smsagent | TeleMod[.]27[.]apk

General

Target

TeleMod.27.apk
Size

4.1MB
MD5

81223bc6ee78bf9157421e28e0171d5e
SHA1

b4911bd05e27dd0ee2ea6f9b67dd39a203a06486
SHA256

0f90c651161ecb4ec0c96ab1008b372e4970adaf8ce1941de84243aab1c9d3b6
SHA512

f79c330618fc8ecc1b30a22a73db8cc9a0e73344854c0f1a087c8b9b0839797f73efe9d3546a46448387141dc1b137a212f5066d4b51267fcd14e2046396e253
SSDEEP

98304:Xk2ky2xC19NGDDomyTsY+FJJaeDXkIdV6nXrjy:XX2acXoMHHQAV6Xr+

Score

10^/10

smsagent

Malware Config

Signatures

SmsAgent payload 1 IoCs

resource	yara_rule
sample	family_smsagent

Smsagent family
smsagent

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 7 IoCs

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

TeleMod.27.apk
.apk android

com.telemod.app

net.dinglisch.android.taskerm.Kid

Activities

net.dinglisch.android.taskerm.Kid

android.intent.action.MAIN

Permissions

android.permission.SEND_SMS
android.permission.READ_CONTACTS
android.permission.WRITE_CALENDAR
android.permission.EXPAND_STATUS_BAR
android.permission.VIBRATE
android.permission.READ_CALENDAR
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_EXTERNAL_STORAGE
com.android.alarm.permission.SET_ALARM
android.permission.INTERNET
android.permission.WAKE_LOCK
android.permission.WRITE_CONTACTS
android.permission.SET_WALLPAPER
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.READ_EXTERNAL_STORAGE

Receivers

net.dinglisch.android.taskerm.ReceiverStaticAlwaysOn

net.dinglisch.android.taskerm.WILLYUM
net.dinglisch.android.taskerm.AWAKEY
android.intent.action.BOOT_COMPLETED
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REPLACED
android.intent.action.PACKAGE_REMOVED
android.intent.action.MY_PACKAGE_REPLACED

net.dinglisch.android.taskerm.ReceiverStaticInternal

android.intent.action.DATE_CHANGED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED
net.dinglisch.android.tasker.WIDICKYUM

Services

net.dinglisch.android.taskerm.MyAccessibilityService

android.accessibilityservice.AccessibilityService

com.joaomgcd.taskerm.plugin.ServiceRequestQuery

com.twofortyfouram.locale.intent.action.REQUEST_QUERY

Android Permissions

TeleMod.27.apk

Permissions

android.permission.SEND_SMS

android.permission.READ_CONTACTS

android.permission.WRITE_CALENDAR

android.permission.EXPAND_STATUS_BAR

android.permission.VIBRATE

android.permission.READ_CALENDAR

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WRITE_EXTERNAL_STORAGE

com.android.alarm.permission.SET_ALARM

android.permission.INTERNET

android.permission.WAKE_LOCK

android.permission.WRITE_CONTACTS

android.permission.SET_WALLPAPER

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.READ_EXTERNAL_STORAGE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

com.telemod.app

net.dinglisch.android.taskerm.Kid

Activities

net.dinglisch.android.taskerm.Kid

Permissions

Receivers

net.dinglisch.android.taskerm.ReceiverStaticAlwaysOn

net.dinglisch.android.taskerm.ReceiverStaticInternal

Services

net.dinglisch.android.taskerm.MyAccessibilityService

com.joaomgcd.taskerm.plugin.ServiceRequestQuery

Android Permissions

TeleMod.27.apk