smsworm | 28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c | Triage

Sharing

General

Target

28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c
Size

11.3MB
Sample

240325-qjkelsbh2w
MD5

486b8ab6e39ce11d4f22a21712bdc1b0
SHA1

780163c7fed06d8f8df0c1d89ee569fb2c55d710
SHA256

28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c
SHA512

f39dcaf1f874be68d749710fe314731a3a6ce2db4c1a71bcff46ba29a7e0736f9b4043d63aba64f8e2a528f2e3aef1eb184abe5c60534e58eccbd66f2e808cd7
SSDEEP

196608:Jj4Z3+MQ7WiELZDsSBSUevtBXaZq9+/NMpeRjO35+DsC8aRTByofhQZXabUvYe0:c+MkW/5NeyZqKNo3AsCVBuR7we0

Score

10^/10

smsworm android discovery evasion persistence

Malware Config

Targets

- Target
  
  28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c
- Size
  
  11.3MB
- MD5
  
  486b8ab6e39ce11d4f22a21712bdc1b0
- SHA1
  
  780163c7fed06d8f8df0c1d89ee569fb2c55d710
- SHA256
  
  28524210164a65013867c749262978a954010e2dee4330a602ca7ae687bf145c
- SHA512
  
  f39dcaf1f874be68d749710fe314731a3a6ce2db4c1a71bcff46ba29a7e0736f9b4043d63aba64f8e2a528f2e3aef1eb184abe5c60534e58eccbd66f2e808cd7
- SSDEEP
  
  196608:Jj4Z3+MQ7WiELZDsSBSUevtBXaZq9+/NMpeRjO35+DsC8aRTByofhQZXabUvYe0:c+MkW/5NeyZqKNo3AsCVBuR7we0
Score

7^/10

discovery evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence