badmirror | 008b603811de18b5cedfa27a3635b9d63c450282003a2f0fece324d73b11193b | Triage

Submit
Reports

Overview

overview

Static

static

6

c97087d09a...18.apk

android-9-x86

Sharing

General

Target

c97087d09a2871d855dc86bf0a41d4f0_JaffaCakes118
Size

2.9MB
Sample

240829-xqqzasybmq
MD5

c97087d09a2871d855dc86bf0a41d4f0
SHA1

e6c1735b3497de38378bd85e38922a6462edd023
SHA256

008b603811de18b5cedfa27a3635b9d63c450282003a2f0fece324d73b11193b
SHA512

fd853bc5444d28ee889fcfb6fefcc38cafa3065f8888fff3c407cbb3956be5bb185fec8604890b0fd31a3d90e0ba22e8c8e155acec3c809d21a7f482f5809cfc
SSDEEP

49152:1Zn1XxvfGXBIn7OyC6pnXWQ+v7HDNY+qKvb1gJjLqo1ZxMaQg6XgX4YX:1Z1hHGXBIn7mcv8LRp3D1sPqoHvrX

Score

10^/10

badmirror android banker discovery evasion infostealer rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c97087d09a2871d855dc86bf0a41d4f0_JaffaCakes118.apk

Resource

android-x86-arm-20240624-en

badmirror banker discovery evasion infostealer rat trojan

android-9-x86

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c97087d09a2871d855dc86bf0a41d4f0_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  c97087d09a2871d855dc86bf0a41d4f0
- SHA1
  
  e6c1735b3497de38378bd85e38922a6462edd023
- SHA256
  
  008b603811de18b5cedfa27a3635b9d63c450282003a2f0fece324d73b11193b
- SHA512
  
  fd853bc5444d28ee889fcfb6fefcc38cafa3065f8888fff3c407cbb3956be5bb185fec8604890b0fd31a3d90e0ba22e8c8e155acec3c809d21a7f482f5809cfc
- SSDEEP
  
  49152:1Zn1XxvfGXBIn7OyC6pnXWQ+v7HDNY+qKvb1gJjLqo1ZxMaQg6XgX4YX:1Z1hHGXBIn7mcv8LRp3D1sPqoHvrX
Score

10^/10

badmirror banker discovery evasion infostealer rat trojan
- BadMirror
  BadMirror is an Android infostealer first seen in March 2016.
  trojan infostealer rat badmirror
- BadMirror payload
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badmirrorbankerdiscoveryevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy