General
-
Target
f31295ad51a344ccfb482de475d83a97_JaffaCakes118
-
Size
7.0MB
-
Sample
241215-jz5l6azngk
-
MD5
f31295ad51a344ccfb482de475d83a97
-
SHA1
ec00b4cbd7368ace8666ae6ceee7e20f601b4334
-
SHA256
b5c577142f614c7a92789be44c56401ec922fd35c9d73ea9f7cc86698bad7b82
-
SHA512
e0390a04849ba9a44e88d97ae54d4f760f1ea4216ac883a754aa5f56732a8a8d5e2cf984df44ae80eeca8919e569e6a2c0bacb0098b4c87d90e855e3f4ed1b5b
-
SSDEEP
196608:KIVVOImM4v79rIEv6AWEBCb7PoK/0lpyvow6do74:38M4v5EHAWR7D4wkW0
Malware Config
Targets
-
-
Target
f31295ad51a344ccfb482de475d83a97_JaffaCakes118
-
Size
7.0MB
-
MD5
f31295ad51a344ccfb482de475d83a97
-
SHA1
ec00b4cbd7368ace8666ae6ceee7e20f601b4334
-
SHA256
b5c577142f614c7a92789be44c56401ec922fd35c9d73ea9f7cc86698bad7b82
-
SHA512
e0390a04849ba9a44e88d97ae54d4f760f1ea4216ac883a754aa5f56732a8a8d5e2cf984df44ae80eeca8919e569e6a2c0bacb0098b4c87d90e855e3f4ed1b5b
-
SSDEEP
196608:KIVVOImM4v79rIEv6AWEBCb7PoK/0lpyvow6do74:38M4v5EHAWR7D4wkW0
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Badmirror family
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2