16016c229e1a2a714422d73babdf93169efa8383975312bb2846198f7ac45b17

Analysis

max time kernel
179s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f6b469d2664a0172fb451b32f66c048_JaffaCakes118.apk
Size

30.5MB
MD5

6f6b469d2664a0172fb451b32f66c048
SHA1

e4d12e2ff32934f09211edeeb80d324aefe51c81
SHA256

16016c229e1a2a714422d73babdf93169efa8383975312bb2846198f7ac45b17
SHA512

ac7e1e4404c38d7148b52f78d48cb5556055c3d17243d0a8d2dbbbc1f89e9a9aa1e3c197aebaa88cbe1723e5135c710968078b4c0026fa87e3d19a5a7db9c076
SSDEEP

786432:ogyqsNjLKD88Yroh6Ugb0jRGogWP1fh82SmW2Uc:og+vKD8DohzwoxD81mJ

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.speedswater.boat

description ioc process

File opened for read /proc/cpuinfo com.speedswater.boat
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.speedswater.boat

description ioc process

File opened for read /proc/meminfo com.speedswater.boat

description	ioc	process
File opened for read	/proc/cpuinfo	com.speedswater.boat

description	ioc	process
File opened for read	/proc/meminfo	com.speedswater.boat

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar --output-vdex-fd=48 --oat-fd=50 --oat-location=/data/user/0/com.speedswater.boat/files/oat/x86/com.blad.iuise.odex --compiler-filter=quicken --class-loader-context=&com.speedswater.boat/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.speedswater.boat/files/cn.gsdw.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.speedswater.boat/files/oat/x86/cn.gsdw.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar	4371	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar --output-vdex-fd=48 --oat-fd=50 --oat-location=/data/user/0/com.speedswater.boat/files/oat/x86/com.blad.iuise.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar	4339	com.speedswater.boat
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar	4398	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.speedswater.boat/files/cn.gsdw.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.speedswater.boat/files/oat/x86/cn.gsdw.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar	4339	com.speedswater.boat

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.speedswater.boat

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.speedswater.boat
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.speedswater.boat

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.speedswater.boat
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.speedswater.boat

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.speedswater.boat
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

23 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.speedswater.boat

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.speedswater.boat

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.speedswater.boat

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.speedswater.boat

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.speedswater.boat

flow	ioc
23	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.speedswater.boat

com.speedswater.boat
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4339

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar --output-vdex-fd=48 --oat-fd=50 --oat-location=/data/user/0/com.speedswater.boat/files/oat/x86/com.blad.iuise.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4371

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.speedswater.boat/files/cn.gsdw.jar --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.speedswater.boat/files/oat/x86/cn.gsdw.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4398

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
36KB

MD5
6da72ce10d7917dd89526bff1ed7ad5f

SHA1
46a8a2e7b8decb232868099ecd9c375a60e78786

SHA256
896cab1706868ea6de446c924f44103e61a8ef037bc4e6aba8f8137e603962be

SHA512
a54e2e32eebf16d62888bdfdb65aeb14fb18b0fba2cd3ee7196ac62b88e08f370e94f75431af2d8f0d11e3a7bd3eb5a4e576d564dff19069eb3d49f6bfc9a32d

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
512B

MD5
0158b13493db9b9e7c0831b317d6b32e

SHA1
b65df510dee698ebdf7807be3d0d3a5df274c6da

SHA256
91dd4a2985180921f70351f567f2ee837d30088c82015dfa1268740a247b1001

SHA512
cf7ac0c97765bfc07fa8a25144d1638c0e690cbd8a3c6765044d5f6ce1958a7e0b7cf1645d53fc49bd60fe5627114653ad2d1f1681b3545b1897877259125160

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-wal
Filesize
48KB

MD5
70261466aa5567ea8ff59bd67c51d933

SHA1
6608b153dc6fbadff9983dcfe32a0ad6e16082c4

SHA256
94d79244a2b5d26294922ed7792c7b31c1dfae4deac22e9e7970c3713c125267

SHA512
0de625fb79040aa79fbfab1ce30329bc8b35a043fcc3e45ce28fd8e16c742672c3212c4510d35972459813f4a4915c9e5ce48fc3c878c7d0001ff54b478868b8

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-wal
Filesize
28KB

MD5
dda5eb85468394aa326c999e31ad1027

SHA1
78e869fdfbec1bdf9ddfa785911a5446e37fe2b4

SHA256
dc4b4188b4ed9ecf3470fcfc1faae80d2cfa41cab4680690ffcdf358479252b8

SHA512
0a7000c699b789b99584f92b16de5d7e9ad77e7b662f65b2c923de773ce39705df0c1867a81034fd7f030fc677d4acb5b15bf993a61e00be9df61b0c3247bb3a

Download Submit
/data/data/com.speedswater.boat/files/.FlurrySenderIndex.info.Data_E9QKPV35ILS1BQA9SYLC_150
Filesize
42B

MD5
aca11232d4091d98d75dafffff294414

SHA1
662b41adc441f5e66316b9ca994c34887a5e3399

SHA256
6c02019983f1381aaa37a7681a72b53c37565e0a89303e4fcdfdec016a97b0fe

SHA512
8d5048790793318ac052760882c2280557d3c162bed88fb8b9fdb054644caf1a0cb7bc0fb76d98cd7d07201b37956e70aaf69097c68a09e22a0762d593d4a7db

Download Submit
/data/data/com.speedswater.boat/files/.FlurrySenderIndex.info.Data_E9QKPV35ILS1BQA9SYLC_150
Filesize
4B

MD5
f1d3ff8443297732862df21dc4e57262

SHA1
9069ca78e7450a285173431b3e52c5c25299e473

SHA256
df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

SHA512
ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3

Download Submit
/data/data/com.speedswater.boat/files/.flurryagent.ca771bb
Filesize
58B

MD5
8f49e983713e6407ba4dd95d52898684

SHA1
e1c2cff216f2be4e0144f0fe52fc6761268adf3c

SHA256
b27ba5caad3e34c3df08abbbf34e230a551d2dda69b22d365fb39eb4cd533c0c

SHA512
ed35b2f6f0af8125848ddaf7f5d3b9240e9c18443b400f35f36e5e2ef8a06022f7848f2e11e508f91afa191356f5c0bdf987be9210974c9f5e76d41cd67a48cb

Download Submit
/data/data/com.speedswater.boat/files/.flurrydatasenderblock.0c195b62-4631-401d-8431-fd075bffba3a
Filesize
276B

MD5
0dba5f59061cf22a50ec25cfd89baa85

SHA1
1233bc527d7b91053d9ec329cffa6dd694098ac5

SHA256
71b97dd06d45bfd5fa1ed6ff1ee09f52726a6b62c587fc44dfc3c9124a38b836

SHA512
bf47dc3072d5859dc4751471ca2eccbcc0061a90bb6461b79a68d2eee629b1abd8fd3511a2aa3bfe92ad6943a8c5de23a1109943b041c2bff3723f677a7ad6e7

Download Submit
/data/data/com.speedswater.boat/files/.um/um_cache_1716574851761.env
Filesize
1KB

MD5
8c780ef6af0d0fbf7c36cd998c45ae04

SHA1
50b93f5c417900c2b1b9ceb7734077fb6c90eb4f

SHA256
9eeba0cdee3bb41d31d292cffbe0be11f11e662496389ea078caa6346c32478a

SHA512
f8edd3e208fb6971bd8dde03815044bd5a9186b360d66e3b4bb14a04955efee6add11617f9efcbe8bd9a24aa8cd8bd32aa927624a8d078b1a94bb251af5c42b9

Download Submit
/data/data/com.speedswater.boat/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
6fb748fb7daf14fb9ba258d6ffb6b304

SHA1
5b89e7d279bfb3dcd977d34de430b595ed910ed2

SHA256
081522121dc0eb706abc40832d39e8f3eb8fa8bd44d8f305ef91ee0565b0b489

SHA512
f3f8d374cd3761ad4580c3ded5643f9ab8dca1d5c121fe8979eda05519f278c2cd4aa99766df5240029e6281f6ae67f0fd221aeb69f26169dd6ff7b6a8770ecd

Download Submit
/data/data/com.speedswater.boat/files/cn.gsdw.jar
Filesize
215KB

MD5
3e6dc4daf00097937e5a3d38e3fd9c47

SHA1
43e07cfa96e03ef2ec22f0b267b0c43bc2447e57

SHA256
13cddacc9f95f85a699d08cab7ff3a9c54ab9dfee3c4f2fae6f561fce9b762a9

SHA512
963df2871f784cc48b770e499d0e9e8b45f59b1b53dc6e064a31d4e83891c93a258469dc76e5e3c0e87ccc946ff537a7a5a13a99defd4e54f48d07819c159e22

Download Submit
/data/data/com.speedswater.boat/files/com.blad.iuise.jar
Filesize
43KB

MD5
d29f9a021e4d797e3d724dbcd5171fa0

SHA1
797a598bf1ba23306e196e961721744f01c7f046

SHA256
600bfd6f8ec7420c0007958b0e4b87662e7414afcec615d9af821f5caff77c4c

SHA512
a3aab012a439c9523a6448c4ac3c8ab551ec910becc2a531579bf576eeb2cea3efe708d27c90d411caace7ac50565383f0ff62acc71e0c62a18c285136df9c37

Download Submit
/data/data/com.speedswater.boat/files/mobclick_agent_cached_com.speedswater.boat12
Filesize
2KB

MD5
32d7e334e866cd59b6b127a9ec0ac360

SHA1
beef88b0a48db0696de7c352b4df843278c03343

SHA256
56aaaefd365cfa3ceca5580d819fc7e383e4252bad9ae0ac7fc35552eb885ed1

SHA512
640d104a923cd79beb401b45c27d1afb6226b86e6f5b9afccb6c774c305d20edfdf1fd36008a3adf34fa4359f34847de3c2ddce9664952b100fb06c5c6960ab9

Download Submit
/data/data/com.speedswater.boat/files/profile
Filesize
755B

MD5
e92628b2258b086abfbcc3b2aaa9e8b5

SHA1
0dc196c0017d1b18cc5ecaa9d69bfc1bf93cdd84

SHA256
4e021b8f4cd4d72a17163078efd9bb48642c3fda050220567c2c9dd55baa76ed

SHA512
557a9315b88902e2425912143a113cae4083f5455c79c88b8a41673a8bf8d4d70b3b33501ecc8045d5e7b3bc4476fd70178c1777b112738accdddecd76756dcd

Download Submit
/data/data/com.speedswater.boat/files/umeng_it.cache
Filesize
498B

MD5
39a300abd8a224ca9f158bd88cca498e

SHA1
b486334eb9b61fd061296cee51995fefcf083293

SHA256
cdc59fe1f43ccec58fe0c2b7556cfa704bb52e4992fce0c65b4663e495008ae4

SHA512
81fb90ac0665a7fa1cb555195b59648d323c1ea558b73f8520b471248898944811065125e11806283726eb285f15e6f4c71a2c22156976b2c80ea470b2587c89

Download Submit
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar
Filesize
417KB

MD5
71bb4f237cbf3405b85f61d917745702

SHA1
090aa0e56314054149ddc3683dd44b67eb512951

SHA256
b0b7ad23848055974a6c8e730243ae58035b9de5556943f7dd171310cf761f74

SHA512
8d908026ddb968b2ab013ff793a76f5d7319ce28821b018ae25f2cd466bfc3945d27f8f1a71bad7533b23faa17fdad67409cd0088a88bf61b2379ea92655c5b4

Download Submit
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar
Filesize
417KB

MD5
c5d8987d49d25fa48486f00a4d57576b

SHA1
ce3f2ca5ec4d5e3bdcb3125db502885c414036af

SHA256
3ea43479d4ec679d414969d16bd7722373e3029070d4ff720d75401eed09e48e

SHA512
ee6b5ca955ea0a2495a7b34bf61de29a85ef569d6ae5dec93dfbdf8d01f0b74484de7d4e93cc9b41e4197474cfcb2bb35cd795396282002d6c8dcad7f5cdf11d

Download Submit
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar
Filesize
112KB

MD5
5ccdde9055862aee477cdf22df631b7b

SHA1
55eeb4e44ead26479b80096ea2d1ae5761213b25

SHA256
0f8325abdfbaa858193d4c87ab6243674ea430fb45bd8c0b1c238507a7cd4224

SHA512
6f6cdabcef85d993517573a8b4f194e37b429dd6c7a8254eda4e02e967cd2172376706a8815fafadb0ebf8b8aa224f3547fe2adf98314469c12b98579ff5c0cb

Download Submit
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar
Filesize
112KB

MD5
15c5705d0dbc7deb03281bec8cde301d

SHA1
63bdd70c843e840e6ac365159664d1ffe9cbe5a0

SHA256
b17b4c80c28ded1cc4e8612a3342b0d39a76cbe8484e53d0d20fb17df02fccb7

SHA512
40d51e69353c5b77cad263d3ef113768fba387e5c29f97e45b02d5f8f5846cb9826e7b42b5b1b9130ab4a7fdaaf61721f59d83d73e42a8405fc241680df1b614

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
a6944c6bfa14ffc24d4c699b911e23de

SHA1
a40fb448563548e36102e0cd81bf17fa6669cfc4

SHA256
a79a14ddbf136382b96d47349a7509cf0cc17d48eb028915be2f43dd189bfb87

SHA512
d544889ab73f9ead15c4a07cc05dca779863f8ba66717a3449d9fe29c795a089e2b807d36ba9e1a582400add1baea87075a5760ad83440c3784db7bbfd554e59

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
3367af87059cdad0d9cc93125a51e310

SHA1
b6c9f361b08c3bdb9eb489864e382130f3f3000d

SHA256
5ba935e37d6530935fcf267e90e2d664c11fcc06b94ac3815dd4263287510417

SHA512
3ec01eb775fe2a74c19950d2e1f47395297cb502e95f6c2da524b4fd9cda3b56f18d2a7dfc2d0b8b765d8a94f89c1716eecdfb1f07f945cdb287827d8482710e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
f78c83cfb69b58645c2e747a2213c881

SHA1
12fb84b9c190ed87f5860ec07bb2182cca41125a

SHA256
38f1a14765c4874bc91f63a92404213d1a75e1fe830b27a3446c20e3c772b0fa

SHA512
6bda5e0d6d01feb1fdb73637aeb6dadaaa0db06dc202e5caff0e635636f1b18e11cab1055bc171ee47e6cdcc3b57ab81c4d2b571f23b2bf6660aaa1755f197df

Download Submit