Analysis
-
max time kernel
179s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 07:33
Static task
static1
Behavioral task
behavioral1
Sample
a4718a0fecad0e9d6b11ed4084d42390_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a4718a0fecad0e9d6b11ed4084d42390_JaffaCakes118.apk
-
Size
4.9MB
-
MD5
a4718a0fecad0e9d6b11ed4084d42390
-
SHA1
043355a01170784db219e577b03021f75c04665c
-
SHA256
0eac53e4877d6376162315513eb3cae62e33e15603358c3bb4106bdb9a48589f
-
SHA512
48710c2465c9fa564d6f5e6ddf2e2e36b15813a12ccfbd2b2b30dafaf3db1c1b03bd4d6a01a605fe7327e86712bb040cddc9056d78fe23858dc2544dfdfb101a
-
SSDEEP
98304:fBWKx243Pe0XGx2UVlpE9NjGPEK/GidrmMJYUJu:EKxz3PR82UVlOxKQMJc
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.squareenix.tombraider1classicioc pid process /data/user/0/com.squareenix.tombraider1classic/app_app_apk/tombraider1classic.dat.jar 4172 com.squareenix.tombraider1classic -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.squareenix.tombraider1classicdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.squareenix.tombraider1classic -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.squareenix.tombraider1classicdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.squareenix.tombraider1classic -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.squareenix.tombraider1classicdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.squareenix.tombraider1classic -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.squareenix.tombraider1classicdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.squareenix.tombraider1classic
Processes
-
com.squareenix.tombraider1classic1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.squareenix.tombraider1classic/databases/DownloadsDB-journalFilesize
512B
MD5185f0f25210a821b2a09cf528955d963
SHA18875495cb0183c4c4b2be4051dd9ef165317e8c1
SHA256ab20088837372c12473aa77050cf46dbe5c99494b809c5442ae100c1aba0c029
SHA5129dddaf4b07dbb645e615ca65c372bf525647c44165bc94cc448b1bddab558d462cdf2bfd13de6d79dfd103c66aada31c06f58729746e045862ba4a5875a5159a
-
/data/data/com.squareenix.tombraider1classic/databases/DownloadsDB-walFilesize
40KB
MD59eb8d503f5e3215a8e7de642329e9f5e
SHA1a4fc27d591184bec2d30ef8699bf0bb7214e4d81
SHA2564f36c69ef2a2ec1d3a0ebd95095573a61c31e7d60fa2c8190a3959ff3b3925bc
SHA512491ed4d75b31a89525da3336b486a59fa12e91a49005d4b23d3911bda0d47555b9bfc39eed30d9f13352a13c4408e480115fc21c4017b72aec02a0cbeec95d86
-
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-journalFilesize
512B
MD5a5c603734ff90cd28ec57194f7d5d139
SHA132d48879bacc6028d61063db7241af3031e10341
SHA256aad1ea7adcc37df96fd4fdffc534a64ca6fd74ff445e165f3648424caef21343
SHA5125c3a02a464234c79757f5590b0b822b730b61e8d77ef6ef16f134a420add4ee1bf5a480a6bf468f9c72f8f2d17e9ce92875e0fbca10914f1a36e5ec4ca8dc68a
-
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-walFilesize
60KB
MD514311e7cb6610cd110f4c006c3049265
SHA1a5d7ecbe2aac5a50ed1611cad3aac3142e1bde2a
SHA2561ee267688fe7a2eb523275786b07f67cca2c1e4ad6f8274cf430753ca146214c
SHA512ef1003f8bd21fbe4c371a2d7733e2a863d93189b81e99917870f05c86fad2c3982143ae02ec48c688a453866a83275f394d5aa7bc7b7a94145de8919595e0ce9
-
/data/data/com.squareenix.tombraider1classic/files/.YFlurrySenderIndex.info.AnalyticsData_K56V5RX7GPV57DZT6SZQ_184Filesize
88B
MD52aa7d3f26b29884fd111484b928dbc1f
SHA1197a6e29e8f9e16946899d74c9f316377d3e9658
SHA256f38560616575f32520c49edfe09b758465fbffe88f5ddb6d91d1035ee492a98e
SHA512d9d4ce4b87b9e7127997d2a746007e291f289ddd44022372c4d93de40ded873325bbee407718e47fd24c0274d778884e207b97dfc61cfdf22ae7a63c48f4fc1d
-
/data/data/com.squareenix.tombraider1classic/files/.YFlurrySenderIndex.info.AnalyticsMainFilesize
72B
MD547416319de9e2e75efeae81d149eadec
SHA1feb5c4a45168651837be1283a971ac91e33e717e
SHA2561644e9d2feb139c9ff8c7fd9a6d06b2fdc6b4586e5c8d4354b8bf7c487c5e907
SHA512673c7cf6b56ed4b5867710b039848ff3a69e6a4a0a352acfdc125f46b8fa98a99ecf2f809b59e079b41bb2fe4872bd2263d0b9e4da45416fa0df64d1d91f22a9
-
/data/data/com.squareenix.tombraider1classic/files/.flurryagent.-38313e77Filesize
58B
MD53daf5088c4cce3b873da8aa58f24916e
SHA1dcd71228e2befd5f5a428047722762022d8156cb
SHA256e42828ac8354f15909bcfdee8c1246359de833ddb1a8997383b7bc49c3c05d99
SHA5125828ea878d3ff470f1d5d94dbbfeed3e429c7eb1add63a338162743c4de286eda833aa37f08bf57154480937f3984101f90fda678061eedaf2af2f7b60fa64fa
-
/data/data/com.squareenix.tombraider1classic/files/.yflurrydatasenderblock.c32a5538-17bb-4d78-b793-f45576947fabFilesize
344B
MD57e789ebeb8c80afe9edc16a700dd225f
SHA1876ab9cd22ddcf48693bce3a7e5de5963d42a566
SHA2567b98bead9ca493d3295cc8e041d74c0d0df5a1a01e7756fcab98bca5e649eeca
SHA512f8b9dc4e0aa1f18798707ee9aab46a5b07ec8c21be5287976c38ac4f5a9ecce478a43c524a9e71a28e48a5bd84e3470201b7d477451e5de40709ac78a9b486ec
-
/data/data/com.squareenix.tombraider1classic/files/gaClientIdFilesize
36B
MD530f99395f0d77d940f1eef6f05b70ad6
SHA1d1868e5a0adaf88e5d9f28eabe9e6a979bed1a5c
SHA256a5dbb008b2101a8dfa13af517fd9c3e4d7160940613426614833cb24c36c376c
SHA512704820e6def63db9ceb310e99e7c539f3bc5345b1f92313ae758cb8aa290f49ab708c1f44fbe313dbcd228b05e39a80b7fe01c5fbfdd83740bedb180d6fbaaac
-
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.soFilesize
4B
MD5d1531b1622de54fe3a0187c3344600e9
SHA1d47cbc8e977ffc6f492483716f00534153677778
SHA2563bdbb4fe8397cd2b842430b39ccff01a8663c751945ef5e9a09e267fb8b1d359
SHA512e1931e50078ec69a0ba99ee2098dfe20afce3c7a75283e50b585ef585ed8eb28db887895fa73b04991e6e590ddbf71ceeaffe37d836068348e5f7fc7049c6d12
-
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.soFilesize
152KB
MD541a9fd0a83bd3d665786313f7c656673
SHA15ee00844ebcaab8d5294625315ef62740041c1ed
SHA256fd916e99b25a9fd2f6bfd84d392f445e3ab2cb5a48aa1dbf50ee7d70a224ba68
SHA5123a8e7344dbcd03ee83dc2f5b6afcc511033689912e1ee209da1eaa876246f61774e2df9fb46617ad13fd937d8ff8404ee77eda4698a7dd76026a78423a12ed94
-
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.soFilesize
247KB
MD51d464a8f2972fe163d90eaa1091f3268
SHA1fbe0788bb2042fb4bd9a83bb91e6573482d5ca9f
SHA256e2a986fb185601d3fc7d48437551cd45ee83a7b47147bd6c264bb30ede655fbb
SHA5129f8c6f3959fcb510ca9a805c7c837c53b8cbe1daeb8e9cb535e3e4adaab20b7cfbc98db45eba5242b5d54ee5aa1f4f3f9ddd1ff138968a658a7725f6df0ef1b7
-
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.soFilesize
374KB
MD521e9cb70c07adbba3c1d979d8fb65ec9
SHA112bb8ed403cdaaf57cfbf145c4e0f0a15e6dc79b
SHA2567257266defb25c2c05b1db9269879e57bed6d8be7d62fe1668fa3d5ab10f93d6
SHA5124f5c2bb841efe560da56172cd75ad583e49cd61f8f45a98594589407329232694468dc700f202764813fcb759c3df10eb5e810e0e9e705ee6c6958a1e68a3ad2
-
/data/user/0/com.squareenix.tombraider1classic/app_app_apk/tombraider1classic.dat.jarFilesize
243KB
MD5e86288c00f92925e79a2116146255e5c
SHA183e892161884155597c688e9e0a6e25c15d1de22
SHA25641700f1c9f91dddfb44b967030c3d1d2ab9c98b508f931a097ee60e23078c4d3
SHA512e9189f15051cb57fb0332329d475867b0a957030735b9e86cc5211580e3a0aefce97d3707d05b14fa0a401c6a3384c18c539301fc027e42d37da326a15d4d750