smsworm | b7992aa1d3d2be479a66a5372aea9502a0d428aa6a5bc214fda1b1c719b4cbeb | Triage

Sharing

General

Target

b7992aa1d3d2be479a66a5372aea9502a0d428aa6a5bc214fda1b1c719b4cbeb
Size

11.2MB
Sample

240325-qbq77agf34
MD5

9bcd2fad27f65df41819765594301f67
SHA1

cff0c1f644d8ebd6856e45aae503ab0be74d2627
SHA256

b7992aa1d3d2be479a66a5372aea9502a0d428aa6a5bc214fda1b1c719b4cbeb
SHA512

441f5f16b59e1efeac3c5359e5135ccbb9eab3efdfa4b3f7b9c150aaae2fa4a69a4946f084cce214fb32634a36f1101661c3fc448fba950f9e630e928fac8049
SSDEEP

196608:32ia+iqz8phqk75ONMpeRjO34+DsCTdKfNv03AztYzSD:Eq2hqu5ONo3fsCT8ykL

Score

10^/10

smsworm android discovery evasion persistence

Malware Config

Targets

- Target
  
  b7992aa1d3d2be479a66a5372aea9502a0d428aa6a5bc214fda1b1c719b4cbeb
- Size
  
  11.2MB
- MD5
  
  9bcd2fad27f65df41819765594301f67
- SHA1
  
  cff0c1f644d8ebd6856e45aae503ab0be74d2627
- SHA256
  
  b7992aa1d3d2be479a66a5372aea9502a0d428aa6a5bc214fda1b1c719b4cbeb
- SHA512
  
  441f5f16b59e1efeac3c5359e5135ccbb9eab3efdfa4b3f7b9c150aaae2fa4a69a4946f084cce214fb32634a36f1101661c3fc448fba950f9e630e928fac8049
- SSDEEP
  
  196608:32ia+iqz8phqk75ONMpeRjO34+DsCTdKfNv03AztYzSD:Eq2hqu5ONo3fsCT8ykL
Score

7^/10

discovery evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence