561bdb30c49911d5c4829d800cdde1d01b472192cb3405e3224ae4d98491d534

Analysis

max time kernel
82s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
13-06-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4e9a8411f0e71e255b20db46374f3fd_JaffaCakes118.apk
Size

14.6MB
MD5

a4e9a8411f0e71e255b20db46374f3fd
SHA1

3963e35bf62068886bed19137152a96f8a9285ba
SHA256

561bdb30c49911d5c4829d800cdde1d01b472192cb3405e3224ae4d98491d534
SHA512

43018fdf9e09dfd5c45bbc9ba1c55aabdc7cdece266e0140c2c3352d3b528a148676a914b1b8e1982a8b5ae5528db76d72a620ea9fbcfe7bcfb754ccbd20f3c0
SSDEEP

393216:wWwDL1M777Dx6bW11xD+LHOFFmtZNsOmyJ8oYBA0:wb+x6bW1HSLQItZubPF

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.crosswordshop2

ioc process

/system/app/Superuser.apk com.crosswordshop2
/system/xbin/su com.crosswordshop2
Acquires the wake lock 1 IoCs

Processes:

com.crosswordshop2

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.crosswordshop2
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.crosswordshop2

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crosswordshop2
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.crosswordshop2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.crosswordshop2
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.crosswordshop2

description ioc process

File opened for read /proc/meminfo com.crosswordshop2

ioc	process
/system/app/Superuser.apk	com.crosswordshop2
/system/xbin/su	com.crosswordshop2

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.crosswordshop2

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.crosswordshop2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.crosswordshop2

description	ioc	process
File opened for read	/proc/meminfo	com.crosswordshop2

com.crosswordshop2
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4417

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7b1e1011e33569893ddde3dc4696fc94

SHA1
d050738db0f8050e66ac0b4fcdaaf40ed3f9ed23

SHA256
f2cc3afdc465babccc132bd3051c195829bfc7a8c4627ace2570ab3cdfd0f0d8

SHA512
5ab017e6a240b1509be1edd61a089128b83b22d69ac2f045cf5c2e9a2c45ec18eb3fc0a31d573d55718ea7d3c2eacc3a675dfd81d1aceb93b932df67b541cb66

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2b7c7393049f4d922263e6a8a525856f

SHA1
e1c444882a9a9f2a34b4bf5c8b023f0139559858

SHA256
6ff03c8dfac7d0f289fa57e9bbb327c7c9d8d01f6b65448da3cb34ecdc48b32c

SHA512
7227b8df7184ecf7e6836d45143032eaec5ff0f5bb62aed30591bfba4a6c0644d5690d37fdee9548382b782680c0ad983085abb95dd4cbced6fff43c86977e67

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
374c2a21d2a0d6c11f8d3487fb517092

SHA1
9a2caf2d6814cfb2968774dc1a209f112b58ca2a

SHA256
6d483d713a0223eca0e94c67f0fbe615292043d9fa9168b8809bed65958c655a

SHA512
229abd7c0f797f61758c0a77833299da2f5b1049fb6aa20a4ad6e571c8d22ae5d60106aa6876297dfd83c673e9fd62f5295fcfd63de056c569127bccd390d355

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
32a1731870ddcba89954a0271107bc35

SHA1
49ca67e280af09db3d150fe156a839248976952d

SHA256
4b70e4b4044d383691b50b9be7407ae967982668c4a83f6a3a59ebd81c97cf0c

SHA512
63d39014f90524a29a0cbcc13c56bc75522f5f4de4159d007661095d4ec82e0d597d22c987b87d5edcfa17dc85e2e169f96cd3823064ca73ebb4440865d84a0c

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
0bb74a58cce87818fd1e7031e2fc1f0d

SHA1
70db1191c3fc35536a9b91ac8cda7c87ade79ab1

SHA256
78e22560a303bfd3e8c674f7fe19e783fbb43d1039f4ca96e05ea24a39f39ddb

SHA512
04a4b58585d2f3c1f07ff254ee4c197998708fc038dc21570a93ab07e109d6c50b488e7752200c2ac7e51e422a83ec28bd68f8e8060cbaeede1f9a15c82a277e

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
ea99d3547609fd254f4db6bd7416d308

SHA1
07cc3ca307eac18bdbc1ae51ce1db8246550fde1

SHA256
a1c9fa54335490d457756102f857e5b8c1c2491af2900a90c61e8da3f38b4fe3

SHA512
eb442b7c77c0c3b6ffb2d324493d1822074bd07a4cd6cfa91f55668e76632693f0cd6a9d6937bd9717f31c4509d43016967bca18fae4eb86a74997321b10f058

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
ed62a04f384dbf069181727c0c88bfda

SHA1
927f6b989fe69fdfb8854c6d58a2a4f15d1e4b77

SHA256
482553dd15bee35a6aef34c770671ca4cdc3f9c3b52dc97c568bd04da4fc6c3d

SHA512
fbccc5882e735e9afede13bc30a060a42c3141a32a874fada6e09ca650859f65088febd34b4cf69dce792c773e90b5dfa5ad21a3365f8972c722ea26657a7959

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
1677f5675f639948045b978bd1f7e8b5

SHA1
b9488dd96cb252716b7ad526d2dd1017b580e989

SHA256
d95da5c8002f16ec2b303d6f70306c326d0ea0adc4a0e8977cce156e07f10541

SHA512
1a8e48463442153895d50d9b78ed5ed8b4b365d84fa18bea03ef984d818441ecc2e90f45ef4a0ca337bfc2fbeef8474614068a0ddc502d19d830ff296adb2b41

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
0019a6777f152bc37514233c03354f56

SHA1
19115e4a34d58a9e02fb077aae020475bf47ec5e

SHA256
9a5d1605eb6466f0bff9f99c2f5623d26614ea656433843a47c38c9029aa6081

SHA512
49f53321f0f042d73e5407883898f70bc2667d6fa8e3f3cb9953c8574d08f7df71ab68f05e08a41272eecdc03622f372ae3089dc10f7b03c5ce89a85f49bd3de

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
1d7e5b620be40ae43ded878bd57a91d7

SHA1
9e18e5b9812b403ebdc6ed23b6b3ebf1337b254d

SHA256
1dd245ceeedee59c937efaaf6e1b6c86dd6a7a757d4b5fbfac6f54705ce5b5e6

SHA512
5e3c0b529b63e4c32b2c44c1f4a6950edc5cb7e3ac7b34b4a1fb0c0003e6a86045ce16808e94ea75ed7b8f5c11e99ff2df01df0df02ff02816662589f46e0454

Download Submit
/data/user/0/com.crosswordshop2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
5e0f89aa0c61d59031fbcbda4e4234b5

SHA1
69dcaa4d98f30609aa43fd47c6d3b0f7addb0123

SHA256
8faeb8a203a51515a2967bc2273f7bda406015a0cf1113b5c197eb64b5512733

SHA512
e8d02971b645a6cd6677cb332a96624aa60bba4174314d9992dac52462ea3305dd5d11709ad4242870a201dd65e98e9912acde8075d7f13882684137d83612a0

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ABeginSession.cls_temp
Filesize
77B

MD5
0c69e0c74e69922e171f45a0e6b53913

SHA1
bd4c12420e7835bbf5a5d7255cde8eadf5fd6a30

SHA256
b25c79481b1fc0f215b4478e41e74c50af86f47224ffa3536b58be23239b1104

SHA512
2d4574d1eebaf6346f1578f96911611d7bd5a5ed0cbccef190aa8bea82e5b780a0869693185bfbfa945a4c471aad5616bfdc57ab5f8237b600b16ee3532dd878

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ABeginSession.json
Filesize
132B

MD5
152c55d2f0fe687dea61e71e05c80e89

SHA1
cef6995e066c310dd93d3fc8c501de74ba77da0a

SHA256
b0328cda416737f000084e823058ce5d9a63aae286bec1b389cbb4204964e2cf

SHA512
42950cee8dddae095f2288c59fa54efc84920318d3c44116ecbb6c8f623abab84aef57dbe110f0c369b3049c695efd8767f0ab5c8f27776b85e999a3636f458e

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ASessionApp.cls_temp
Filesize
114B

MD5
31931a1b00b3410992c0ec62282f8fd7

SHA1
18be3130f7f0f3e614c60d7d2d30308aeb825294

SHA256
edfb4819a5de1f5c15a400d134c29971884f822aba6473593d29fc3d897d6be8

SHA512
2c3c9caebf13cfe6c298695aa808a00f3d254c2626b5792e954cb1429e14393ca8eed3f557330535b2999ef413c8ddd2ec5226bef7730c930dd239a44dccf0af

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ASessionApp.json
Filesize
228B

MD5
40f05ee47be7469605b30e1da0242b95

SHA1
46defe3fb10d487565617c88b590dc027c458f28

SHA256
41fb2bb6c1fc08cbf61e23f6e28789f92e8d5b6ea61b5f188e62d061f48569cd

SHA512
64682d559952edfd2ac5607b38182db1de9ed3ccc7ad6c178dfea917ed42605942a465f3108e70210c899d6b7e2be29b5d55bdbe76ce868899bbd3c43a66e27c

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ASessionDevice.cls_temp
Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ASessionDevice.json
Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ASessionOS.cls_temp
Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666ABFBC01B9-0001-1141-2229ADBE4B9ASessionOS.json
Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
401B

MD5
a1572973b621ee1f19b14b11b60f274b

SHA1
3a1f14913f32c0b6090a37bdd29b2af1c9141383

SHA256
cfa39b4cc2625a1507084e8be08d8638e6686079a7ff725e501519c041fedfc3

SHA512
d9e5c2959a188f77b57eaba8c7931c50c3499b291cdc77625a777b7b62f17cdc75de6965ea01e39927d80955e4ea8b48bffff8b6fad42e5956ecbca169d46227

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
49cd759cd3afb9ef26b1e3987d49cb65

SHA1
557d054933ef38a512199268d3970e1c2e263da2

SHA256
6460cfbe413a9116ca14571cc30a150a91c4fea68a65f3cb269b43ea318dfc9b

SHA512
3b62b8aa9b13f7280a45027330e8deb21ffdbc2f1abaa0ed1c328f09a5b4b6a5836402bef48f5f82c9dfd7011c8b30c45c30eb3b0e446be724d59bd564869f16

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_32ddb98d-c174-443b-ae51-d575b47ecc86_1718271936059.tap
Filesize
324B

MD5
1c0139cb577a9e40d638031624eb5b10

SHA1
c9bd7f01bb691bf20186e1ceb1c995783f0122a6

SHA256
636b52c0ff80714d3b972c9f385e9756299022768764ea066560e932d346917a

SHA512
b8e8a1d6a84547f89ecfafedc1c11eb225f7faaffc2275f479a81d89b07092bc5fd148b5ca6865ca9efeda2b72fadafb14b09bd5f11b48026803d2a58f1c48d2

Download Submit
/data/user/0/com.crosswordshop2/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_df88cd0c-bb15-42bd-870e-b052e5898716_1718271942266.tap
Filesize
455B

MD5
d19ffda5ffdbbee96a58a64c4acbd084

SHA1
384a4fdf52e6d5177e90113c1c040cedcf6f9bef

SHA256
8080c548818790236830e044a03fd4d651d0ba943e5945f06b1da566ae6d8002

SHA512
86de39cdf45b32a79d862d2525e6f3a42f2655ca7dfffb028be8982df41f3e4768d7e6abd07518f3080bb156a4d7dc1da9b9c2de008998b4593d43bd01dcc9ef

Download Submit
/data/user/0/com.crosswordshop2/files/frc_1:781768038277:android:5878e7cd29c0502c_firebase_defaults.json
Filesize
424B

MD5
ec8d89faa6119c15b836e0bbefbb4274

SHA1
1919a456f2fb66374255e85c5402b02047e020f4

SHA256
5ccfc8115fb718beaf8552ef007f2b9953979230ac7dcfad8a925237507eb9cb

SHA512
6bba1aeff226e59c821c3e7b48a32ea23816926fc406b2f05b5581fc075dd1d5c4a8b26af62d9fd63700043022dc88eefcfc38b8c9faddfd5f663d152c07b005

Download Submit
/data/user/0/com.crosswordshop2/files/frc_1:781768038277:android:5878e7cd29c0502c_firebase_fetch.json
Filesize
4KB

MD5
4d947a64b69d84604776d6f650120009

SHA1
0e2c0649487dba4ce654011438cacb44323c6b20

SHA256
8046bf07114b0d5ca986c7fcc95f8629152113caf9e7b1f399b2d4f7dc27b915

SHA512
b00d28b2c1ec3271b6b24963222a63500a57446d00b68682a3c2e00b88e79c13b0c8bcffe1ec5df58803dc713482daea2b93248010b32bfd497d18f73569ff5f

Download Submit
/data/user/0/com.crosswordshop2/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
a0440ff8471734103de4d89646c18f22

SHA1
b38bbf9156fc4c45f923683ac06984ccdf9e3ef7

SHA256
1172f40ee30a1f74844aecb6d284b338b245090e8770b1a1f7629b92f116c425

SHA512
c6dc1da63438d2e6914c3724a9446f2f9d8d519075d6c7ab3e933491dc3349ca5547120d62f8edfad1e8c322ea216a0dd07391b2f55665a0b5e272b1de851df8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads