smsfactory | a992acfef6275e996d60b4dd286379aee70d7d97f13ddd0575493dc2233559eb | Triage

Sharing

General

Target

c7c251982c619646f0751af43a8affb4
Size

4.9MB
Sample

240314-fql7nsde39
MD5

c7c251982c619646f0751af43a8affb4
SHA1

215af2aba7ae9caad4c15d6297ea043f6cf2bec8
SHA256

a992acfef6275e996d60b4dd286379aee70d7d97f13ddd0575493dc2233559eb
SHA512

cf93f0298907ef9fb1bcb7fddb2361148b39add2276bcee1e34ff3aa853a3abe2213249e62abcc6f6a534b98defefe8571ea7e637a7cc3197555ef967292eb8a
SSDEEP

98304:qHh/xyO9YqJcgJNeZmuVHcide2V0d6N8temewyr4rwSqfHfNT4c4:QhZySYqJcWJuB21Ryc0x54c4

Score

10^/10

smsfactory android discovery infostealer trojan

Malware Config

Extracted

Family

smsfactory

C2

http://smartlink.mobilelinks.xyz

Targets

- Target
  
  c7c251982c619646f0751af43a8affb4
- Size
  
  4.9MB
- MD5
  
  c7c251982c619646f0751af43a8affb4
- SHA1
  
  215af2aba7ae9caad4c15d6297ea043f6cf2bec8
- SHA256
  
  a992acfef6275e996d60b4dd286379aee70d7d97f13ddd0575493dc2233559eb
- SHA512
  
  cf93f0298907ef9fb1bcb7fddb2361148b39add2276bcee1e34ff3aa853a3abe2213249e62abcc6f6a534b98defefe8571ea7e637a7cc3197555ef967292eb8a
- SSDEEP
  
  98304:qHh/xyO9YqJcgJNeZmuVHcide2V0d6N8temewyr4rwSqfHfNT4c4:QhZySYqJcWJuB21Ryc0x54c4
Score

10^/10

smsfactory discovery infostealer trojan
- SMSFactory
  SMSFactory is an Android SMS trojan malware first seen in Jun 2022.
  trojan infostealer smsfactory
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smsfactorydiscoveryinfostealertrojan

behavioral2

smsfactorydiscoveryinfostealertrojan

behavioral3

smsfactorydiscoveryinfostealertrojan