badmirror | 0c047b72ed4484e6a3691e97e7d35c4246a6c908ecd03fda854a6bc7ec2c1cd3 | Triage

Submit
Reports

Overview

overview

Static

static

6

fc0ee1a62a...18.apk

android-9-x86

Sharing

General

Target

fc0ee1a62a0522617d4f52a8dd5f89c6_JaffaCakes118
Size

5.9MB
Sample

240928-l3kghasclh
MD5

fc0ee1a62a0522617d4f52a8dd5f89c6
SHA1

b61edc617f5bbfd6ac212d0283d1ab9715e2307d
SHA256

0c047b72ed4484e6a3691e97e7d35c4246a6c908ecd03fda854a6bc7ec2c1cd3
SHA512

8bf1465b7577d1921b0a6388ec97c74b4bfec3a54d74d4ce2f500c452a1f8cc595bfe6f60b0ab90b8a2eb779a3fbe67a4a11492009f3c46fcc4e06ad29825ffd
SSDEEP

98304:4Kg65R/7/mTywOZcAlBnkjmujaHEro6VnV5Dt61qRiYa3rG:vgUt25/Al56KMTnV5DtKqRi7G

Score

10^/10

badmirror android discovery evasion infostealer rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fc0ee1a62a0522617d4f52a8dd5f89c6_JaffaCakes118.apk

Resource

android-x86-arm-20240624-en

badmirror discovery evasion infostealer rat trojan

android-9-x86

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc0ee1a62a0522617d4f52a8dd5f89c6_JaffaCakes118
- Size
  
  5.9MB
- MD5
  
  fc0ee1a62a0522617d4f52a8dd5f89c6
- SHA1
  
  b61edc617f5bbfd6ac212d0283d1ab9715e2307d
- SHA256
  
  0c047b72ed4484e6a3691e97e7d35c4246a6c908ecd03fda854a6bc7ec2c1cd3
- SHA512
  
  8bf1465b7577d1921b0a6388ec97c74b4bfec3a54d74d4ce2f500c452a1f8cc595bfe6f60b0ab90b8a2eb779a3fbe67a4a11492009f3c46fcc4e06ad29825ffd
- SSDEEP
  
  98304:4Kg65R/7/mTywOZcAlBnkjmujaHEro6VnV5Dt61qRiYa3rG:vgUt25/Al56KMTnV5DtKqRi7G
Score

10^/10

badmirror discovery evasion infostealer rat trojan
- BadMirror
  BadMirror is an Android infostealer first seen in March 2016.
  trojan infostealer rat badmirror
- BadMirror payload
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badmirrordiscoveryevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy