smsworm | 46bed59a47f027598570f3ef1b7cfc0a5784f08233708529f009be49ed7c8b99 | Triage

Sharing

General

Target

46bed59a47f027598570f3ef1b7cfc0a5784f08233708529f009be49ed7c8b99
Size

9.7MB
Sample

240325-qrjs2scb7w
MD5

9c73f1bdec6850327705fea5a6c5d8b6
SHA1

9d08501fd6151c271d07d5e5eb91f2e9925d14b6
SHA256

46bed59a47f027598570f3ef1b7cfc0a5784f08233708529f009be49ed7c8b99
SHA512

1806cd09b457e9dc16d5580421ce47b0f6d35ae83087103161f9a79ca0a19b11bef283bc2017c517db51215e839b87ab8b53359c69286e5c91db3cc86c2fcd96
SSDEEP

196608:H+DsCJNMpeRjO3OG6kvENQjDYj++iqPjhhAoA4xd7zxEuoHC:CsCJNo3qkvhEjiWjhhAafxEuoi

Score

10^/10

smsworm android discovery evasion persistence

Malware Config

Targets

- Target
  
  46bed59a47f027598570f3ef1b7cfc0a5784f08233708529f009be49ed7c8b99
- Size
  
  9.7MB
- MD5
  
  9c73f1bdec6850327705fea5a6c5d8b6
- SHA1
  
  9d08501fd6151c271d07d5e5eb91f2e9925d14b6
- SHA256
  
  46bed59a47f027598570f3ef1b7cfc0a5784f08233708529f009be49ed7c8b99
- SHA512
  
  1806cd09b457e9dc16d5580421ce47b0f6d35ae83087103161f9a79ca0a19b11bef283bc2017c517db51215e839b87ab8b53359c69286e5c91db3cc86c2fcd96
- SSDEEP
  
  196608:H+DsCJNMpeRjO3OG6kvENQjDYj++iqPjhhAoA4xd7zxEuoHC:CsCJNo3qkvhEjiWjhhAafxEuoi
Score

7^/10

discovery evasion persistence
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence