Analysis Overview
SHA256
0eac53e4877d6376162315513eb3cae62e33e15603358c3bb4106bdb9a48589f
Threat Level: Shows suspicious behavior
The file a4718a0fecad0e9d6b11ed4084d42390_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries information about running processes on the device
Requests dangerous framework permissions
Queries information about active data network
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:33
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:33
Reported
2024-06-13 07:36
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
158s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.squareenix.tombraider1classic/app_app_apk/tombraider1classic.dat.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.squareenix.tombraider1classic
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.66:443 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
| MD5 | d1531b1622de54fe3a0187c3344600e9 |
| SHA1 | d47cbc8e977ffc6f492483716f00534153677778 |
| SHA256 | 3bdbb4fe8397cd2b842430b39ccff01a8663c751945ef5e9a09e267fb8b1d359 |
| SHA512 | e1931e50078ec69a0ba99ee2098dfe20afce3c7a75283e50b585ef585ed8eb28db887895fa73b04991e6e590ddbf71ceeaffe37d836068348e5f7fc7049c6d12 |
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
| MD5 | 41a9fd0a83bd3d665786313f7c656673 |
| SHA1 | 5ee00844ebcaab8d5294625315ef62740041c1ed |
| SHA256 | fd916e99b25a9fd2f6bfd84d392f445e3ab2cb5a48aa1dbf50ee7d70a224ba68 |
| SHA512 | 3a8e7344dbcd03ee83dc2f5b6afcc511033689912e1ee209da1eaa876246f61774e2df9fb46617ad13fd937d8ff8404ee77eda4698a7dd76026a78423a12ed94 |
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
| MD5 | 1d464a8f2972fe163d90eaa1091f3268 |
| SHA1 | fbe0788bb2042fb4bd9a83bb91e6573482d5ca9f |
| SHA256 | e2a986fb185601d3fc7d48437551cd45ee83a7b47147bd6c264bb30ede655fbb |
| SHA512 | 9f8c6f3959fcb510ca9a805c7c837c53b8cbe1daeb8e9cb535e3e4adaab20b7cfbc98db45eba5242b5d54ee5aa1f4f3f9ddd1ff138968a658a7725f6df0ef1b7 |
/data/data/com.squareenix.tombraider1classic/files/libsplash.png.so
| MD5 | 21e9cb70c07adbba3c1d979d8fb65ec9 |
| SHA1 | 12bb8ed403cdaaf57cfbf145c4e0f0a15e6dc79b |
| SHA256 | 7257266defb25c2c05b1db9269879e57bed6d8be7d62fe1668fa3d5ab10f93d6 |
| SHA512 | 4f5c2bb841efe560da56172cd75ad583e49cd61f8f45a98594589407329232694468dc700f202764813fcb759c3df10eb5e810e0e9e705ee6c6958a1e68a3ad2 |
/data/user/0/com.squareenix.tombraider1classic/app_app_apk/tombraider1classic.dat.jar
| MD5 | e86288c00f92925e79a2116146255e5c |
| SHA1 | 83e892161884155597c688e9e0a6e25c15d1de22 |
| SHA256 | 41700f1c9f91dddfb44b967030c3d1d2ab9c98b508f931a097ee60e23078c4d3 |
| SHA512 | e9189f15051cb57fb0332329d475867b0a957030735b9e86cc5211580e3a0aefce97d3707d05b14fa0a401c6a3384c18c539301fc027e42d37da326a15d4d750 |
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-journal
| MD5 | a5c603734ff90cd28ec57194f7d5d139 |
| SHA1 | 32d48879bacc6028d61063db7241af3031e10341 |
| SHA256 | aad1ea7adcc37df96fd4fdffc534a64ca6fd74ff445e165f3648424caef21343 |
| SHA512 | 5c3a02a464234c79757f5590b0b822b730b61e8d77ef6ef16f134a420add4ee1bf5a480a6bf468f9c72f8f2d17e9ce92875e0fbca10914f1a36e5ec4ca8dc68a |
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.squareenix.tombraider1classic/databases/google_analytics_v4.db-wal
| MD5 | 14311e7cb6610cd110f4c006c3049265 |
| SHA1 | a5d7ecbe2aac5a50ed1611cad3aac3142e1bde2a |
| SHA256 | 1ee267688fe7a2eb523275786b07f67cca2c1e4ad6f8274cf430753ca146214c |
| SHA512 | ef1003f8bd21fbe4c371a2d7733e2a863d93189b81e99917870f05c86fad2c3982143ae02ec48c688a453866a83275f394d5aa7bc7b7a94145de8919595e0ce9 |
/data/data/com.squareenix.tombraider1classic/databases/DownloadsDB-journal
| MD5 | 185f0f25210a821b2a09cf528955d963 |
| SHA1 | 8875495cb0183c4c4b2be4051dd9ef165317e8c1 |
| SHA256 | ab20088837372c12473aa77050cf46dbe5c99494b809c5442ae100c1aba0c029 |
| SHA512 | 9dddaf4b07dbb645e615ca65c372bf525647c44165bc94cc448b1bddab558d462cdf2bfd13de6d79dfd103c66aada31c06f58729746e045862ba4a5875a5159a |
/data/data/com.squareenix.tombraider1classic/databases/DownloadsDB-wal
| MD5 | 9eb8d503f5e3215a8e7de642329e9f5e |
| SHA1 | a4fc27d591184bec2d30ef8699bf0bb7214e4d81 |
| SHA256 | 4f36c69ef2a2ec1d3a0ebd95095573a61c31e7d60fa2c8190a3959ff3b3925bc |
| SHA512 | 491ed4d75b31a89525da3336b486a59fa12e91a49005d4b23d3911bda0d47555b9bfc39eed30d9f13352a13c4408e480115fc21c4017b72aec02a0cbeec95d86 |
/data/data/com.squareenix.tombraider1classic/files/gaClientId
| MD5 | 30f99395f0d77d940f1eef6f05b70ad6 |
| SHA1 | d1868e5a0adaf88e5d9f28eabe9e6a979bed1a5c |
| SHA256 | a5dbb008b2101a8dfa13af517fd9c3e4d7160940613426614833cb24c36c376c |
| SHA512 | 704820e6def63db9ceb310e99e7c539f3bc5345b1f92313ae758cb8aa290f49ab708c1f44fbe313dbcd228b05e39a80b7fe01c5fbfdd83740bedb180d6fbaaac |
/data/data/com.squareenix.tombraider1classic/files/.flurryagent.-38313e77
| MD5 | 3daf5088c4cce3b873da8aa58f24916e |
| SHA1 | dcd71228e2befd5f5a428047722762022d8156cb |
| SHA256 | e42828ac8354f15909bcfdee8c1246359de833ddb1a8997383b7bc49c3c05d99 |
| SHA512 | 5828ea878d3ff470f1d5d94dbbfeed3e429c7eb1add63a338162743c4de286eda833aa37f08bf57154480937f3984101f90fda678061eedaf2af2f7b60fa64fa |
/data/data/com.squareenix.tombraider1classic/files/.yflurrydatasenderblock.c32a5538-17bb-4d78-b793-f45576947fab
| MD5 | 7e789ebeb8c80afe9edc16a700dd225f |
| SHA1 | 876ab9cd22ddcf48693bce3a7e5de5963d42a566 |
| SHA256 | 7b98bead9ca493d3295cc8e041d74c0d0df5a1a01e7756fcab98bca5e649eeca |
| SHA512 | f8b9dc4e0aa1f18798707ee9aab46a5b07ec8c21be5287976c38ac4f5a9ecce478a43c524a9e71a28e48a5bd84e3470201b7d477451e5de40709ac78a9b486ec |
/data/data/com.squareenix.tombraider1classic/files/.YFlurrySenderIndex.info.AnalyticsData_K56V5RX7GPV57DZT6SZQ_184
| MD5 | 2aa7d3f26b29884fd111484b928dbc1f |
| SHA1 | 197a6e29e8f9e16946899d74c9f316377d3e9658 |
| SHA256 | f38560616575f32520c49edfe09b758465fbffe88f5ddb6d91d1035ee492a98e |
| SHA512 | d9d4ce4b87b9e7127997d2a746007e291f289ddd44022372c4d93de40ded873325bbee407718e47fd24c0274d778884e207b97dfc61cfdf22ae7a63c48f4fc1d |
/data/data/com.squareenix.tombraider1classic/files/.YFlurrySenderIndex.info.AnalyticsMain
| MD5 | 47416319de9e2e75efeae81d149eadec |
| SHA1 | feb5c4a45168651837be1283a971ac91e33e717e |
| SHA256 | 1644e9d2feb139c9ff8c7fd9a6d06b2fdc6b4586e5c8d4354b8bf7c487c5e907 |
| SHA512 | 673c7cf6b56ed4b5867710b039848ff3a69e6a4a0a352acfdc125f46b8fa98a99ecf2f809b59e079b41bb2fe4872bd2263d0b9e4da45416fa0df64d1d91f22a9 |