561bdb30c49911d5c4829d800cdde1d01b472192cb3405e3224ae4d98491d534

Analysis

max time kernel
155s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4e9a8411f0e71e255b20db46374f3fd_JaffaCakes118.apk
Size

14.6MB
MD5

a4e9a8411f0e71e255b20db46374f3fd
SHA1

3963e35bf62068886bed19137152a96f8a9285ba
SHA256

561bdb30c49911d5c4829d800cdde1d01b472192cb3405e3224ae4d98491d534
SHA512

43018fdf9e09dfd5c45bbc9ba1c55aabdc7cdece266e0140c2c3352d3b528a148676a914b1b8e1982a8b5ae5528db76d72a620ea9fbcfe7bcfb754ccbd20f3c0
SSDEEP

393216:wWwDL1M777Dx6bW11xD+LHOFFmtZNsOmyJ8oYBA0:wb+x6bW1HSLQItZubPF

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.crosswordshop2

ioc process

/system/app/Superuser.apk com.crosswordshop2
/system/xbin/su com.crosswordshop2
Acquires the wake lock 1 IoCs

Processes:

com.crosswordshop2

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.crosswordshop2
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.crosswordshop2

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crosswordshop2
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.crosswordshop2

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.crosswordshop2
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.crosswordshop2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.crosswordshop2
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.crosswordshop2

description ioc process

File opened for read /proc/meminfo com.crosswordshop2

ioc	process
/system/app/Superuser.apk	com.crosswordshop2
/system/xbin/su	com.crosswordshop2

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.crosswordshop2

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.crosswordshop2

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.crosswordshop2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.crosswordshop2

description	ioc	process
File opened for read	/proc/meminfo	com.crosswordshop2

com.crosswordshop2
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4179

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ba1b279dd4623b6d67e38e564790c15a

SHA1
cfaffbcc9e9f906c5b83ed8d0b1c18b516f8f619

SHA256
65b0b0f68d98fa368b606d39078f4296a9373490eb271bc3027b76f72e9a459e

SHA512
9ace4b2eaa232bb1f536d8c71c39db0510a069431e86f1e47d73ca011cf49c7e044a8fe206e71c6bf58e843c82e90890f568d458d728552656357311690152d3

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7d88ff44d69f1a03bb7339906ad14fa7

SHA1
66a1aca734bcc4b618f0b906cf5a6cf8caeb6e6b

SHA256
b5c60dd86ac882ecf76b29d3b2da0d7b517b4d6429c404ac3f6eedd15808425a

SHA512
b87f0287811861e5e4b36f5f431c0a2c45f1b3b1ad994afe3a51c7b7341975c948ddec0f65ed55aa234d4b4d4949b474f4d1758acd3b50aebb267db68209e9aa

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e0fdddc2aa5eb4a9961e8964856bfe1d

SHA1
3eed82f9492112a4cecce6378343d97060c18486

SHA256
cfd9f74b9ceacce45eb3b46fc1e0ef0276d91c334bc3a623927b737f9193c32f

SHA512
0894204ac10ab601e7a00225ad2e3c39215eb44096c71455795eadbe60e38f0aa8e3e56d771edad2b4d4977748566a018cf035caccf64b09586c61c7e139d5a1

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
552ca28fd9c4b4aa9abcda61ec586c8e

SHA1
4b7946eb2107b15bb171271f601c2ba0f4ca206c

SHA256
2c76480986612fc977724400389ccb5f12459cab427355d95c19b2c5a944d40a

SHA512
3da9c16ad11dbfe0cf6d2b0d9184039da263a8a24ea21304f982121b325d433497b58ca352b52a501fd7d28ed499c9e320ce3bc79c83248476b7c73133a8f321

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ba1484241ad50b64a93dc1629801cb58

SHA1
1e5b8f70185afc2047e566fb0e2f7ca0f475d288

SHA256
b6843a349a2eacfe3760677370968f0a50c8a8cd5f1459ab9d882b324a32963e

SHA512
0020477746d6a83132b58a790447836cf9daffa4c05b0fef9e530ee132e796fa3474463c9aae5ee7acf76d9469cbc12f0cf436b5fd529b31ef493ce79499ec0c

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
00dde2a5b1777ccb5f47fdb3fd6854f6

SHA1
de5f3a391a2efbd75539fb201865cbfaa133cb0f

SHA256
660bc0fec999533611f8763b4d584d2dcaad3c629833c3488000f422693ce92a

SHA512
f27dac201625d2d4506fdec52af5c1336f0b3e4926a7deab3902f7339a2e08b334cd54ac24d50207db37e94f37b743d6b927dcbf1981ba65292e87419f073066

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
4d3e5e3edfc080721fddf3a768fb3be8

SHA1
1cca01ced7ef70f5dfac68030b4e275b2a6e7ea5

SHA256
ef2081aba430367567b054e19be24cc82067da0040d38baa3f50d6cbacfe9ee3

SHA512
17e9f9e215b76ce111ccf08091435611e1c0e6182132d770daa878b1ade15ee96b96c85f1488cb83578410a98260efd388840ca0923acba8dc718b0d7614a876

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
b780bc10e076f907d683a84d4dc84ee1

SHA1
d370e28e14d0ad8c3942fd46ec16238cd6a9088a

SHA256
019dd52353d930ea3781f2743ddbd4e045c09c594b457a2b51ee619133d40b24

SHA512
d7ce672daa4e3f9ce11525fd423a141577c83ef8eac6c1e69e60df770584d820e751fb9f5c3c02fa545dca31417cb00ff32d45a8eaf2704bddbe982f379a52b1

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
829c414f28c108aa79a3461f7ee9a67b

SHA1
e234ac09f78e82ac364ebf8798023f32a33260a3

SHA256
d2bf332c8d92c0b1f987f8998e014e1ec1b68e6e94c57c633c21b788e4ad19c1

SHA512
272f14ec659d972f74ad3fd388c9d525b898af5c347f80d9fc0fd080ff8a3add7f5a458c431c7ce0dc5fae069d29a60470d1920303cd30274a07a0b6b4c5bbb3

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
366b988d2a4229d21a6bbc9d066de895

SHA1
3640ac962078bf8c6b34676636cd876e9bed413c

SHA256
5b9f99810bc0529039c91c6784cc44ef0617ca0f84688bbab13c879e0974a069

SHA512
4094b6fb2675107691aa0f35405d4222ca7b086f082c574ca3fd0f476eb33da34e6af0eedf0bdb0b61959b977d3ffbf409eb2f59935224c64db48a5af520aa6b

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
67834acdcf6c90c928016d0f38ba5f01

SHA1
06210be90750c307e9de9204decc037851dcdc39

SHA256
b9a0d9625ac78c8802baa538dc8e6f5f6e45fd50832669516c5d872e7994f24e

SHA512
9fa3318586cde3c3148d758b85af08e3489d4df49ad3b3ee182ef518420a982a5b1e757811c84919a9f1e4f592e44b1d9cae0f410eb41118e6899540f7195480

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
3ba0509f4f4a7b713f0caa9b56412a5c

SHA1
fca6af2f05c22e60187a7053d9a1514e558e0112

SHA256
f44246afafee651aa3cf691fa5827808b16a5ae162e165c91d8aca7dfd66378d

SHA512
a2d940e681f351c70bf0692ee36c498ce81d3d60eee406000c88cda99106bd1a7a7f520dfab87314317f2d5ca2b2d7b2b69c168be2dd9db6b087ea7a1b2826bc

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10BeginSession.cls_temp
Filesize
77B

MD5
dce4df6548583cfc55cf8fcfe79328d2

SHA1
c57c36c90158f4b559772cc2300267443d7e1a00

SHA256
c226f7ed3d7a9b8ca8f410c43587a7dc5640139d7b39b7d88a27d7a65f948108

SHA512
ee0073515193ded56b2e3fd629004a4d83799d6b039246dcfe80312097f49185cb4588404765761d3428b7b14fffd1f23328836c21f8301849fc2e2b9378258d

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10BeginSession.json
Filesize
132B

MD5
418b4133dd53d823f83ebea37d2024da

SHA1
a71c45441bd66ba8d90cb8e60894d76a94808733

SHA256
a8a6bf53bc5bc291b07af0cefd550f801938f9a14b7dff8ded00bd4e400619c1

SHA512
3611f41219c6f4496bc0f2864a28e47f18d0581caa5410161b3399eb2ccb5e322233637e7ad210b9da5ed97bdcc92c09bf8cec6e50ed01eb16f747d96826d729

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10SessionApp.cls_temp
Filesize
114B

MD5
913925a0ba88c87668302c352c10521e

SHA1
fe40eccabe14d45b7a5b0d527fb08d0d6f0627be

SHA256
cdb2572a4668c57c68cfc321110f100fa9db44226db9be5ee9cffcaac2242d79

SHA512
5a76e136589e353325ca237f6d3c5ac0126fc9d2b337b68d03a1da68e29a1c35f852da5c8d184b3016ed60f173c16aa708430ea871046a6b94d9d40a9d5683b4

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10SessionApp.json
Filesize
228B

MD5
59e71082947a66d7942e4abd40a4a003

SHA1
a926537aae1303dc9801421cdd78b8e01a38192a

SHA256
15dc2d9c33bf7a3ef308569c66f6b46ef9afefac5504ebaafa300babb9c71baa

SHA512
ac32de05f9c87165b55fae45bc1581544bb65a29765463978a2fc6f0a8af720b4f3c5bc1d57fa401bfdb3016541ef73fb239a1b6d6a2a2abbabe772589e9489f

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10SessionDevice.cls_temp
Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10SessionDevice.json
Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10SessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFC201D2-0001-1053-6070CC6FEF10SessionOS.json
Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
400B

MD5
c82134eee98244491e089ed9d613052e

SHA1
50c7b707e079b94076c1f7433fcd6e3fc5009afd

SHA256
5421644b3d4c4ff49e615385a1ba31043b1810bcc5322f44cf7cf54ab6510b2d

SHA512
856fc9b074e384cb9896df5a6bf141056b47185e6bdf35ee89a1862ddc5a88e0adf88a82bf5776aa2887a28f40da71a38820887e791683087061e17762af0392

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
78df811f363fba6805df0b2b5b5fd184

SHA1
5b0e7b1e1632a6618b6ce243983595dda6d6adef

SHA256
b9774dc0c0a3706829391386fe845f1c8b5e9040e118c02da1cee8e87d5fd844

SHA512
d23b1f935957c0f6292fc8152fd4db228a816ef6917e0f26850bd1012e33e61b97e545e69cd0e9734074f0742700d13a9939346034930537f6120b660974758a

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_37e9e15b-459a-45e1-8096-49363ed6a48f_1718271947464.tap
Filesize
456B

MD5
345b84607a0abee4b8fea652accd5d78

SHA1
82ecdc14f725509ab9ab9f318e71ab4bda53c8f7

SHA256
179c8b8875999af7778215b7c2cd88d54e02f3a44db3a07a9683e31a75016831

SHA512
86b10dc1c2af0675e487e20c70635b20dd6b27ecb7e03f6068db3cd9f01c95f71d2977901f02b239e6267e5ff078ee6dce122990197bd1ccd60a4955127ddcda

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_48621acd-07e9-4847-ac59-66fa68d71ec0_1718271941919.tap
Filesize
323B

MD5
3800cb2ff00871782705e80170df3f76

SHA1
4f73c47cae66b5c3947c3c107e7704188c8d8d98

SHA256
fe4ff7a23564e7b35e4b4eb437a2df6396e67cc68f1cf40d256e841f209df1e0

SHA512
fa45e14fbf52652abf0f2606e5a2e2112745f7a93ec25f2c846539699fad869b5a529a9768bfbac613eb6412564d588fbd075a66b0cdd9cf305fd9960eaac01e

Download Submit
/data/data/com.crosswordshop2/files/frc_1:781768038277:android:5878e7cd29c0502c_firebase_defaults.json
Filesize
424B

MD5
ec8d89faa6119c15b836e0bbefbb4274

SHA1
1919a456f2fb66374255e85c5402b02047e020f4

SHA256
5ccfc8115fb718beaf8552ef007f2b9953979230ac7dcfad8a925237507eb9cb

SHA512
6bba1aeff226e59c821c3e7b48a32ea23816926fc406b2f05b5581fc075dd1d5c4a8b26af62d9fd63700043022dc88eefcfc38b8c9faddfd5f663d152c07b005

Download Submit
/data/data/com.crosswordshop2/files/frc_1:781768038277:android:5878e7cd29c0502c_firebase_fetch.json
Filesize
4KB

MD5
e4516983fb982e9c99a57f46114b3609

SHA1
a1136c6853396c854fcaba33fe631bdf29b9ffb3

SHA256
b96b3671e99843a5ab255769c455413618255bb6e342ffdeed4aee8d173e3cef

SHA512
553ad7e65266149aedb34651e339fdbf42af3b1970aa183efb0d2aee8b3849ae36cdb0a0f4175f706074a0fd4e5441937e00ff434b1028fb63ec96122a72b97a

Download Submit
/data/data/com.crosswordshop2/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
c3d400546cd3def10bef581ff6bfb43c

SHA1
3706641bfa6d21aa6537c80e41056bb9cc81286c

SHA256
9755b323d436be0c9d7b2449f2fecf34875582a3deb7842ae6e4c01d4d7d132b

SHA512
1d930be5d6638d46bd23cdef2fd7029119adc81a24a0da3ad7deefdd1179d9af4c23002bacd63526dff2947344e80ec003594ace19d91ff41b489850fd3a3daf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads