smsagent | 423fa98e018d2024ce886224457cd53a16977b996498102358f7f9f3c2256dc5 | Triage

Sharing

General

Target

df60d389db28c5f9fa5005ca8df31659f59bcde022f80cbbda2b5250d9467226.zip
Size

5.9MB
Sample

240707-13zczs1flg
MD5

ff988f7fb62467c47d61b7ceb4d07b0f
SHA1

441eb26b3b8af95fd6b761f65957be5ee9874d39
SHA256

423fa98e018d2024ce886224457cd53a16977b996498102358f7f9f3c2256dc5
SHA512

e8145909d6bec63d4b7f0d35286f0b87182b9b4817b162e8d09413a132377f2d7b537dffadfb53236615163aa18b11b01688356b335047083fa2e313bab09a12
SSDEEP

98304:Gu+TqVfwkY0dMgGcEY/IIkYFjCnpKe0iwbFow5XpqefsMqSPsEiTltq5zOlnHBZM:3ZmkNdM8E0INIjCnpIDbj5weU2PsyzSE

Score

10^/10

smsagent android collection credential_access discovery evasion impact infostealer persistence spyware trojan

Malware Config

Targets

- Target
  
  df60d389db28c5f9fa5005ca8df31659f59bcde022f80cbbda2b5250d9467226.apk
- Size
  
  6.4MB
- MD5
  
  686abc81706deaed8a6490802177757a
- SHA1
  
  94807a943fb9f7a375985ede8f27b3f88ef58774
- SHA256
  
  df60d389db28c5f9fa5005ca8df31659f59bcde022f80cbbda2b5250d9467226
- SHA512
  
  05aa626c3716df9af5214cf2be2420265d30d5bca14e4154e8df7670bda2a70b580d05ebe61180686895f6a366f510dfe198f64ba3e2bc4f38d69054652b1b2d
- SSDEEP
  
  98304:oPqAsMI4H5Eojp/abJSf5799fx2zHsjbR6x4icMLJaYyCZ2zjn8aYsr4GB:oPqAd5ppuc99x4z6Ux4KLAYylzj8/srn
Score

10^/10

smsagent collection credential_access discovery evasion impact infostealer persistence spyware trojan
- smsagent
  SmsAgent is an Android malware that targets victim SMS messages using Telegram as its C2.
  trojan infostealer spyware smsagent
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of SMS inbox messages.
  collection
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

smsagentcollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencespywaretrojan

behavioral2

behavioral3

smsagentcollectioncredential_accessevasionimpactinfostealerpersistencespywaretrojan