Analysis
-
max time kernel
33s -
max time network
91s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
-
submitted
16-06-2024 12:48
General
-
Target
фотоальбом Вики.apk
-
Size
6.4MB
-
MD5
2e5ca68fd0cd78dfc1ff26263d06e22d
-
SHA1
44e68ddbf5d3975e5e6e7e315aaa7ada5e753d3d
-
SHA256
e04216d36b569458abdecbf86fd5e0219b7ad3fbc2f183d06ca7b295659f9cb6
-
SHA512
116a64b124bfbf724173329f0b87cbe36c220af33bafa14b41372a6ac5eec4853b5e5fc6b4988c502729d60efd5d4de9d39ebcbc722bb4558e79e22d005ffd48
-
SSDEEP
98304:q6RScOVXKYJl4ZCLeHErQfvPQnof6wzx7EX8uGlQvsBWL5wJatAxG3K/vwaBh:FKZykrQ3PaAxQXHGmvnLyAGh/vwaT
Score
10/10
Malware Config
Signatures
-
smsagent
SmsAgent is an Android malware that targets victim SMS messages using Telegram as its C2.
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
fotoViki.apk1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information