badmirror | be0013e9a962069ad6b74fa50ccc1690937e3d218329730cac4397beb664c92a | Triage

Submit
Reports

Overview

overview

Static

static

6

5e43459cff...18.apk

android-9-x86

Sharing

General

Target

5e43459cffdfe0a4b1b23a6cb2c48e45_JaffaCakes118
Size

4.3MB
Sample

241019-x5gzyateng
MD5

5e43459cffdfe0a4b1b23a6cb2c48e45
SHA1

a997e6fe17548d2e84d9e1175b36da0218af5817
SHA256

be0013e9a962069ad6b74fa50ccc1690937e3d218329730cac4397beb664c92a
SHA512

f92b2de4ac0c684f83dc69ad78acbe19e8ecc8f74b0b7a9ff9405c7e09fe1c35dd02577f45e1f4563001aaa668737618fd4d5f884035f5a2b1630d333e19b061
SSDEEP

98304:k1OElG7rbzKGU7ocULlAFiCor0bGmFrvMikcz:nElsbuvYRA4CjbGm9n/z

Score

10^/10

badmirror android banker discovery evasion infostealer rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5e43459cffdfe0a4b1b23a6cb2c48e45_JaffaCakes118.apk

Resource

android-x86-arm-20240624-en

badmirror banker discovery evasion infostealer rat trojan

android-9-x86

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e43459cffdfe0a4b1b23a6cb2c48e45_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  5e43459cffdfe0a4b1b23a6cb2c48e45
- SHA1
  
  a997e6fe17548d2e84d9e1175b36da0218af5817
- SHA256
  
  be0013e9a962069ad6b74fa50ccc1690937e3d218329730cac4397beb664c92a
- SHA512
  
  f92b2de4ac0c684f83dc69ad78acbe19e8ecc8f74b0b7a9ff9405c7e09fe1c35dd02577f45e1f4563001aaa668737618fd4d5f884035f5a2b1630d333e19b061
- SSDEEP
  
  98304:k1OElG7rbzKGU7ocULlAFiCor0bGmFrvMikcz:nElsbuvYRA4CjbGm9n/z
Score

10^/10

badmirror banker discovery evasion infostealer rat trojan
- BadMirror
  BadMirror is an Android infostealer first seen in March 2016.
  trojan infostealer rat badmirror
- BadMirror payload
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badmirrorbankerdiscoveryevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy