smsworm | be0de09be38f20ec2943d5a2c1cea00bd484c9f99ea81a960a83ecfc80e7a7ab | Triage

Sharing

General

Target

be0de09be38f20ec2943d5a2c1cea00bd484c9f99ea81a960a83ecfc80e7a7ab
Size

9.7MB
Sample

240325-px5f9sfh38
MD5

db34bf331c8a928debce191808de2bae
SHA1

a644fd040f372e20ada23f3ce74d94e22d65ec95
SHA256

be0de09be38f20ec2943d5a2c1cea00bd484c9f99ea81a960a83ecfc80e7a7ab
SHA512

d4582a6e9263f73927ab41c6c336c81b926397cbf28c1313889a24524d14079ed5dcddc6452f1fc3b042193e23860b58d574154e8e109dc4e87c66c414bfe146
SSDEEP

196608:z+DsCpNMpeRjO3Jvk9+M5CoMU+AhpYB0ak1tmvehmjXt6pPGfTIK:esCpNo3Jvk9NCoMUlh6B0twb2PGfTN

Score

10^/10

smsworm android discovery evasion persistence

Malware Config

Targets

- Target
  
  be0de09be38f20ec2943d5a2c1cea00bd484c9f99ea81a960a83ecfc80e7a7ab
- Size
  
  9.7MB
- MD5
  
  db34bf331c8a928debce191808de2bae
- SHA1
  
  a644fd040f372e20ada23f3ce74d94e22d65ec95
- SHA256
  
  be0de09be38f20ec2943d5a2c1cea00bd484c9f99ea81a960a83ecfc80e7a7ab
- SHA512
  
  d4582a6e9263f73927ab41c6c336c81b926397cbf28c1313889a24524d14079ed5dcddc6452f1fc3b042193e23860b58d574154e8e109dc4e87c66c414bfe146
- SSDEEP
  
  196608:z+DsCpNMpeRjO3Jvk9+M5CoMU+AhpYB0ak1tmvehmjXt6pPGfTIK:esCpNo3Jvk9NCoMUlh6B0twb2PGfTN
Score

7^/10

discovery evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence