badmirror | b42b2e77480dda65adb18e4eef8050db1f68ca256f28b4a0acaa9fe7d3455dbd

Analysis

max time kernel
125s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02/11/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

855fb4a09c7e6c64fba528227f8e4c1d_JaffaCakes118.apk
Size

15.1MB
MD5

855fb4a09c7e6c64fba528227f8e4c1d
SHA1

c9670d7d47e6c64c46d83c38f7b0c9b5803aa3d0
SHA256

b42b2e77480dda65adb18e4eef8050db1f68ca256f28b4a0acaa9fe7d3455dbd
SHA512

e95071351872d6a6d400a96e04f1ebaea7e05122b3073367dcd5e913938b433667147acc2397822f6a5efab60f9bea4159321a427d2d9913748cfb4179d74d2e
SSDEEP

393216:zSTQrJtD4D0f/Lqrxq4o/EMYaTLRn31WpUEBO:9k8/W4p/EMZLRx

Score

10^/10

badmirror discovery infostealer persistence rat trojan

Malware Config

Signatures

BadMirror
BadMirror is an Android infostealer first seen in March 2016.
trojan infostealer rat badmirror
Badmirror family
badmirror

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.game.cqzjh.zhexin
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.game.cqzjh.zhexin:lebian.base

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.game.cqzjh.zhexin
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.game.cqzjh.zhexin:lebian.base

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.game.cqzjh.zhexin

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.game.cqzjh.zhexin

com.game.cqzjh.zhexin
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4244

com.game.cqzjh.zhexin:lebian.base
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4286

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.game.cqzjh.zhexin/app_crashrecord/1004

Filesize
230B

MD5
306916c9b1479e7fb9ca5a5dba82c165

SHA1
b5c10151d0f8d3be3b04a3603117a564776d4280

SHA256
54ffabf2c9d1a6b950f4696be382279b9d21a8588aa47218e4fff07f3b0246f1

SHA512
97fb22243864d8bf0acd162f0cecce872ac893604c502a65543fed78d2af05f0f497f4f0e6ba1f5fac6529d2943c92b2ba28a75a6a367fbe139e07619d747f59

Download Submit
/data/data/com.game.cqzjh.zhexin/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/bugly_db_-journal

Filesize
512B

MD5
2c8bd8b0f4fe6e06e141f3289e8cf405

SHA1
3b811b4a90839835e927a562e8eb9e5489078f14

SHA256
e48841b915ae5c98c056d73ef922826049e6a8aa71f7a88218bcc932c5af7131

SHA512
bcfd8ced3d52502f01caa47f7995cff42f49972a1fd2bde314f2f493c9c19e069a512ee0c72de2566b9e755f9ee4f31b2ab9e2b36223acbea66122c4a2e87a6d

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/bugly_db_-wal

Filesize
76KB

MD5
49c4dedcd3a0942d9a3716c98e096c21

SHA1
58e26aba33bd8691dc463b93a713afb9ffdf5e17

SHA256
0949a222519711e6e84cb9a2bc60d701e3a139c12faf7fda5cdebd61666a6c4b

SHA512
b0ba679e47f1c9b51dd5fe3a6e02e884283f9df4cf6a11f3d0e2d93fd0e4727573d05d6cf053f77e5f1b1519de7ac151f86f8c810db5268afa447c363df5daa3

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/dataeye_database_754BBA7E53E87EEB13B71FC9A29A905F.db-journal

Filesize
512B

MD5
f2dd8b9da0c185590f0eb8e9e3e6f074

SHA1
19724f1921e6c6cc9c0bf5fe9f6d73b6e1d196e6

SHA256
7ae038167ff953ebe3dac23c3af04baf686a6279637b78d9745c8974e0aa4668

SHA512
16fe0735f32107dd71d3beb45923bbe348bd13d6816f1672c2a3f45289e1d9dadec2fe8a12adbe3b0741b8454d7d99cdfa48e776f08606bcb1eff9feb2cbca46

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/dataeye_database_754BBA7E53E87EEB13B71FC9A29A905F.db-wal

Filesize
36KB

MD5
59d3631bee60213b53df28d1ffd3f5e1

SHA1
f8dd1ebdb987a062d09b54ea1592ce405b4075bd

SHA256
bc237a1defc6ce740fc2feee8b1393148f44a2269765ad71ef5d36b64c75523a

SHA512
45497d6f2ebafe053ca368f5ce5468fe95b2f3a74fbce93b9405230a7bb2713a26273ec9504f9a171f56b63158694823efe97fc88bc6ae31242423e46db7dede

Download Submit
/data/data/com.game.cqzjh.zhexin/databases/qy_db_pay-journal

Filesize
512B

MD5
4f8e8f714d52fb9cdacac9668bdbbb34

SHA1
b09831bdfbb8ceedde139316f88fc670d89e36cf

SHA256
752031d42cbbfab4910c0fe88a89704b1529822536d1c072b4f49f292cd47e59

SHA512
58196a454d154fedcecc0ffc4b11daee2bbe22d3a7fd63d61746ff6ff0488354b1fd8f51524bf2085fff3f9e26a0766563b14be8a74846002a4a99b103eeeb88

Download Submit
/storage/emulated/0/.SystemService/754BBA7E53E87EEB13B71FC9A29A905F/uid

Filesize
34B

MD5
9271895893dbdadd1f054640b625ae37

SHA1
f0263a846f1f17cdb8efa6fe1e43c43a6c90c539

SHA256
95985bf9f84e7e59f7fa0ada1b6e53f87cbd42349f2a2ff8aa1f6f294bd83eab

SHA512
d10e039d9089dad3a4f5a694584b677ef8d84dfe6898597cf3e24b32b6e62c9f99dab18a1f4b5fab59f7ba8e8ee03be3bbcb2c0d642ae6d8e3c67e74e7388975

Download Submit
/storage/emulated/0/Android/obb/com.game.cqzjh.zhexin/sdkinfo.txt

Filesize
6B

MD5
c7c8d45e0fc1a2ac188f9b0a62f1a797

SHA1
ffe2c07fa6f7f6b99e9be07d89c766dc029b846b

SHA256
91bf44d0a10bdb192c372abd8362e5089b7da61c9dbb2dffc0d936b0f33b5caf

SHA512
6abc5570f847c76a8f091301c26679321be9e27ea4fd07d067227937b3ee7d1a4c6e0020e4bffa769ea0d9355604e390ca29d2c998c2ca49a9341cec57a54755

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads