General
-
Target
e755258ea2398291f64fdc2d060fe420_JaffaCakes118
-
Size
5.0MB
-
Sample
240917-vxz5faveja
-
MD5
e755258ea2398291f64fdc2d060fe420
-
SHA1
14fd8d3484a623c026ab79560c07535d26b0270a
-
SHA256
9f3ad4b6b91fa0b6deaf58f68be5a01ffcbc2b3878368b8c7235cbe7007385a3
-
SHA512
197d84152e420f60c155f3462627a49b9615c7486fc45a268f34de8040ac93b0a6fae039ca90194927927d03d46b1892b0ae71688052d61db27a2ab654e64fff
-
SSDEEP
98304:oHFbYsEYLN444kxJLx2K9hfUPAC9mI6DpHZPN324iZUuJWjk9Ry:+pf444kxJLx2K3fpI6DpHtN34Kur9c
Malware Config
Targets
-
-
Target
e755258ea2398291f64fdc2d060fe420_JaffaCakes118
-
Size
5.0MB
-
MD5
e755258ea2398291f64fdc2d060fe420
-
SHA1
14fd8d3484a623c026ab79560c07535d26b0270a
-
SHA256
9f3ad4b6b91fa0b6deaf58f68be5a01ffcbc2b3878368b8c7235cbe7007385a3
-
SHA512
197d84152e420f60c155f3462627a49b9615c7486fc45a268f34de8040ac93b0a6fae039ca90194927927d03d46b1892b0ae71688052d61db27a2ab654e64fff
-
SSDEEP
98304:oHFbYsEYLN444kxJLx2K9hfUPAC9mI6DpHZPN324iZUuJWjk9Ry:+pf444kxJLx2K3fpI6DpHtN34Kur9c
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2