General
-
Target
6cc51481905892a92093c8f4d4795631_JaffaCakes118
-
Size
4.1MB
-
Sample
241023-clwc1axhkm
-
MD5
6cc51481905892a92093c8f4d4795631
-
SHA1
7e1c16b34ef0ae82b9483ba64b29bb2da79ef8cd
-
SHA256
f493151dd10a94ef08e37d4267033e5604bc8c22dbcf13eeee66882c76af9056
-
SHA512
a6a67b4c5f01baffc4adff468f416a7fd1f9c9b6bfb12afdaddbc4f6b3aeb6a4eae974e67c31cd7043ebb4ba4d0d49fb6414ffaa1635780f893b7026d591760c
-
SSDEEP
98304:w+0oExRbdXzzZTvWKcE10VMNPdmKcQ1SV67b0uSDm:Hk/ZrWKc40VM2rQ1a6E7m
Malware Config
Targets
-
-
Target
6cc51481905892a92093c8f4d4795631_JaffaCakes118
-
Size
4.1MB
-
MD5
6cc51481905892a92093c8f4d4795631
-
SHA1
7e1c16b34ef0ae82b9483ba64b29bb2da79ef8cd
-
SHA256
f493151dd10a94ef08e37d4267033e5604bc8c22dbcf13eeee66882c76af9056
-
SHA512
a6a67b4c5f01baffc4adff468f416a7fd1f9c9b6bfb12afdaddbc4f6b3aeb6a4eae974e67c31cd7043ebb4ba4d0d49fb6414ffaa1635780f893b7026d591760c
-
SSDEEP
98304:w+0oExRbdXzzZTvWKcE10VMNPdmKcQ1SV67b0uSDm:Hk/ZrWKc40VM2rQ1a6E7m
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-