561bdb30c49911d5c4829d800cdde1d01b472192cb3405e3224ae4d98491d534

Analysis

max time kernel
166s
max time network
148s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
13-06-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4e9a8411f0e71e255b20db46374f3fd_JaffaCakes118.apk
Size

14.6MB
MD5

a4e9a8411f0e71e255b20db46374f3fd
SHA1

3963e35bf62068886bed19137152a96f8a9285ba
SHA256

561bdb30c49911d5c4829d800cdde1d01b472192cb3405e3224ae4d98491d534
SHA512

43018fdf9e09dfd5c45bbc9ba1c55aabdc7cdece266e0140c2c3352d3b528a148676a914b1b8e1982a8b5ae5528db76d72a620ea9fbcfe7bcfb754ccbd20f3c0
SSDEEP

393216:wWwDL1M777Dx6bW11xD+LHOFFmtZNsOmyJ8oYBA0:wb+x6bW1HSLQItZubPF

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.crosswordshop2

ioc process

/system/app/Superuser.apk com.crosswordshop2
/system/xbin/su com.crosswordshop2
Acquires the wake lock 1 IoCs

Processes:

com.crosswordshop2

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.crosswordshop2
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.crosswordshop2

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crosswordshop2
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.crosswordshop2

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.crosswordshop2
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.crosswordshop2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.crosswordshop2
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.crosswordshop2

description ioc process

File opened for read /proc/meminfo com.crosswordshop2

ioc	process
/system/app/Superuser.apk	com.crosswordshop2
/system/xbin/su	com.crosswordshop2

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.crosswordshop2

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.crosswordshop2

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.crosswordshop2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.crosswordshop2

description	ioc	process
File opened for read	/proc/meminfo	com.crosswordshop2

com.crosswordshop2
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5067

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ec60df0289b9de003bf4e9c268b557d6

SHA1
ea1e15ca2aa97c982083555b26f04c967032e4ca

SHA256
f9ed15c9b43b8316711345b863f927e38ad3bb6cab769fb9323d79b6daa8c03d

SHA512
6298a9fecac4355888b14942be5efce984da54e6a98d779308bf42045b399715eb84d0d51d15968a94c03e98f6a4dcc02febf2ea096b307ca32db911566c54dd

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b517542c4265e706818039ed693abc62

SHA1
07ac05cf1cfe66ec16556c157558f2918b74edea

SHA256
4be86fe66c4bed62d2cd75c9b89e69d38296a4ef4126c5be533bba68ff9e7e81

SHA512
83f171628273aa5d667cdb4ef8e01285d21c28564e2f08e61bf568c87be3e5b4f3e42ddff0fc14ee171e7eccec79bedfbd68fe662570e124c41967f03ae5701f

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
12541bf7a82787045bff00289e58dfa5

SHA1
2d4ff4c71718b6083a723cb2ebb89a2bf2a188b6

SHA256
d950efb5197e3d823d42858b7f6d952fcc5095b794956ad311ba6420583cf30d

SHA512
ef3f2e66a43d487215dce1c1bc02e6ad1daa3d02ba3337ec67737fdc9b68efe26bab8ff6e425dc9f8d62e3498b036cdc516bd6c60240870ec926f1d7839eb0cf

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c5c5eb246cade577e182b7f4fb16a25c

SHA1
80324c6d580f3f873015c84fa4628b0d68fe7403

SHA256
984a3c1e302d262548dae56743c70492bc5d5aa4ab081f685a37522b1afa3fce

SHA512
62576fb2b41ad3eb8389487cd44bc9c2cce2f1e344e84c213e5527bee90a40e3932083952dfcd6bce87b83a538ee30e1110b5dee1a2fbc6e46a77552625d888a

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
23f78d2b44ddec9c2064c2a7a10f79b5

SHA1
645887467479c557d35a32c77c7b6057bbd69c2a

SHA256
3133b2a0c0bcd2fb58fc83c6f28315bace120be58c150fe1915f4ae6210c238e

SHA512
f1d40531ad9eb70d72f1f5b5eca28575722f79f8c72ace411d8f43ef06e6631b20170e79ba41efe4d01424c6b3de02459d554a53db6f085030da188e1650edcb

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
377c7f851a10cd175df568f30b743a5c

SHA1
f67f8b91ab68057b05d4ce4358298aebe801aab0

SHA256
5025869f97ad804a3a91f03fddf48a1a813d3f3ce3b283608486b7b1b0c4fe5c

SHA512
70eee31cbf4c577c3331944793737b5f7353cfab560992cfd351b30f2d2495ed5388b3e654c60c5cd91ef9cca29bce2b9bf85b5ff09edaae947754f3283010b4

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
45cda510ae0cbedfb04ad795bf75db5e

SHA1
2a0070c55ef4b6ab05cb3e49d397374bdfd3d252

SHA256
54ac4dd8559667e183414fe4e860b145726de93b8136d875f0751578cbbd4a96

SHA512
4e138c615b16386913ef5ada6c74c7fc77ca8e915a7e3f59c32373b89b36f728a10d165269bb383d74b5c58f75163ff0995500ce157b2bb73d8dc9cb23318984

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
e2abbbdee0877b70c9ae6a4a57ae0f5b

SHA1
45202afbf483fc68f8d96ee3169b5f4376b5704b

SHA256
2c3b8dc410b1a2e24eea43d590765ab28c3bd68faaac733f520a4879e7bcf7b3

SHA512
168f68f8c0315ccde3b845a460a0b4867ebffaa92b5c2004a830a03e522b7b195af6dd19670a88e86c3fb59746be25e9ce22092bd8762ff4adc7e102322037a4

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
8d21dce241ac7420b451516cf136e154

SHA1
481e80de8f1da6ea978071430a8f1e6942891672

SHA256
d4d04f3c10ec70d74e6ea5596f787566abcf02a78416e891dd0e7e34cec7f43b

SHA512
856e76b9fc091c350149c31284f9358aa1ebb75257ab76c38240a211202378bed18edf28e691929942a060bb1049199f16cef67d15fc145279af90780dbeff9b

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
3dde65ba43d2595a4d7f99bbad4f7cc0

SHA1
53fd9c286f7b1717e57e0533880c19b0d55d2784

SHA256
0ff4a00db89283696ea74d0a0d7520558f8c15beb45c6b3d2544c930a262dd3f

SHA512
9228e08729953c48feaf1e7e1542cdbaff4b86faa2325b0af33ae5a998ba3bdfc9686325def61792e4a0959f07e5658eca85a45dbd6c42f195210b9969ae0aee

Download Submit
/data/data/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
6db7d501ddb5154d19456746598566ba

SHA1
08e18c562217276cfa98daceda529b506021cb18

SHA256
9443a0b8cf0f5bbe2cc7f163806b3e3c7096ba831af2ab94b275f6ece22570a5

SHA512
871263f908d3b980a2c2b17b3645198199098cdb7e2ae0fae738af379102ab6927fb7499c4db2bc7857c8d4d90fda822b3ad807969d27eee9ec751771c7623da

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFBeginSession.cls_temp
Filesize
77B

MD5
b0949a62d3ac2a4a772f8ec29c00ab22

SHA1
7ceaa3e0a30aa3a439d3e3d270ffae8fa468478e

SHA256
5d58b8521d4faf1af93fb75759238d2e7b18ca467010346c264081902fb1cc77

SHA512
ba85fd680e99ffc7194773bfabeeb09772fe59218279c652ff908ebac9920be53f1e5bb7594f295b4b77ebc54f6ea909d3fe046ee9b87df5bb3a82ac93e97348

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFBeginSession.json
Filesize
132B

MD5
4418ef1cb3090f1bb8b050a1779d8908

SHA1
e41565ab7337a8b643005adab3b67c7891c02791

SHA256
4664baef03a53ddb454ecc2d2c777baf72c240838e7444d3c99fdda60c369394

SHA512
407814282246d8fc30f858bcfd4aec37284149122616020cf55a6b0846a4d1a80a02d4f731befd8408e300f91fbd726e43b2257a382f42c58b1cd0f7fd590f35

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFSessionApp.cls_temp
Filesize
114B

MD5
557becda7ce2dd5ff9495b81a1de7be2

SHA1
45379aded964ef4e6ecc3b506a2d1ed00d37ad5e

SHA256
90f0d1dada87af82b6157ccaccbaf7a67eaa0eb91119aeaaae3dfca4aef22d17

SHA512
73d18a3a35bf423ab7f434d29908b6cda5f494ec62abad73138bdfa4196f4ca5207f04710d8d16da809430fa9591a195e2efc0e1a47541191e32bb0bceb40c54

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFSessionApp.json
Filesize
228B

MD5
ebc10ee14b5275c610d1271d973c655b

SHA1
55409d5a533718433d1950b67000f43100314a12

SHA256
06e02bd366871fe28f0fc1e54c94664aef9b8d10dbfd59184deb4f9f9c8b5f55

SHA512
168de66ac6908a528d44cbefdef940714fb88a97ba88a5bfe0d999f9831bda70b8ac38e9e47555041846b9d355f85947eda5f700cd96a204c5b099d9f34000d4

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFSessionDevice.cls_temp
Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFSessionDevice.json
Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFSessionOS.cls_temp
Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBF01E7-0001-13CB-E755019E2DAFSessionOS.json
Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
401B

MD5
03e66ff1778f8d3a2a702676b073386a

SHA1
562f29769eb3333b24886e8626b5bb13a5dde5ae

SHA256
c4639d218545d48214933fd5524590c4eeec4af2c71a75c2da604633df72d9d1

SHA512
622ba567d881cae1ee1ecad1c8efc9115d0d2d89496eb2e629edf731c0a66811983276707d21cfe8a1636638474237279d34538268fd05ff9a34e39dec45bca7

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
b146c4c999fc8de3502a58005f8d1388

SHA1
a8ccb4617e46727d7c02707c79db188b7da5d014

SHA256
89fce4037971b449734e46bf238d5488449a8351f0fa93b122ec9ead9e8c9d20

SHA512
2c718066a57b3bf339cc0d480c14455df0257fdd73211793c743778eb6c8a706dd0f75f0f3e900851dd3d6023a4332150da2774ef1041c1287631ee7e366fc88

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_0bd0fdec-a8b0-4565-abf8-e2fdb5a0dc63_1718271944412.tap
Filesize
456B

MD5
c7535176e0c2162d0c5bf2a80a635486

SHA1
cd3a325cb0c9ebb647a1b77b29e611e1d7d69f4c

SHA256
5932a61753dc86c9d44fdf4c12dc010d86b8c8bd3eeaf850b7fe0caf38190605

SHA512
371e4c05b73683a1e44cd7ac2dab6ae2d4909d15dee95a16bc8468de2f3661389b1f0fe54d389050a84dc8ebeb984e1497e652d160675274a015c391b937feab

Download Submit
/data/data/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_cd583277-0f61-4234-a518-9bb8b9cdc5ba_1718271939043.tap
Filesize
324B

MD5
8fbd604f305ed9c504822bcca718d372

SHA1
c0004d289752cee1cdb20b555beb3ee90f9c7020

SHA256
fff6591ef4f4d38bdb9e35f044849b0bdd175669598020e5218e8cc55086e401

SHA512
8b851c7d514f5725cdacf43d92cf3c1724214360e118242f86495e658a0f158ba5a7b6dff9f950393c853440228f411ce1d6d2f4e4025faa4270bc3eac912486

Download Submit
/data/data/com.crosswordshop2/files/frc_1:781768038277:android:5878e7cd29c0502c_firebase_defaults.json
Filesize
424B

MD5
ec8d89faa6119c15b836e0bbefbb4274

SHA1
1919a456f2fb66374255e85c5402b02047e020f4

SHA256
5ccfc8115fb718beaf8552ef007f2b9953979230ac7dcfad8a925237507eb9cb

SHA512
6bba1aeff226e59c821c3e7b48a32ea23816926fc406b2f05b5581fc075dd1d5c4a8b26af62d9fd63700043022dc88eefcfc38b8c9faddfd5f663d152c07b005

Download Submit
/data/data/com.crosswordshop2/files/frc_1:781768038277:android:5878e7cd29c0502c_firebase_fetch.json
Filesize
4KB

MD5
763f6c1f6ac20ce150b0e74c5c8af550

SHA1
b60812b6259dd6d876f83da228e2580c85d7145f

SHA256
771352a7fa935ba06347fa0cd85ca781c74d58a344e6a7605a1ff64ec9abdf20

SHA512
d086c783c08e1d37f1992834e801feb5a0338e605c0f74b13fb2ca6b7ca1cdaaef37baa9c561bdb79df2908bcb2c24f3eb50811f43a8d7172cb593370b2f7e5d

Download Submit
/data/data/com.crosswordshop2/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
f0cc95cb701c8e4d8135ef31c91fb81e

SHA1
19d36d43a16fa6a0aca40383a6d8a4da8f019a82

SHA256
f18ceb5181523410257d143d90f55a4a11400bdbdfe4613b0a306bc2570b18e6

SHA512
eaf1318050fa49e41a3b5a779520904082c995ee041a7b5d99763b5871ae7dba006c360eb1153af926080051f60508c72a234ff0570a5a02d7ceed663fb63a85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads