Analysis
-
max time kernel
126s -
max time network
135s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
18-04-2024 18:04
Static task
static1
Behavioral task
behavioral1
Sample
f87e055f6eeb8d14bb63ffb4e0ce01ec_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
f87e055f6eeb8d14bb63ffb4e0ce01ec_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
f87e055f6eeb8d14bb63ffb4e0ce01ec_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
f87e055f6eeb8d14bb63ffb4e0ce01ec_JaffaCakes118.apk
-
Size
3.1MB
-
MD5
f87e055f6eeb8d14bb63ffb4e0ce01ec
-
SHA1
b6bb7f9276c07f519a9ac1481c8b3f07adcd92ea
-
SHA256
ab9c193ca732d315d08a1063bf553bfcc9e8e348ed39578cafa0c4698434de02
-
SHA512
a2ef0e491ee4a30dcd0392ef229ec171f3f318ebde1bd94bf364b31f5a0e6d3514a18733bf8c6a3c41b98777bab3e80e80e6ea91a44b3d398529866302cd73a6
-
SSDEEP
98304:U3DAWOcunZ0QqQzN9HBFDQGS+/f68gl3Sn:U3sfnZn9h5p6ZA
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.awindmill.crazymoledescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.awindmill.crazymole -
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.awindmill.crazymoledescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.awindmill.crazymole -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes:
com.awindmill.crazymoledescription ioc process Framework API call javax.crypto.Cipher.doFinal com.awindmill.crazymole