Analysis

  • max time kernel
    179s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 07:33

General

  • Target

    a4718a0fecad0e9d6b11ed4084d42390_JaffaCakes118.apk

  • Size

    4.9MB

  • MD5

    a4718a0fecad0e9d6b11ed4084d42390

  • SHA1

    043355a01170784db219e577b03021f75c04665c

  • SHA256

    0eac53e4877d6376162315513eb3cae62e33e15603358c3bb4106bdb9a48589f

  • SHA512

    48710c2465c9fa564d6f5e6ddf2e2e36b15813a12ccfbd2b2b30dafaf3db1c1b03bd4d6a01a605fe7327e86712bb040cddc9056d78fe23858dc2544dfdfb101a

  • SSDEEP

    98304:fBWKx243Pe0XGx2UVlpE9NjGPEK/GidrmMJYUJu:EKxz3PR82UVlOxKQMJc

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.squareenix.tombraider1classic
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.squareenix.tombraider1classic/databases/DownloadsDB-journal
    Filesize

    512B

    MD5

    185f0f25210a821b2a09cf528955d963

    SHA1

    8875495cb0183c4c4b2be4051dd9ef165317e8c1

    SHA256

    ab20088837372c12473aa77050cf46dbe5c99494b809c5442ae100c1aba0c029

    SHA512

    9dddaf4b07dbb645e615ca65c372bf525647c44165bc94cc448b1bddab558d462cdf2bfd13de6d79dfd103c66aada31c06f58729746e045862ba4a5875a5159a

  • /data/data/com.squareenix.tombraider1classic/databases/DownloadsDB-wal
    Filesize

    40KB

    MD5

    9eb8d503f5e3215a8e7de642329e9f5e

    SHA1

    a4fc27d591184bec2d30ef8699bf0bb7214e4d81

    SHA256

    4f36c69ef2a2ec1d3a0ebd95095573a61c31e7d60fa2c8190a3959ff3b3925bc

    SHA512

    491ed4d75b31a89525da3336b486a59fa12e91a49005d4b23d3911bda0d47555b9bfc39eed30d9f13352a13c4408e480115fc21c4017b72aec02a0cbeec95d86

  • /data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-journal
    Filesize

    512B

    MD5

    a5c603734ff90cd28ec57194f7d5d139

    SHA1

    32d48879bacc6028d61063db7241af3031e10341

    SHA256

    aad1ea7adcc37df96fd4fdffc534a64ca6fd74ff445e165f3648424caef21343

    SHA512

    5c3a02a464234c79757f5590b0b822b730b61e8d77ef6ef16f134a420add4ee1bf5a480a6bf468f9c72f8f2d17e9ce92875e0fbca10914f1a36e5ec4ca8dc68a

  • /data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-wal
    Filesize

    60KB

    MD5

    14311e7cb6610cd110f4c006c3049265

    SHA1

    a5d7ecbe2aac5a50ed1611cad3aac3142e1bde2a

    SHA256

    1ee267688fe7a2eb523275786b07f67cca2c1e4ad6f8274cf430753ca146214c

    SHA512

    ef1003f8bd21fbe4c371a2d7733e2a863d93189b81e99917870f05c86fad2c3982143ae02ec48c688a453866a83275f394d5aa7bc7b7a94145de8919595e0ce9

  • /data/data/com.squareenix.tombraider1classic/files/.YFlurrySenderIndex.info.AnalyticsData_K56V5RX7GPV57DZT6SZQ_184
    Filesize

    88B

    MD5

    2aa7d3f26b29884fd111484b928dbc1f

    SHA1

    197a6e29e8f9e16946899d74c9f316377d3e9658

    SHA256

    f38560616575f32520c49edfe09b758465fbffe88f5ddb6d91d1035ee492a98e

    SHA512

    d9d4ce4b87b9e7127997d2a746007e291f289ddd44022372c4d93de40ded873325bbee407718e47fd24c0274d778884e207b97dfc61cfdf22ae7a63c48f4fc1d

  • /data/data/com.squareenix.tombraider1classic/files/.YFlurrySenderIndex.info.AnalyticsMain
    Filesize

    72B

    MD5

    47416319de9e2e75efeae81d149eadec

    SHA1

    feb5c4a45168651837be1283a971ac91e33e717e

    SHA256

    1644e9d2feb139c9ff8c7fd9a6d06b2fdc6b4586e5c8d4354b8bf7c487c5e907

    SHA512

    673c7cf6b56ed4b5867710b039848ff3a69e6a4a0a352acfdc125f46b8fa98a99ecf2f809b59e079b41bb2fe4872bd2263d0b9e4da45416fa0df64d1d91f22a9

  • /data/data/com.squareenix.tombraider1classic/files/.flurryagent.-38313e77
    Filesize

    58B

    MD5

    3daf5088c4cce3b873da8aa58f24916e

    SHA1

    dcd71228e2befd5f5a428047722762022d8156cb

    SHA256

    e42828ac8354f15909bcfdee8c1246359de833ddb1a8997383b7bc49c3c05d99

    SHA512

    5828ea878d3ff470f1d5d94dbbfeed3e429c7eb1add63a338162743c4de286eda833aa37f08bf57154480937f3984101f90fda678061eedaf2af2f7b60fa64fa

  • /data/data/com.squareenix.tombraider1classic/files/.yflurrydatasenderblock.c32a5538-17bb-4d78-b793-f45576947fab
    Filesize

    344B

    MD5

    7e789ebeb8c80afe9edc16a700dd225f

    SHA1

    876ab9cd22ddcf48693bce3a7e5de5963d42a566

    SHA256

    7b98bead9ca493d3295cc8e041d74c0d0df5a1a01e7756fcab98bca5e649eeca

    SHA512

    f8b9dc4e0aa1f18798707ee9aab46a5b07ec8c21be5287976c38ac4f5a9ecce478a43c524a9e71a28e48a5bd84e3470201b7d477451e5de40709ac78a9b486ec

  • /data/data/com.squareenix.tombraider1classic/files/gaClientId
    Filesize

    36B

    MD5

    30f99395f0d77d940f1eef6f05b70ad6

    SHA1

    d1868e5a0adaf88e5d9f28eabe9e6a979bed1a5c

    SHA256

    a5dbb008b2101a8dfa13af517fd9c3e4d7160940613426614833cb24c36c376c

    SHA512

    704820e6def63db9ceb310e99e7c539f3bc5345b1f92313ae758cb8aa290f49ab708c1f44fbe313dbcd228b05e39a80b7fe01c5fbfdd83740bedb180d6fbaaac

  • /data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
    Filesize

    4B

    MD5

    d1531b1622de54fe3a0187c3344600e9

    SHA1

    d47cbc8e977ffc6f492483716f00534153677778

    SHA256

    3bdbb4fe8397cd2b842430b39ccff01a8663c751945ef5e9a09e267fb8b1d359

    SHA512

    e1931e50078ec69a0ba99ee2098dfe20afce3c7a75283e50b585ef585ed8eb28db887895fa73b04991e6e590ddbf71ceeaffe37d836068348e5f7fc7049c6d12

  • /data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
    Filesize

    152KB

    MD5

    41a9fd0a83bd3d665786313f7c656673

    SHA1

    5ee00844ebcaab8d5294625315ef62740041c1ed

    SHA256

    fd916e99b25a9fd2f6bfd84d392f445e3ab2cb5a48aa1dbf50ee7d70a224ba68

    SHA512

    3a8e7344dbcd03ee83dc2f5b6afcc511033689912e1ee209da1eaa876246f61774e2df9fb46617ad13fd937d8ff8404ee77eda4698a7dd76026a78423a12ed94

  • /data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
    Filesize

    247KB

    MD5

    1d464a8f2972fe163d90eaa1091f3268

    SHA1

    fbe0788bb2042fb4bd9a83bb91e6573482d5ca9f

    SHA256

    e2a986fb185601d3fc7d48437551cd45ee83a7b47147bd6c264bb30ede655fbb

    SHA512

    9f8c6f3959fcb510ca9a805c7c837c53b8cbe1daeb8e9cb535e3e4adaab20b7cfbc98db45eba5242b5d54ee5aa1f4f3f9ddd1ff138968a658a7725f6df0ef1b7

  • /data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
    Filesize

    374KB

    MD5

    21e9cb70c07adbba3c1d979d8fb65ec9

    SHA1

    12bb8ed403cdaaf57cfbf145c4e0f0a15e6dc79b

    SHA256

    7257266defb25c2c05b1db9269879e57bed6d8be7d62fe1668fa3d5ab10f93d6

    SHA512

    4f5c2bb841efe560da56172cd75ad583e49cd61f8f45a98594589407329232694468dc700f202764813fcb759c3df10eb5e810e0e9e705ee6c6958a1e68a3ad2

  • /data/user/0/com.squareenix.tombraider1classic/app_app_apk/tombraider1classic.dat.jar
    Filesize

    243KB

    MD5

    e86288c00f92925e79a2116146255e5c

    SHA1

    83e892161884155597c688e9e0a6e25c15d1de22

    SHA256

    41700f1c9f91dddfb44b967030c3d1d2ab9c98b508f931a097ee60e23078c4d3

    SHA512

    e9189f15051cb57fb0332329d475867b0a957030735b9e86cc5211580e3a0aefce97d3707d05b14fa0a401c6a3384c18c539301fc027e42d37da326a15d4d750