badmirror | 90c0ecde25d7f1ab42b34eeae85b2f606f681bcad00ee6e2e30c7118f56cd3d8

Analysis

max time kernel
2515572s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90c0ecde25d7f1ab42b34eeae85b2f606f681bcad00ee6e2e30c7118f56cd3d8.apk
Size

5.3MB
MD5

9ad149d812ac92e6e5c7724242f76e42
SHA1

1a3685616366c20a620e5bd92355efc1b9eac042
SHA256

90c0ecde25d7f1ab42b34eeae85b2f606f681bcad00ee6e2e30c7118f56cd3d8
SHA512

a8842b0a034ed7a8675dcf0794a24f5769ea4b0059c511673fa79a959cbdb86679cb18686a5c4ebb3100dfb17624972afcfed8d918e2a1555471242795e55645
SSDEEP

98304:XebcQQ21wqv4D4KmdX5Jp2AUjqw7Jo679Bqy5Sy1YMn+F9QgXl7F5Wg/EUgCDQ:XebBtvA25Jp2DjqwKejqmSy29j/5Wgsv

Score

10^/10

badmirror infostealer rat trojan

Malware Config

Signatures

BadMirror
BadMirror is an Android infostealer first seen in March 2016.
trojan infostealer rat badmirror

BadMirror payload 2 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_badmirror
behavioral1/memory/4202-1.dex	family_badmirror

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex	4202	dbdp.xyrlz.ffdup.ZZZ_0048
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex	4259	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/oat/x86/ysrjh0yjk7y2ac35.odex --compiler-filter=quicken --class-loader-context=&
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex	4202	dbdp.xyrlz.ffdup.ZZZ_0048

Reads information about phone network operator.

dbdp.xyrlz.ffdup.ZZZ_0048
1⤵
- Loads dropped Dex/Jar
PID:4202
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/oat/x86/ysrjh0yjk7y2ac35.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4259
- ls -l /system/xbin/su
  2⤵
  PID:4309
- cat /sys/block/mmcblk0/device/cid
  2⤵
  PID:4329
- cat /sys/block/mmcblk0/device/cid
  2⤵
  PID:4350
- ps | grep dbdp.xyrlz.ffdup.ZZZ_0048
  2⤵
  PID:4369
- ls -l /system/xbin/su
  2⤵
  PID:4388
- getprop
  2⤵
  PID:4411

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex

Filesize
1.9MB

MD5
98140b29a472103405fbd4fba27e3080

SHA1
44284968d2a45c8f8980157f213b2555e5ea85b5

SHA256
18e738105128b3f2f362c35c51e08fd037716f65057cde8c6dd39b881dc7c0d6

SHA512
087a2dbeab374fdc43f7f349a7dd266bc14905328998bb6bdb67af6f1bde5ac342e90bae98f57762c953a9bebfdb62d5dd1024a4f3197e402c046e03bb59c4b1

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/cache/ysrjh0yjk7y2ac35.dex

Filesize
1.9MB

MD5
665c69d9b5386f65cac18824b8aa7c86

SHA1
6317f7a2facefbe9f8c042ff13ad676a48341c7f

SHA256
581d653fca2930d7aa809ac71850ed8725f6758ddfde85a4941cd98008a9ff72

SHA512
79ba0fa1c010e32eac458d83bda8697bdd869987ad2d36bf64a83c0f503069e68fae106957c509f2f2e554b5dd8892022f2de2445d003676328f946cbfec51a7

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/_zx_lib/libgame.so

Filesize
5.6MB

MD5
f7df6753e93a1217f340d5422d56abba

SHA1
6c59b01826652fc29dea0c1df958fe686dae5059

SHA256
9c4ee199171dbd165d171aad126fd4c4de8767f698afac4d1b7a18d42fe5337c

SHA512
b402aaf7009ac369998d47d576001c021953b2f1312b0534fb34b098f42704281a3c5afe6206d591aba3088e93921177718aacb9d5ae00f6f52187dd233330d5

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/_zx_lib/libhelper.so

Filesize
17KB

MD5
ff77b5d69b34041a8e08a6aba4eb1767

SHA1
1f78eca6afe441a5c059b58c98d7bafb3450177e

SHA256
78607f7e8ec75e26163536369b8a14de47aa35609616dfd520229e056d596f77

SHA512
09ed69804f14f75356ea2d4e57b7553f7df7cca1b182f9783da585ccb7209f7c0f8c35623a6fb0760779d32bd70301a7cf94d97b6274b58a35eb175ed5fec84c

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/_zx_lib/libsmsmanager.so

Filesize
13KB

MD5
21c9ba13d9207e7387d13990dba81ae8

SHA1
fe1110fbc573e9859c94e9b18c7a2c1af52d895e

SHA256
3cc7323f29bf4b749b8ba79010f36d626dff620fd217af6f1ab525b450a8b466

SHA512
65f901296b8f60228993840a54abd1376141c404b3e356afd7092a2c240c198bd32217533cca13b8cebc688f801bedf3accbedfd0157b84daea5350b89a68edc

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/_zx_lib/libzxvps.so

Filesize
29KB

MD5
afe729dc54192b019b8e4ff3515adafa

SHA1
1a90e6319b73e62613c1700deb5aca73ce067401

SHA256
65504aed14f238f911a21a632a30ef99039a48c9258da23c0478a593735911cf

SHA512
304d97690703c25a6ff2df7a3862f400479ce0bfb333df55fd7c27a95a7604c1e19273f87e10ec3c2b12c9d11be65f2748d80fc46dc604ee07115b1d67db31c1

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/_zx_res/baidu

Filesize
2.3MB

MD5
bda3a8dac9a5e0831a6bf4886ea743e9

SHA1
3c91c06295f97a00ea159e66f25f4f33a74fc271

SHA256
7b50c252bd10bc7093401caeeb33901b149c2469e2e34343915bd08f2581b9e6

SHA512
46f47c936e881d46875d560594502dd1af4b68b3374f27e287e83c461f4e1043f5c5cc86aa7af9e77678401fab4920d5f601cd0c5abbf9c3fed92c84e13fb8a4

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/_zx_res/config.properties

Filesize
206B

MD5
d3fe04ad6627b9599e543434309618cf

SHA1
5f41fb0b65c8228193b5cce43fd063ca8937e50b

SHA256
4cfd2415d804ce026b0d9fa40f2a01f0971de5ced29a4a734cc8c5b87b07b22c

SHA512
533557e41eb23959f7f6af697826d9b0bb7afdd3c7dc55ee89176cb0fcf5ccc832dc0ccf986b460745378619bf2734416ab5a96b61c327f9c139298fc0146258

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/dbdp.xyrlz.ffdup.ZZZ_0048

Filesize
85KB

MD5
ed9c434880cd9611a42fe7b681580062

SHA1
8303bebc2c7f804bbb214eeeade9c92beb2fed42

SHA256
4ea7a3f34fdf7d658c162bc3d56098362115acf8354f02300f0047c5beaf6038

SHA512
df030537df5f49663a4daeb87910453de182ab3c5d82720c64eda94d6b2a0b9fdcf81569c1b429085fa1ae88d4b08ad57742205a76087b94c0bbd90117d43be6

Download Submit
/data/data/dbdp.xyrlz.ffdup.ZZZ_0048/files/getprop

Filesize
9KB

MD5
7ec5425ec48f66ac55b7b05f35bee0cd

SHA1
33394a362294f5b704338174239ab98ae97bb76f

SHA256
0bef74a3fe94417a71bcea1c26e4cad02433b71c75a3c5871eff062ab0c502e1

SHA512
10940d602c57a3d5a92450c955384336848612dfdb4a5a314466284b5690a4396803e3b9c0a3bfb8bfa8aa2a674909165a99f471a1b09e6110a4c7fa21713707

Download Submit
/storage/emulated/0/.Systemp/device

Filesize
86B

MD5
373054c2628e190a671ef7ba0d498025

SHA1
8f9e1d20f3b738f72a0e2c9aee1c51e553d824b4

SHA256
5d323f2f89b596df5586ebaeba52cb1a33debb19e9d4232d4d6c01f9297b796e

SHA512
c8528805e17fa257bcf2a83e26c274623331e2447c42289c6902a1af0f23df99a44f81cc22ab966e7512bbb77142425ab927bd692a6ca068ccd41fadbd092808

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads