16016c229e1a2a714422d73babdf93169efa8383975312bb2846198f7ac45b17

Analysis

max time kernel
74s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f6b469d2664a0172fb451b32f66c048_JaffaCakes118.apk
Size

30.5MB
MD5

6f6b469d2664a0172fb451b32f66c048
SHA1

e4d12e2ff32934f09211edeeb80d324aefe51c81
SHA256

16016c229e1a2a714422d73babdf93169efa8383975312bb2846198f7ac45b17
SHA512

ac7e1e4404c38d7148b52f78d48cb5556055c3d17243d0a8d2dbbbc1f89e9a9aa1e3c197aebaa88cbe1723e5135c710968078b4c0026fa87e3d19a5a7db9c076
SSDEEP

786432:ogyqsNjLKD88Yroh6Ugb0jRGogWP1fh82SmW2Uc:og+vKD8DohzwoxD81mJ

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.speedswater.boat

description ioc process

File opened for read /proc/cpuinfo com.speedswater.boat
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.speedswater.boat

description ioc process

File opened for read /proc/meminfo com.speedswater.boat

description	ioc	process
File opened for read	/proc/cpuinfo	com.speedswater.boat

description	ioc	process
File opened for read	/proc/meminfo	com.speedswater.boat

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.speedswater.boat

ioc	pid	process
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar	4560	com.speedswater.boat
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar	4560	com.speedswater.boat

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.speedswater.boat

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.speedswater.boat
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.speedswater.boat

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.speedswater.boat
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

34 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.speedswater.boat

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.speedswater.boat

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.speedswater.boat

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.speedswater.boat

flow	ioc
34	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.speedswater.boat

com.speedswater.boat
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
20KB

MD5
fe74842a0f479bcfd7e4822e65f33462

SHA1
cf4ac542a4fa69e2ed9c4f823e2bb598af3f62ca

SHA256
55fe1a9cbbe010dbaaebac6ff122e09accf208a64ef4d5c47990833a96ac47e6

SHA512
3a59cb1fd01c93fb87472e976fb40fc6bc429255344b09c2596b98bbe140eb2146d80f16fe2ad288b3c235e70d28eada46af672494ed032d0483ba27d4e2319f

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
36KB

MD5
57952a50779ea9cd14a26eac42103ccc

SHA1
3e8e0adfc2f4716fe08a32cde41602bc11f56662

SHA256
90cfda445e88de4fe0389f825ad7ed23ad14cce4afbd21d63952a950523c2a3f

SHA512
befb970c833eba73743f27f8ede6f84232621b36719e582beec7dfb9604d9a30f7e4d2e4a17b7afd3f0f554cf4d0426a67ee2d2bd8ed9b52e6c736691d618a3a

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
20KB

MD5
5dd827df4a4f5f1d471e2de3a310dab7

SHA1
b5bb6b23a6b06d07155f09fd4e83f7e9c8e4f280

SHA256
f0ed6ae52b24c35a66986ec40296948caf0e10a105c2833a95017b758b06a334

SHA512
30b249be8e2b4cab047e284ebe687c0df0053294c2bf2e11ae0975035434ce710fe5ce9bee6e954dce5343441ea0c73e078d1542be134d5faa7d848201f7cfb1

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
36KB

MD5
fc771c74ba1c53db2a3d4199fc59b5e5

SHA1
3390acaa9b563983dc67635ce53941ed549af0ed

SHA256
3a4a389f09256d3fc2910603a6cfa1ca0a9cc9d11e5bec1298d47b3ada8adcd5

SHA512
56df2d387b95acffbe7659aa7864eacaab935aab003877b52544be23e732234279d12f828890bb7d8eff7fbcbcd3076ecfc15cb07d7d6ecedba97173feb112fe

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
36KB

MD5
1adb2f0198bce8cb5faf565315eb3618

SHA1
a270bab3478c23e6e17818b9c0400463910af327

SHA256
ade4576125cf27bc2496713dcbe9c8b236f329656b9a0d23526a5f90d08bf6c3

SHA512
b80ddb7f60c5484c3ffd94793603dd5868ed72a161fcd8d0f2b69374a60fc8c04580b66ed80a5bde9ab2b9d2d9150c5928cd428dff052bf38dafde8142b281ae

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db
Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
12KB

MD5
06f26ea6be6ee5d1d8a6b2081d7cf135

SHA1
2a8234edb8c03f72ddfd6b6c6a0632e5caf6bde4

SHA256
4d72abce3f7c1ed0bc4a5586d1c483e9ab1014d08d85de620f3685d2b2c862dd

SHA512
cea3a2bd28004e9186a7628ba2a48d6897c3fedc042aaf9a2d7e19514cdd171842bf47b24dff007430cb4e745bf6deeeb00d169cfc0e69e3df79b147008ba592

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
16KB

MD5
2c5e76ec1ca58185a67094cec03d5a6c

SHA1
9036a6aaab25e1795b9fa954aaeb278e6c83925a

SHA256
b7ec7381eabe5a434c6343c82c552f00f27c8ac63656564ea53c3f81e0dd1f98

SHA512
748abc6739841659bcbaacc94c3a592d1aa8f187f095ec2f5ba98dc7002e7d4e78851d3ea403cd141eb8a997a5976f32ebe426e67e098808e41c10b3b9ebb27f

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
16KB

MD5
4779de64f3a9ca7c1cfe4e9b7b91cbed

SHA1
c81d35b6379ff293af5727e4a540bad437627d49

SHA256
e7333ba6e60b8815a9b842b05e5894167b8ff4ef2aa49224320e53d01422700e

SHA512
c01c56ff4d6283260c114e8b4d6ca04a299347d640687ef5485cf140c1c8cce9d9e103ff9e8bee6154a3bd321815e30ea8bb5066a7b84b8cfd02697ded33ce05

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
512B

MD5
e23a987d91ab1fd42228694778b08e8c

SHA1
6b6c9b3e540373b00d3f3981e9ed2f1909f5f69c

SHA256
52666ef13a3b61643f6988d075f314c4b205bdaf78e771638d322e327dcca685

SHA512
11122ac757fd0cb694800f91c33772434d2ce1f8116be6cfcd4f982c1709340630544d3c8b13073010ef74f1e412ca5f3d998855eb6d4ed094a72f771852885b

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
8KB

MD5
b7dbad31861d179308446e35c3daf67f

SHA1
c8540a636dfd6f2c8f08bc95d505132865c7353c

SHA256
f9b4a5a4c8e879ffc1b0d4525c8961fc65bdf6c984c2b5fd51a6fcbdf75e8a2c

SHA512
f4323bf0649eb0cb9ce323bb610e16272fb490ecf2234dcbdf78c77ea1251ea2e1f314528bb1e0569c90ea93ea601974c149ad6d27d419ed98be6b7171f39b04

Download Submit
/data/data/com.speedswater.boat/databases/cc/cc.db-journal
Filesize
8KB

MD5
961226ed22fe3441218854fd0b657b7a

SHA1
8a314fddac0271014b9034ab00303a8c96b5f20e

SHA256
30b7bf4e8dd19794e71dabce04bfae363645127bb71f5092eb21b8beba86564c

SHA512
4359ae557feb0efb78880ddac0a22ee7d3c28c405dbdf72c8e25583af16c1a6733715b74356f7bc720f6a75d4fb0ac7de6ba3351782453a405c9ebd6e2a0d2a7

Download Submit
/data/user/0/com.speedswater.boat/files/.FlurrySenderIndex.info.Data_E9QKPV35ILS1BQA9SYLC_150
Filesize
42B

MD5
debcdc4d0bff8d627d6fcc65a028a7a3

SHA1
bcbf08bc30e05204812de0978e2a1e8b9feb4195

SHA256
90ab6accd34377e6f184a2f6e7699683cf44545f57bcac8f3469231f2c75cc41

SHA512
a2fa9a635763e46a0e7dd1ba00990dfd868a5422ccef780ad2c67128d5b675deb6b08871211e6a1e4e265b7d151ce93563a80487e05955ad33cc1a8525f5aff6

Download Submit
/data/user/0/com.speedswater.boat/files/.FlurrySenderIndex.info.Data_E9QKPV35ILS1BQA9SYLC_150
Filesize
4B

MD5
f1d3ff8443297732862df21dc4e57262

SHA1
9069ca78e7450a285173431b3e52c5c25299e473

SHA256
df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

SHA512
ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3

Download Submit
/data/user/0/com.speedswater.boat/files/.flurryagent.ca771bb
Filesize
58B

MD5
f088a9078ee481c69a0e09be81b5588c

SHA1
49128cde5b07ddeba9c24e656207663fdf9359c9

SHA256
98f4d45bf8ec014067a6ca30e90a39b2070a711fbc20dc8db103da7db8504d4d

SHA512
f6c993a7f2d2caaee965678869c4512ad7247e2765a368dde9037359029a0c4989174d758b2233024d79f8ce1754efc43e0ed089a71ccf21b69e4956e9003e9f

Download Submit
/data/user/0/com.speedswater.boat/files/.flurrydatasenderblock.b8ccee4b-7a23-4d8a-852a-ad2b2d4ccffb
Filesize
253B

MD5
85a1196e103a27c0e7b91859485c5fc1

SHA1
13e619495dd5ae1685f7083dcd96134bc97b6ea5

SHA256
f1258c2bf674f2efec241b09ebc8635a5f07e27bc19ac9f5d7426bf8deb2d1c0

SHA512
a166cc10da7159c082b60b78b9aefd4d77ba30f1b237b21ed5afcaa27b991a60a6eeedd42c3ba288b1734f1ea7632c7c7eea7f881d6eb8c27db675d96daf8ceb

Download Submit
/data/user/0/com.speedswater.boat/files/.um/um_cache_1716574845108.env
Filesize
1KB

MD5
a096626a5ecb5ff900e16df8614a5fc5

SHA1
9ed045418cae18ad1ec267205b0e50fdc57553cc

SHA256
0fab20b923793c872497dd120f2019318c1f58d44e5f42ea67f10eb3d2407e6c

SHA512
3650cf02b74103c90deb95c7d840659c8774fbaca3371b8471e6a0e790e52c925d45bd347dfff93b685a81b76b3a98e638991bf7f74edcce743d77c299096df4

Download Submit
/data/user/0/com.speedswater.boat/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
2356925db8a6cfa672065001cbc6134f

SHA1
1608da5a68516881f2042c2ea281f445c71b62d1

SHA256
120a350cbbf55435368aff8fc7c41ba388192623b2538439703e44877491dd1a

SHA512
8302deb05c9e580a941a3e33f6081784313275f2d47e8f207e8e50fcb861642b415289153979aa5903a6ff787236575a5b5bcdc24dfcfa6576837b7c3ef76a10

Download Submit
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar
Filesize
215KB

MD5
3e6dc4daf00097937e5a3d38e3fd9c47

SHA1
43e07cfa96e03ef2ec22f0b267b0c43bc2447e57

SHA256
13cddacc9f95f85a699d08cab7ff3a9c54ab9dfee3c4f2fae6f561fce9b762a9

SHA512
963df2871f784cc48b770e499d0e9e8b45f59b1b53dc6e064a31d4e83891c93a258469dc76e5e3c0e87ccc946ff537a7a5a13a99defd4e54f48d07819c159e22

Download Submit
/data/user/0/com.speedswater.boat/files/cn.gsdw.jar
Filesize
417KB

MD5
c5d8987d49d25fa48486f00a4d57576b

SHA1
ce3f2ca5ec4d5e3bdcb3125db502885c414036af

SHA256
3ea43479d4ec679d414969d16bd7722373e3029070d4ff720d75401eed09e48e

SHA512
ee6b5ca955ea0a2495a7b34bf61de29a85ef569d6ae5dec93dfbdf8d01f0b74484de7d4e93cc9b41e4197474cfcb2bb35cd795396282002d6c8dcad7f5cdf11d

Download Submit
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar
Filesize
43KB

MD5
d29f9a021e4d797e3d724dbcd5171fa0

SHA1
797a598bf1ba23306e196e961721744f01c7f046

SHA256
600bfd6f8ec7420c0007958b0e4b87662e7414afcec615d9af821f5caff77c4c

SHA512
a3aab012a439c9523a6448c4ac3c8ab551ec910becc2a531579bf576eeb2cea3efe708d27c90d411caace7ac50565383f0ff62acc71e0c62a18c285136df9c37

Download Submit
/data/user/0/com.speedswater.boat/files/com.blad.iuise.jar
Filesize
112KB

MD5
15c5705d0dbc7deb03281bec8cde301d

SHA1
63bdd70c843e840e6ac365159664d1ffe9cbe5a0

SHA256
b17b4c80c28ded1cc4e8612a3342b0d39a76cbe8484e53d0d20fb17df02fccb7

SHA512
40d51e69353c5b77cad263d3ef113768fba387e5c29f97e45b02d5f8f5846cb9826e7b42b5b1b9130ab4a7fdaaf61721f59d83d73e42a8405fc241680df1b614

Download Submit
/data/user/0/com.speedswater.boat/files/mobclick_agent_cached_com.speedswater.boat12
Filesize
2KB

MD5
90c61728197a7275a2417fe34b8c9357

SHA1
45c42a6bbdcb7cb3698b6f561593a7dd55894f66

SHA256
f785fe9eb773a4c6b14d5039f65e031468d7d0b016e0ebadee9d8d04a848c66d

SHA512
9f175c0f38b7e466803dbe130da2789fa5791c974ac8216a2677f3d89c36eada12e416c968cbba569440a0b3ffe548ad657b594ddc89cbdb00c5357cf32332b5

Download Submit
/data/user/0/com.speedswater.boat/files/oat/cn.gsdw.jar.cur.prof
Filesize
234B

MD5
df4fc4cdcf90b9d6eff2788b5ef24553

SHA1
32712a5168e77d4cae5b2a5f81eb60cc9d7217a5

SHA256
b053ab07375c4c442abbff7f9ef0b6a4ecfc37fbb467aadbe3e2fa51347f8f32

SHA512
da50beacf3ab4447f01999a65c63f564515518557784186953bbc166eadc1fdea8dd60645929ab1cb0552ad24cd15ebfe5fbcbc08b3e55eb79d03c2bad9b9164

Download Submit
/data/user/0/com.speedswater.boat/files/oat/com.blad.iuise.jar.cur.prof
Filesize
184B

MD5
a88e44e9b1be1221d96a42ed7d9d3a2d

SHA1
2623af9e5045317553872f15e359361db75c3e91

SHA256
df4a71e46dd3938038da1bbc9af868f65c332573e85061d955d746473b73b670

SHA512
ab6aa7eb772d4fab2ad521457b51dc9fe61f3126ccf626fae47f0be463dd7d42d52e2a6e59336446ac9ef23a77abb9d155e261dfe8fcad2dfb39bb832a07481a

Download Submit
/data/user/0/com.speedswater.boat/files/umeng_it.cache
Filesize
433B

MD5
9f51d0b734af71585f5d18488e313a7f

SHA1
000e13066659be59ceac549ad2af0a564eddcf05

SHA256
587e93263b98d0210163eb2ddc23c90987e10fb1aaed60772c59303185c243f7

SHA512
9fabdc427c013672a3e4c20db3423bdec625f0684a45fc8bb03d2829f5448d29bf437de479444c7b49f6217d3ee181692b699a00255c8057c7976d2af011ce1d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
db6a574241f92b1f16c9c308ea3c9ab9

SHA1
1d05a412682de6a3ddffa54ce5e5862dde92e20f

SHA256
37ca0e2687e8abe032190e1d6a40cf2a9dc09f97c89286039f208d5d12c9ca22

SHA512
0d7349776b291fcedac9903c5dd638d97c6b2311f33a40a5b15a16ebc267bcd938caca8a22e4547fbdbd7b49f12c2a1a09d5255f041fc81e3013a73dad70d216

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
73f5d5e3fcc5d124e73c53e2f557b58b

SHA1
520773e78c15de8d775f59212c3f5704fa8358fb

SHA256
fa6be080e2bb77203e894339fe130b0b9d35f0a44f3db485ad8a4819b36481a7

SHA512
edfa0cbc5b91a4c1ef4e2012e40cc6985fccbb0be7fef4d95e3e6749ef30a35be5d8c7b00357b565e672bd3851d4ba0c057b48c6a9350fcfc031ce613c6f5b09

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
407B

MD5
f80d335314c87cc8d8f4417b5601c106

SHA1
6039dd6162d86fe1768284079d8135c4f733759c

SHA256
a05c602a89e587c527e9e5ea12d4ea0ae1daeacbd8a928a7675c087490904314

SHA512
aff59aa9debb7f08e0910fa827be7fde3d35b61f4edc274a87f95e38a65b92c5157c6148e5c4d06eae81a8775b47e69660135c6fa22c50edba8b92d9154ab6d4

Download Submit