General
-
Target
43b8d888732080feb3aa4c950506aa94_JaffaCakes118
-
Size
7.3MB
-
Sample
241014-xpql5s1djf
-
MD5
43b8d888732080feb3aa4c950506aa94
-
SHA1
e2d615d0334e9ee542380186e7ef10f239831129
-
SHA256
88e9e481994f2d2b79e43316c668253d54878fe0c429c83e16a508891479bf0c
-
SHA512
fdad3b1841aa681522e9bcaeb231b29588690e4b5e0901db297d7f221da342c0cce5b3ba918f0856dc25a104f17453b6ee1784147a10beb9a33cf90120f803d9
-
SSDEEP
98304:BhosJP/zMrsvXmAbqFDHW7P7fBicN1rmFPu1eU7PAKEXu91PDJJ44JSg8DdIAsay:BKyAkZSY1iC1K5u8goKDjPDPNZ7Af2
Malware Config
Targets
-
-
Target
43b8d888732080feb3aa4c950506aa94_JaffaCakes118
-
Size
7.3MB
-
MD5
43b8d888732080feb3aa4c950506aa94
-
SHA1
e2d615d0334e9ee542380186e7ef10f239831129
-
SHA256
88e9e481994f2d2b79e43316c668253d54878fe0c429c83e16a508891479bf0c
-
SHA512
fdad3b1841aa681522e9bcaeb231b29588690e4b5e0901db297d7f221da342c0cce5b3ba918f0856dc25a104f17453b6ee1784147a10beb9a33cf90120f803d9
-
SSDEEP
98304:BhosJP/zMrsvXmAbqFDHW7P7fBicN1rmFPu1eU7PAKEXu91PDJJ44JSg8DdIAsay:BKyAkZSY1iC1K5u8goKDjPDPNZ7Af2
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-