smsagent | 0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6 | Triage

Resubmissions

23-07-2024 19:42

240723-yepsjathjq 10

20-07-2024 23:18

240720-3aeh8a1hmq 10

Sharing

General

Target

TeleMod.27.apk
Size

4.1MB
Sample

240723-yepsjathjq
MD5

81223bc6ee78bf9157421e28e0171d5e
SHA1

b4911bd05e27dd0ee2ea6f9b67dd39a203a06486
SHA256

0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6
SHA512

f79c330618fc8ecc1b30a22a73db8cc9a0e73344854c0f1a087c8b9b0839797f73efe9d3546a46448387141dc1b137a212f5066d4b51267fcd14e2046396e253
SSDEEP

98304:Xk2ky2xC19NGDDomyTsY+FJJaeDXkIdV6nXrjy:XX2acXoMHHQAV6Xr+

Score

10^/10

smsagent android evasion persistence

Malware Config

Targets

- Target
  
  TeleMod.27.apk
- Size
  
  4.1MB
- MD5
  
  81223bc6ee78bf9157421e28e0171d5e
- SHA1
  
  b4911bd05e27dd0ee2ea6f9b67dd39a203a06486
- SHA256
  
  0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6
- SHA512
  
  f79c330618fc8ecc1b30a22a73db8cc9a0e73344854c0f1a087c8b9b0839797f73efe9d3546a46448387141dc1b137a212f5066d4b51267fcd14e2046396e253
- SSDEEP
  
  98304:Xk2ky2xC19NGDDomyTsY+FJJaeDXkIdV6nXrjy:XX2acXoMHHQAV6Xr+
Score

6^/10

evasion persistence
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence