smsagent | a180eff7572de2e298bf4fe793547ca90a33bfaa734de4dfa9d1e21875fcd1f8 | Triage

Sharing

General

Target

VideoChat18.apk
Size

6.1MB
Sample

240601-wabc8saa3s
MD5

c431abbfae5c850c815a46e32d30b5de
SHA1

749fb3c858be68c622e81ffa75d8a1a4196476f1
SHA256

a180eff7572de2e298bf4fe793547ca90a33bfaa734de4dfa9d1e21875fcd1f8
SHA512

12919bbe1e09563e45cdf7dae49697e0808ea175fc71f9834bfd47e1e66005181e0b2bb2fb9b12202cfa02600a48b20cd2df3f0f46f8f51b5f3e88cccbd4083e
SSDEEP

196608:gPqAhWRal6xLTUase0eK25EkCAYylzVNmnp:gPqAhWoYxLXf0e7oAYgzVNsp

Score

10^/10

smsagent android collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Targets

- Target
  
  VideoChat18.apk
- Size
  
  6.1MB
- MD5
  
  c431abbfae5c850c815a46e32d30b5de
- SHA1
  
  749fb3c858be68c622e81ffa75d8a1a4196476f1
- SHA256
  
  a180eff7572de2e298bf4fe793547ca90a33bfaa734de4dfa9d1e21875fcd1f8
- SHA512
  
  12919bbe1e09563e45cdf7dae49697e0808ea175fc71f9834bfd47e1e66005181e0b2bb2fb9b12202cfa02600a48b20cd2df3f0f46f8f51b5f3e88cccbd4083e
- SSDEEP
  
  196608:gPqAhWRal6xLTUase0eK25EkCAYylzVNmnp:gPqAhWoYxLXf0e7oAYgzVNsp
Score

10^/10

smsagent collection credential_access discovery evasion impact infostealer persistence spyware trojan
- smsagent
  SmsAgent is an Android malware that targets victim SMS messages using Telegram as its C2.
  trojan infostealer spyware smsagent
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Reads the content of SMS inbox messages.
  collection
- Acquires the wake lock
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

smsagentcollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencespywaretrojan