General
-
Target
5255ae983099e2a80b3771bee7204ff6_JaffaCakes118
-
Size
5.6MB
-
Sample
240518-a77l2sca34
-
MD5
5255ae983099e2a80b3771bee7204ff6
-
SHA1
963b532372ad0bc8d1e2bc97395195014160270f
-
SHA256
1885f8dffb3f58f51877df2f1c209c5fff2c666cad906f07b4ce37307f10e9ca
-
SHA512
cb2114b7d30b92a2facf0bb2d8a089ab41b31843dd6f6a8c28ca87a8e966b36aca2b1209a7c65580a85c7f2c3372ee77ed4653ed8f854127e62c806ef6bd1985
-
SSDEEP
98304:/SPGUJcFC1IVqYET8GXOf2vy5I6h1bo/Ri9yEWgE9dqN8roDV8XTyym35oUS8OAC:/j1C1IVqRTJXOBWCbQEyPVdqGr0cwoUc
Malware Config
Targets
-
-
Target
5255ae983099e2a80b3771bee7204ff6_JaffaCakes118
-
Size
5.6MB
-
MD5
5255ae983099e2a80b3771bee7204ff6
-
SHA1
963b532372ad0bc8d1e2bc97395195014160270f
-
SHA256
1885f8dffb3f58f51877df2f1c209c5fff2c666cad906f07b4ce37307f10e9ca
-
SHA512
cb2114b7d30b92a2facf0bb2d8a089ab41b31843dd6f6a8c28ca87a8e966b36aca2b1209a7c65580a85c7f2c3372ee77ed4653ed8f854127e62c806ef6bd1985
-
SSDEEP
98304:/SPGUJcFC1IVqYET8GXOf2vy5I6h1bo/Ri9yEWgE9dqN8roDV8XTyym35oUS8OAC:/j1C1IVqRTJXOBWCbQEyPVdqGr0cwoUc
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2