Overview

overview

10

Static

static

6

43d36dee79...18.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43d36dee79fc228fedba28bfaa3bf0ef_JaffaCakes118

  • Size

    7.6MB

  • Sample

    240515-a3x7tagf5z

  • MD5

    43d36dee79fc228fedba28bfaa3bf0ef

  • SHA1

    a6f6ad825512be74b2abb409e76831b12327d389

  • SHA256

    07786d0e814cc83406a832ca483e319d03a5ffce733468adc7e1495d5b26f4ce

  • SHA512

    09bfca7ff89791a415adbb467fbbb9dea30985e86657ccf7ad34d351c4b8afaf198befe2ba55ec55e9c181b39f37996ab8e97c49c9d480b4a48a8c39a0e3c081

  • SSDEEP

    196608:REfQfHUZu0UR0vk2S6CqTv5iVHSI1zvtRdReW9Mnz0dODpniFA:J0ZunGkx6lTRixSKjtReG8oApi6

Score
10/10
badmirrorandroidbankercollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Targets

    • Target

      43d36dee79fc228fedba28bfaa3bf0ef_JaffaCakes118

    • Size

      7.6MB

    • MD5

      43d36dee79fc228fedba28bfaa3bf0ef

    • SHA1

      a6f6ad825512be74b2abb409e76831b12327d389

    • SHA256

      07786d0e814cc83406a832ca483e319d03a5ffce733468adc7e1495d5b26f4ce

    • SHA512

      09bfca7ff89791a415adbb467fbbb9dea30985e86657ccf7ad34d351c4b8afaf198befe2ba55ec55e9c181b39f37996ab8e97c49c9d480b4a48a8c39a0e3c081

    • SSDEEP

      196608:REfQfHUZu0UR0vk2S6CqTv5iVHSI1zvtRdReW9Mnz0dODpniFA:J0ZunGkx6lTRixSKjtReG8oApi6

    Score
    10/10
    badmirrorbankercollectiondiscoveryevasioninfostealerrattrojan

    • BadMirror

      BadMirror is an Android infostealer first seen in March 2016.

      trojaninfostealerratbadmirror

    • BadMirror payload

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Checks if the internet connection is available

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks