General
-
Target
ff5db603f64b1b2d34512cdfed828e77_JaffaCakes118
-
Size
5.0MB
-
Sample
241219-lqck5ayqey
-
MD5
ff5db603f64b1b2d34512cdfed828e77
-
SHA1
302e6b2847ff2c323075b3ea0c7b9d4fc61442a8
-
SHA256
bcdf821abbf9155166380c555a65ebea0e130a0818daec715aa3e7b97397a1c2
-
SHA512
a9f7775485c268c3567b731572ba3ac8ba4126c7ba387b26983c9113f393fa9a533a978ef9a0276f1aeaeb10f70537d2d059811319d447e43af1f44a8d91d45e
-
SSDEEP
98304:iq8aP7aL1fxTTIXkXjROJZFtiTDifDf0NYrkodzQC7jeHV2tNWm6V:iqNjaL1ckT8LfDzzrXQV2rWms
Malware Config
Targets
-
-
Target
ff5db603f64b1b2d34512cdfed828e77_JaffaCakes118
-
Size
5.0MB
-
MD5
ff5db603f64b1b2d34512cdfed828e77
-
SHA1
302e6b2847ff2c323075b3ea0c7b9d4fc61442a8
-
SHA256
bcdf821abbf9155166380c555a65ebea0e130a0818daec715aa3e7b97397a1c2
-
SHA512
a9f7775485c268c3567b731572ba3ac8ba4126c7ba387b26983c9113f393fa9a533a978ef9a0276f1aeaeb10f70537d2d059811319d447e43af1f44a8d91d45e
-
SSDEEP
98304:iq8aP7aL1fxTTIXkXjROJZFtiTDifDf0NYrkodzQC7jeHV2tNWm6V:iqNjaL1ckT8LfDzzrXQV2rWms
Score10/10-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
BadMirror payload
-
Badmirror family
-
Checks if the Android device is rooted.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2