smsagent | 1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e

Resubmissions

08-02-2024 15:21

08-02-2024 09:26

max time kernel
151s
max time network
163s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
08-02-2024 09:26

Target

1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e.apk
Size

7.0MB
MD5

a31faedacbdea920a484623c19862a7e
SHA1

9428afd6d48f70a2e90a6166e12fc00046242217
SHA256

1342d5143ad7e6a2350b6adf8fc094e2eef1ab030c4dbe0ab55e6216447cd02e
SHA512

b2398b9aae4c75a8127c9ee02e66b715f36f8f98a1e494507d6647e7d41bac64a60bcb297c76a7b52ad1f1f02ecea091aa159a1788f1aacb8e589e1b71d3b87b
SSDEEP

196608:/rzkzfZDmwyU6d1mGbDXSTBYP/uA2javUMLB1F3nswU/Q6FKNcnFB:Dw0pdMGbwBAej2T7nswxgFB

Score

10^/10

Family

smsagent

https://f344-138-68-163-104.ngrok-free.app

smsagent
SmsAgent is an Android malware that targets victim SMS messages using Telegram as its C2.
trojan infostealer spyware smsagent
Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

com.android.app

description ioc process

URI accessed for read content://sms/inbox com.android.app
Acquires the wake lock 1 IoCs

Processes:

com.android.app

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.android.app
Queries the unique device ID (IMEI, MEID, IMSI)

description	ioc	process
URI accessed for read	content://sms/inbox	com.android.app

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.android.app

com.android.app
1⤵
- Reads the content of SMS inbox messages.
- Acquires the wake lock
PID:4286