General
-
Target
3d812f2347769dfd107848153c7a1377_JaffaCakes118
-
Size
5.6MB
-
Sample
240514-cmc8tafe73
-
MD5
3d812f2347769dfd107848153c7a1377
-
SHA1
6c76c0d5a7db5d3dfaa9eb05f364b31d47610e63
-
SHA256
f5c5fee10ceee52030e0216f68b83e46970b0f0071f1067cca48dfe2960dcec4
-
SHA512
f6e3103fe1162f709bd2186c1f38fdd6c9a2a1fcf1234e8fba6979407a2fe1c1cd0c21eb9b3b4c0fc42ef3db6316086c1014c5a4d37447d44cb09db8dc62d6e1
-
SSDEEP
98304:sMspe9iF8Gghf6Y1YW7jnnVBhDokAZgAFCN63RQWeW7QzlNmNha1zXB13eUd2SMc:Cii+LpnnVbwZDcNQRQ7Wcz3wCEgiDA
Malware Config
Targets
-
-
Target
3d812f2347769dfd107848153c7a1377_JaffaCakes118
-
Size
5.6MB
-
MD5
3d812f2347769dfd107848153c7a1377
-
SHA1
6c76c0d5a7db5d3dfaa9eb05f364b31d47610e63
-
SHA256
f5c5fee10ceee52030e0216f68b83e46970b0f0071f1067cca48dfe2960dcec4
-
SHA512
f6e3103fe1162f709bd2186c1f38fdd6c9a2a1fcf1234e8fba6979407a2fe1c1cd0c21eb9b3b4c0fc42ef3db6316086c1014c5a4d37447d44cb09db8dc62d6e1
-
SSDEEP
98304:sMspe9iF8Gghf6Y1YW7jnnVBhDokAZgAFCN63RQWeW7QzlNmNha1zXB13eUd2SMc:Cii+LpnnVbwZDcNQRQ7Wcz3wCEgiDA
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the content of SMS inbox messages.
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2