Overview

overview

10

Static

static

10

bf7b9a03b5...18.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf7b9a03b5effc03d886f195465ecc23_JaffaCakes118

  • Size

    5.9MB

  • Sample

    241203-17lbxsspdj

  • MD5

    bf7b9a03b5effc03d886f195465ecc23

  • SHA1

    99bf70d2f956bc8aba9eeedc4c1746e795ad0281

  • SHA256

    f8145d3e3527f59b9b5404c3e5846356e38b08cc6b05abc306a4eb7fb1550e59

  • SHA512

    ac7ac89d5d5fafad7c8efbb14d30afa40bc066f0cc69c70f6b9fb80c01d3ceb76a96a8dfbe225bb493e181aeaa4b192bfa42c447ae852028a410bcdbc08dcdaf

  • SSDEEP

    98304:BsDfkYFar65JbF7ge537BGR2/yKLIxKgTMp4LhOSJ+HozK7umfQzlE988ztTuUDf:BsA0I491MxKgTMGmozhIry8ztTuxS

Score
10/10
badmirrorandroidbankercollectiondiscoveryevasioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      bf7b9a03b5effc03d886f195465ecc23_JaffaCakes118

    • Size

      5.9MB

    • MD5

      bf7b9a03b5effc03d886f195465ecc23

    • SHA1

      99bf70d2f956bc8aba9eeedc4c1746e795ad0281

    • SHA256

      f8145d3e3527f59b9b5404c3e5846356e38b08cc6b05abc306a4eb7fb1550e59

    • SHA512

      ac7ac89d5d5fafad7c8efbb14d30afa40bc066f0cc69c70f6b9fb80c01d3ceb76a96a8dfbe225bb493e181aeaa4b192bfa42c447ae852028a410bcdbc08dcdaf

    • SSDEEP

      98304:BsDfkYFar65JbF7ge537BGR2/yKLIxKgTMp4LhOSJ+HozK7umfQzlE988ztTuUDf:BsA0I491MxKgTMGmozhIry8ztTuxS

    Score
    10/10
    badmirrorbankercollectiondiscoveryevasioninfostealerpersistencerattrojan

    • BadMirror

      BadMirror is an Android infostealer first seen in March 2016.

      trojaninfostealerratbadmirror

    • Badmirror family

      badmirror

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Reads the content of the SMS messages.

      collection

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks