badmirror | 2d22a533c0c2fef213fb7a9495c969e1_JaffaCakes118

General

Target

2d22a533c0c2fef213fb7a9495c969e1_JaffaCakes118
Size

3.1MB
MD5

2d22a533c0c2fef213fb7a9495c969e1
SHA1

728c857213a1c5880942a239b85035334046e003
SHA256

4d3f242b58afc2eba62fe72fd3acc8c1607361f8ae1fa00de61613f0f79eeb33
SHA512

3040726f574a469a797aa58a93109e760a69c7f44f311cccf4f229ccc28b6ddec48c1b559318f0600fe24654e0435554f6eaa59ef96eb8f59cf7431d79880267
SSDEEP

49152:m1hp0Qwa4lFsqpLm8Y31YWKZMEHt/XTBM5q6vZhmgMhWOEUwNoqO+t4Ir8LA94:kCvFsqclQugLBuq6vZhmB8OMeu4Ir8W4

Score

10^/10

badmirror

Malware Config

Signatures

BadMirror payload 1 IoCs

resource	yara_rule
static1/unpack001/ua	family_badmirror

Badmirror family
badmirror

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

Files

2d22a533c0c2fef213fb7a9495c969e1_JaffaCakes118
.apk android arch:arm

ua.bwb.gnouzughkl.t9ea5d41.c7dccb8bb6

.NvodActivity

Activities

.NvodActivity

android.intent.action.MAIN

Permissions

android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.CHANGE_WIFI_STATE
android.permission.VIBRATE
android.permission.RUN_INSTRUMENTATION
android.permission.GET_TASKS
android.permission.READ_SETTINGS
android.permission.WAKE_LOCK
android.permission.CHANGE_NETWORK_STATE
android.permission.RECEIVE_MMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_SMS
android.permission.READ_CALL_LOG
android.permission.RECORD_AUDIO
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.READ_PHONE_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.ACCESS_FINE_LOCATION

Receivers

.NdvheReceiver

android.provider.Telephony.SMS_RECEIVED

Services
ua
.apk android

com.wapgame.music.lmb

com.hzyg.voicerun.voicerun

Activities

com.hzyg.voicerun.voicerun

android.intent.action.MAIN

Permissions

android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.CHANGE_WIFI_STATE
android.permission.VIBRATE
android.permission.RUN_INSTRUMENTATION
android.permission.GET_TASKS
android.permission.READ_SETTINGS
android.permission.WAKE_LOCK
android.permission.CHANGE_NETWORK_STATE
android.permission.RECEIVE_MMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_SMS
android.permission.READ_CALL_LOG
android.permission.RECORD_AUDIO
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.READ_PHONE_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_WIFI_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.ACCESS_FINE_LOCATION

Receivers

com.mj.jar.pay.InSmsReceiver

android.provider.Telephony.SMS_RECEIVED

Services

Android Permissions

2d22a533c0c2fef213fb7a9495c969e1_JaffaCakes118

Permissions

android.permission.MOUNT_FORMAT_FILESYSTEMS

android.permission.CHANGE_WIFI_STATE

android.permission.VIBRATE

android.permission.RUN_INSTRUMENTATION

android.permission.GET_TASKS

android.permission.READ_SETTINGS

android.permission.WAKE_LOCK

android.permission.CHANGE_NETWORK_STATE

android.permission.RECEIVE_MMS

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_SMS

android.permission.READ_CALL_LOG

android.permission.RECORD_AUDIO

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.READ_SMS

android.permission.SEND_SMS

android.permission.RECEIVE_SMS

android.permission.READ_PHONE_STATE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_WIFI_STATE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.ACCESS_FINE_LOCATION

Sharing

General

Malware Config

Signatures

Files

ua.bwb.gnouzughkl.t9ea5d41.c7dccb8bb6

.NvodActivity

Activities

.NvodActivity

Permissions

Receivers

.NdvheReceiver

Services

com.wapgame.music.lmb

com.hzyg.voicerun.voicerun

Activities

com.hzyg.voicerun.voicerun

Permissions

Receivers

com.mj.jar.pay.InSmsReceiver

Services

Android Permissions

2d22a533c0c2fef213fb7a9495c969e1_JaffaCakes118