smsagent | 1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e | Triage

Resubmissions

08-02-2024 15:21

240208-srlnrage65 10

08-02-2024 09:26

240208-lelpnadd57 10

Sharing

General

Target

1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e.bin
Size

7.0MB
Sample

240208-lelpnadd57
MD5

a31faedacbdea920a484623c19862a7e
SHA1

9428afd6d48f70a2e90a6166e12fc00046242217
SHA256

1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e
SHA512

b2398b9aae4c75a8127c9ee02e66b715f36f8f98a1e494507d6647e7d41bac64a60bcb297c76a7b52ad1f1f02ecea091aa159a1788f1aacb8e589e1b71d3b87b
SSDEEP

196608:/rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLB1F3nswU/Q6FKNcnFB:Dw0pdMGbwBAej2T7nswxgFB

Score

10^/10

smsagent android infostealer spyware trojan

Malware Config

Extracted

Family

smsagent

C2

https://f344-138-68-163-104.ngrok-free.app

Targets

- Target
  
  1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e.bin
- Size
  
  7.0MB
- MD5
  
  a31faedacbdea920a484623c19862a7e
- SHA1
  
  9428afd6d48f70a2e90a6166e12fc00046242217
- SHA256
  
  1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e
- SHA512
  
  b2398b9aae4c75a8127c9ee02e66b715f36f8f98a1e494507d6647e7d41bac64a60bcb297c76a7b52ad1f1f02ecea091aa159a1788f1aacb8e589e1b71d3b87b
- SSDEEP
  
  196608:/rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLB1F3nswU/Q6FKNcnFB:Dw0pdMGbwBAej2T7nswxgFB
Score

10^/10

smsagent infostealer spyware trojan
- smsagent
  SmsAgent is an Android malware that targets victim SMS messages using Telegram as its C2.
  trojan infostealer spyware smsagent
- Reads the content of SMS inbox messages.
  infostealer
- Acquires the wake lock
- Queries the unique device ID (IMEI, MEID, IMSI)
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

smsagentinfostealerspywaretrojan

behavioral3

smsagentinfostealerspywaretrojan

behavioral4

smsagentinfostealerspywaretrojan