General
-
Target
bf928b7f1c3a094750bb735e8f2021ea_JaffaCakes118
-
Size
4.6MB
-
Sample
240824-2m44zatdqa
-
MD5
bf928b7f1c3a094750bb735e8f2021ea
-
SHA1
2736ae10764dffa777b12feff3e767a74c965eef
-
SHA256
65309d0b0456be28ffc656aa5c3642c026b7419e21d4754e69a0f7ec5db524f0
-
SHA512
989cf3ebc6809126c66bdb726afbaf3b7e62db7c0d4604c638dd1c7a834285b3bcb5a7b17ac5c1446f7afc2a25050a44b5334843c42e3022b3876f98500f338f
-
SSDEEP
98304:eik7G/dCOqxgUIJ/XVXXczbGVTQj00i88J:iG/9dbXccC0BHJ
Malware Config
Targets
-
-
Target
bf928b7f1c3a094750bb735e8f2021ea_JaffaCakes118
-
Size
4.6MB
-
MD5
bf928b7f1c3a094750bb735e8f2021ea
-
SHA1
2736ae10764dffa777b12feff3e767a74c965eef
-
SHA256
65309d0b0456be28ffc656aa5c3642c026b7419e21d4754e69a0f7ec5db524f0
-
SHA512
989cf3ebc6809126c66bdb726afbaf3b7e62db7c0d4604c638dd1c7a834285b3bcb5a7b17ac5c1446f7afc2a25050a44b5334843c42e3022b3876f98500f338f
-
SSDEEP
98304:eik7G/dCOqxgUIJ/XVXXczbGVTQj00i88J:iG/9dbXccC0BHJ
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2