Resubmissions

08-02-2024 15:21

240208-srlnrage65 10

08-02-2024 09:26

240208-lelpnadd57 10

General

  • Target

    1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e.bin

  • Size

    7.0MB

  • Sample

    240208-lelpnadd57

  • MD5

    a31faedacbdea920a484623c19862a7e

  • SHA1

    9428afd6d48f70a2e90a6166e12fc00046242217

  • SHA256

    1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e

  • SHA512

    b2398b9aae4c75a8127c9ee02e66b715f36f8f98a1e494507d6647e7d41bac64a60bcb297c76a7b52ad1f1f02ecea091aa159a1788f1aacb8e589e1b71d3b87b

  • SSDEEP

    196608:/rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLB1F3nswU/Q6FKNcnFB:Dw0pdMGbwBAej2T7nswxgFB

Malware Config

Extracted

Family

smsagent

C2

https://f344-138-68-163-104.ngrok-free.app

Targets

    • Target

      1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e.bin

    • Size

      7.0MB

    • MD5

      a31faedacbdea920a484623c19862a7e

    • SHA1

      9428afd6d48f70a2e90a6166e12fc00046242217

    • SHA256

      1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e

    • SHA512

      b2398b9aae4c75a8127c9ee02e66b715f36f8f98a1e494507d6647e7d41bac64a60bcb297c76a7b52ad1f1f02ecea091aa159a1788f1aacb8e589e1b71d3b87b

    • SSDEEP

      196608:/rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLB1F3nswU/Q6FKNcnFB:Dw0pdMGbwBAej2T7nswxgFB

    • smsagent

      SmsAgent is an Android malware that targets victim SMS messages using Telegram as its C2.

    • Reads the content of SMS inbox messages.

    • Acquires the wake lock

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Matrix

Tasks