Overview

overview

10

Static

static

6

96a71f4e4f...18.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96a71f4e4f77ba520ed2f34f1aa69d8e_JaffaCakes118

  • Size

    3.9MB

  • Sample

    240604-3psz6afd6t

  • MD5

    96a71f4e4f77ba520ed2f34f1aa69d8e

  • SHA1

    db8bcc6fa56ebe6b9e0da67044ec5ec19e79e374

  • SHA256

    915facaf734c4b46c67c4856e92c65f1d48a9e1df62688d27d702e61fa618161

  • SHA512

    203ab4146d9f5192669dd4b74f7240c589a8ba9968e95768890c58be4cd558ba74ce8be6101c422d35bf8ff9fd09c2861d80e223327cc9f8ddbbb574b11a5777

  • SSDEEP

    98304:eVjXzTZ8c73OyyH4CEFevXrdPBIvdpZ7u:IL3ZFSyyHvjBudp1u

Score
10/10
badmirrorandroidbankercollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Targets

    • Target

      96a71f4e4f77ba520ed2f34f1aa69d8e_JaffaCakes118

    • Size

      3.9MB

    • MD5

      96a71f4e4f77ba520ed2f34f1aa69d8e

    • SHA1

      db8bcc6fa56ebe6b9e0da67044ec5ec19e79e374

    • SHA256

      915facaf734c4b46c67c4856e92c65f1d48a9e1df62688d27d702e61fa618161

    • SHA512

      203ab4146d9f5192669dd4b74f7240c589a8ba9968e95768890c58be4cd558ba74ce8be6101c422d35bf8ff9fd09c2861d80e223327cc9f8ddbbb574b11a5777

    • SSDEEP

      98304:eVjXzTZ8c73OyyH4CEFevXrdPBIvdpZ7u:IL3ZFSyyHvjBudp1u

    Score
    10/10
    badmirrorbankercollectiondiscoveryevasioninfostealerrattrojan

    • BadMirror

      BadMirror is an Android infostealer first seen in March 2016.

      trojaninfostealerratbadmirror

    • BadMirror payload

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of SMS inbox messages.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

MITRE ATT&CK Mobile v15

Tasks