smsworm | 218824ecd6fe20e95ac7fa99e410664afe92576e40c40f55ea16ec53118f964f | Triage

Sharing

General

Target

Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk
Size

12.8MB
Sample

240701-3xtlnaxgmd
MD5

48ad3d33412a88bebab851a354217c9a
SHA1

3fb058952db67b84663edacb51057d3c0e532585
SHA256

218824ecd6fe20e95ac7fa99e410664afe92576e40c40f55ea16ec53118f964f
SHA512

4d6935792a8813694e3dcf4c6361b3b072e4cc02f0224a823134530ac266b7ac9617da5b3c0359584311b97255fc0e14bebf5836487ba3f68e2a95162b693c42
SSDEEP

393216:t7d0n7G3tfaLMHRG7oODZgNLlKLDE4NDWp:t7d27G3tiYHRUZEKbNap

Score

10^/10

smsworm spynote android collection credential_access discovery evasion execution impact persistence

Malware Config

Extracted

Family

spynote

C2

people-climbing.gl.at.ply.gg:54251

Targets

- Target
  
  Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk
- Size
  
  12.8MB
- MD5
  
  48ad3d33412a88bebab851a354217c9a
- SHA1
  
  3fb058952db67b84663edacb51057d3c0e532585
- SHA256
  
  218824ecd6fe20e95ac7fa99e410664afe92576e40c40f55ea16ec53118f964f
- SHA512
  
  4d6935792a8813694e3dcf4c6361b3b072e4cc02f0224a823134530ac266b7ac9617da5b3c0359584311b97255fc0e14bebf5836487ba3f68e2a95162b693c42
- SSDEEP
  
  393216:t7d0n7G3tfaLMHRG7oODZgNLlKLDE4NDWp:t7d27G3tiYHRUZEKbNap
Score

8^/10

collection credential_access discovery evasion execution impact persistence
- Checks if the Android device is rooted.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

behavioral2

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence