badmirror | 091e46379e6ad6c7c941e362f80b0882d548da4c7b3f29e9cf6c44d520b07b71 | Triage

Submit
Reports

Overview

overview

Static

static

6

39410d8a3a...18.apk

android-9-x86

Sharing

General

Target

39410d8a3ab01d60bf7f81c5e0e63e21_JaffaCakes118
Size

4.4MB
Sample

240729-fsy91sydnb
MD5

39410d8a3ab01d60bf7f81c5e0e63e21
SHA1

b8db6a4fa38f3523d60e694975bb4f014ba9dba5
SHA256

091e46379e6ad6c7c941e362f80b0882d548da4c7b3f29e9cf6c44d520b07b71
SHA512

fe5cba77aafdd19587d89d2d1d9690f81b1a175b4c2e45641e6ff69ea07c6fc9ed26b8a14168de017e84187004db295a8f2295647744092ffe5b778eb34bca4d
SSDEEP

98304:0T2UUo6nzvoF1SruG3SKaQmPEm/vM70fyBprY+4ofhTxt:U2Uf6zg+rbJHm/UvroOT7

Score

10^/10

badmirror android banker discovery evasion infostealer rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

39410d8a3ab01d60bf7f81c5e0e63e21_JaffaCakes118.apk

Resource

android-x86-arm-20240624-en

badmirror banker discovery evasion infostealer rat trojan

android-9-x86

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  39410d8a3ab01d60bf7f81c5e0e63e21_JaffaCakes118
- Size
  
  4.4MB
- MD5
  
  39410d8a3ab01d60bf7f81c5e0e63e21
- SHA1
  
  b8db6a4fa38f3523d60e694975bb4f014ba9dba5
- SHA256
  
  091e46379e6ad6c7c941e362f80b0882d548da4c7b3f29e9cf6c44d520b07b71
- SHA512
  
  fe5cba77aafdd19587d89d2d1d9690f81b1a175b4c2e45641e6ff69ea07c6fc9ed26b8a14168de017e84187004db295a8f2295647744092ffe5b778eb34bca4d
- SSDEEP
  
  98304:0T2UUo6nzvoF1SruG3SKaQmPEm/vM70fyBprY+4ofhTxt:U2Uf6zg+rbJHm/UvroOT7
Score

10^/10

badmirror banker discovery evasion infostealer rat trojan
- BadMirror
  BadMirror is an Android infostealer first seen in March 2016.
  trojan infostealer rat badmirror
- BadMirror payload
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badmirrorbankerdiscoveryevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy