9bc97c76bdbbe740935d30102fd192471465e5a20a247a501106602bc6be7ced07db7c7493cfa03d8717fdc1b73370d5fd

Download Submit
/data/user/0/com.msyd.client/databases/DB_MSYD-journal
Filesize
8KB

MD5
67d337ebd4026b91304ce9066d42160d

SHA1
1d246ef6779a4beed53886f18baa49d9f2723364

SHA256
4b123f0d15ccb12538fee9aafba08968d5919bd2e317065795c3372a4883b345

SHA512
eacac5e65f77e4374f836df9736869e2e7e6ebf26572bdbf354f95fcfcb233a1561c49635c97f646ad7061957cc889224088c064fb4564598d5c832e95bd9d23

Download Submit
/data/user/0/com.msyd.client/databases/DB_MSYD-journal
Filesize
8KB

MD5
baa81362b1c29734ed53f38d9dd1e992

SHA1
c43618dbe23fe0f8f033828cc33582761de7d38a

SHA256
829658e0b1f319d3e0db5dea42e078c5873830f0e2bb2587fdc47fcbdaa09229

SHA512
3bd726c4ff8a2afec46ecf6e7907a128b3f96b3b0d350431b2aa8a57c666046e4115e3937075e630d951ab33514866a0afc85ba5901e86bc328a4ce4ae7cbcf8

Download Submit
/data/user/0/com.msyd.client/databases/record
Filesize
20KB

MD5
d7c412f3393ef62becb8fbeda2672a4e

SHA1
595be27badeea05145b3c4f91d33397894a14786

SHA256
325519e82939224eebf346f26810d306cd2c5a772e675d48aa8d14080af10a8a

SHA512
af610f43e98f926fa2ea635efa204803234a95f016fd8b2655159c8ab4bb169350f20c5e5a312f7397f5497644ce366f55f90bdc4ae998d6a9293814b1259d3f

Download Submit
/data/user/0/com.msyd.client/databases/record
Filesize
20KB

MD5
170be37be56814009644e2ebfddd155d

SHA1
2865a6078fb1e3a1094dc3c64f6c4a66c97fcf1e

SHA256
1e5537b6c2aa291bd9ff6274a2d4ede84eab925dbc6d2eb250e1b4521ae129d9

SHA512
df555e5ea60ca5516a97efafd592beadbfe8896cadf45fe19431898d05e0bb8231a003bade2c0e2c1bef891b4044999cb087e2cd3a4a2014b6cfd8e2b0fb1bf2

Download Submit
/data/user/0/com.msyd.client/databases/record
Filesize
20KB

MD5
13b1da1088152007c4061f106de84c17

SHA1
2bbcc1fb4ad93c4c644ca8bac62b507d9796d3c5

SHA256
69c044f9510d967af153e6cdad819d8cdbe21ff4ce437ceea429dea2c3663ef8

SHA512
390609fec4a38b2bd2ad194f4ea5569d36a58801b5e356cc217e00ca1f0210cf2ceb523a9b55b8b2cec4676ca48418cfce236c07b88084d4261d00349912dad2

Download Submit
/data/user/0/com.msyd.client/databases/record
Filesize
20KB

MD5
8df3d1d0140b2ba40141f58bcb057505

SHA1
6976c9c0ac0a86e8ce5941e3e5db0347de6b2cc5

SHA256
447895f89cf3dac3b3e7b2cc128131baca3d0b819c5f59c7287cb0deead29b62

SHA512
f3be8feff02a5eda406b4d12f9e709ddf7e5c4c67ad0bd24c5b8068e8ce1e4387f4593dea0f138132e478d15972cf534f71dea27da50f2d5911f0a6c22e814f4

Download Submit
/data/user/0/com.msyd.client/databases/record
Filesize
20KB

MD5
73f619e9184c5059a157004bcd9064ec

SHA1
b3151366365609c371cc4d4dcebbbf82c78ef77c

SHA256
1329fa34fee79c6b409c107cc8fbdc26aa1428456f38e8d60e3a351e9d5140e4

SHA512
3486505af469685eedd2985b8e48c7ae67c4556f11bca5b61fa368c21f8f30be2923074632ba5e45d36a3f3aa0038a53b5f862e09640e0048f53e14209ebbf0c

Download Submit
/data/user/0/com.msyd.client/databases/record
Filesize
20KB

MD5
9e4a2bcc4853422ec277eeaba7e2068e

SHA1
7e77b9692dcc71999f67c6bb75229769de7e9daa

SHA256
1741724e35ce722b3dd061d226bd24e76aded33b7eb3938b992c76ee2d026149

SHA512
9256d4a030366603a24cc415c65fa4402fb576b6acee6e7f999a5365cb54a26b4ba9997480766e50b61459562e7365cba594cd2f9df92b588ca2931301dc4d0e

Download Submit
/data/user/0/com.msyd.client/databases/record-journal
Filesize
12KB

MD5
138e8643df6d77dc28051ace9cfc6b7d

SHA1
fe2f6674fbd92bba258c30bfc3118487cb42d804

SHA256
e3fa438946a64ff24e7aff947031f67f8271afcc8012f1463747af46573346ff

SHA512
df0a1079b5f9145d4c9fb943e2b85f7dbecaab05f871b0c603acd8c68583653b06a961988b5f48d767f9600dcf77e512ac8c66b831f45c1166a51e0e23cc7d23

Download Submit
/data/user/0/com.msyd.client/databases/record-journal
Filesize
12KB

MD5
5b19230eb405fd6509f5c4c86e7240e2

SHA1
4eba56a45d0c35700cd26ed435da3a7bf801637f

SHA256
76f78b428d315b01786d6361a9e1b940aeace9f7e3dc668fbb89ff386266d0c0

SHA512
7d8476732b83aff0eb80d04ef969068927a9bf270d3d578cc3c49ebaab98e7079f53bc2db180e1529ca903b77d684d340f2ea6a8ef1408f6a520aa57ac3b1095

Download Submit
/data/user/0/com.msyd.client/databases/record-journal
Filesize
12KB

MD5
ca1c52e952b3b079ac0687e672127fec

SHA1
42207ec8f833b198a4bbe5a907f417432a3fdd1c

SHA256
343cbbf37344030dbb61e1afa25e4ffddfa6fd8606770a3e3b665c4bb9a31665

SHA512
3891eb987bc4e22697685983f7cb4fa7207d07ab6305571c5e197b6aa8aa9daf26e47158598c90425a32e5ef03db5dc9e96c5789c3bf133d8712c184a795c17a

Download Submit
/data/user/0/com.msyd.client/databases/record-journal
Filesize
12KB

MD5
9867e2d0cdc39b0412328eefcbaba353

SHA1
f499f32a73dc500f4b30e0c00ed4ee0d511a611a

SHA256
299fc2e3a799a88281eb2a5c4486e82253d35fb75e59121b9b33efb3e18393eb

SHA512
30f137c401d9376bbcd66afa7adab4663814ff90daa9cbf63188a1d63274adba57fce8db340cc15be642513e4925d30436752cf3087c04ee203dc3a951ec3cca

Download Submit
/data/user/0/com.msyd.client/databases/record-journal
Filesize
8KB

MD5
2a39e2c1059606e1cc387866f96159f8

SHA1
f73e6f893e16c103660bb187f46cde5014edd60c

SHA256
89ea3e8b73b66616506020f3236aa7640d9518b26d735a976217958ee5749a49

SHA512
9e4e9f8efa8a6bd63a7a613a5e761cddfda8b5326b1a57370ce9b25eb81fcac792bb5f250cabe23190ed2bd85d600246e97017a1f6f80c77f25cbed3392cc99a

Download Submit
/data/user/0/com.msyd.client/databases/record-journal
Filesize
8KB

MD5
c1e013649e1ee34de645f4e42c4153e4

SHA1
9b80fd347b3ea65e13c44d2f6071d9d227641392

SHA256
706a49f601d36aa6b36ccbbba75a6b3e75df4837b1aac3e5c5ea43c0c4833fc2

SHA512
19fddb8aa720f1f00b55cfc77818990cb3879c1bcc42fc0d61d3ee5b7dfb4579761b83b475632e6b1dc13b823d0f8054ae11a731084aeed8dbe866cfddc2850d

Download Submit
/data/user/0/com.msyd.client/files/mobclick_agent_cached_com.msyd.client17021309
Filesize
588B

MD5
fd1bb0d114ff59176938e7259c92af4c

SHA1
ae716b18e61497ea74f29da3414a717ecbeee14d

SHA256
9f28e96b1e277d064b04f4fe9ebf4073718f74682e7de8ebac1bf809816fc876

SHA512
8553084d93676b3949876cb8765512550a7c79d1dcd2ec01a61dc96e793e87a034595f5ac7beda1cef160f95a032400da78f2f41cbff9bc0b2488fd17aefd233

Download Submit
/data/user/0/com.msyd.client/files/mobclick_agent_sealed_com.msyd.client
Filesize
527B

MD5
ef204ac1b7b93726244eedf89a742855

SHA1
ede56dd563be0b78471e590e9e6822ea81a819c3

SHA256
7a132a15a3509379dee4ab096873328395e103dbe21c65f2ee53015dd36161f5

SHA512
79fbc61dd7c6d359b381849f169a7dadf9b78fe8f98e5e29ce4e8ddef6619ab8a76762ba4129ee1393366d1f29e236813f549bca12fb5c649a5c60dc7783ad63

Download Submit
/data/user/0/com.msyd.client/files/umeng_it.cache
Filesize
4KB

MD5
00a2b62319ce96c715d8e1f3ffb1dd15

SHA1
27cab4d7015a7dc9006b0881776d7286f43f4c20

SHA256
401715510a546b00f5237009a6abd8a282183bd1bf6e617cdb6e2de6f684004c

SHA512
77fce5382466623032b72440859af738afe4658459b8ecef66ea95ec548a7424e76c260ae63ca1190117de7c118704d01721197cf53ea7ebd2b53af356f994c6

Download Submit