smsworm | hack-app-data[.]apk

General

Target

hack-app-data.apk
Size

6.4MB
MD5

2a19b8bcfd9dfa131f495b127df0bf32
SHA1

e97b2b52cfc96a28a46cf615c69d74f4e1731a79
SHA256

540036d3f23c660326a4f4399f5ec3b50beaec69cf1bc2b6a3ac87d52ec132bc
SHA512

00c23970ebc98499eaa59f6269dbcb35f74678077d3bba25bfbc030fc735e9bb570bb8252f46087804acbe95c9cd619dc1d29d3b705a39652ca7b8b59b23642b
SSDEEP

196608:mJWuz0Ip2Emygq7JbchJiiTWjCA03ZtWFW:mpz3p2EQq7hcpdtT

Score

10^/10

smsworm

Malware Config

Signatures

Android SMSWorm payload 1 IoCs

Processes:

resource yara_rule

sample family_smsworm
Smsworm family
smsworm

resource	yara_rule
sample	family_smsworm

Requests dangerous framework permissions 4 IoCs

Processes:

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

Files

hack-app-data.apk
.apk android

com.gmail.heagoo.appdm

com.gmail.heagoo.appdm.MainActivity

Activities

com.gmail.heagoo.appdm.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.BLUETOOTH
android.permission.GET_TASKS
android.permission.VIBRATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
com.gmail.heagoo.appdm.permission.C2D_MESSAGE

Receivers

com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener

android.intent.action.BOOT_COMPLETED

com.yandex.metrica.MetricaEventHandler

com.android.vending.INSTALL_REFERRER

com.soax.sdk.ValuesReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
com.htc.intent.action.QUICKBOOT_POWERON
android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.WIFI_STATE_CHANGED
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED
android.intent.action.BATTERY_LOW
android.intent.action.BATTERY_OKAY

Services

com.yandex.metrica.MetricaService

com.yandex.metrica.IMetricaService

com.yandex.metrica.ConfigurationService

com.yandex.metrica.configuration.ACTION_INIT

hack-app-data.apk

Permissions

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.READ_PHONE_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.BLUETOOTH

android.permission.GET_TASKS

android.permission.VIBRATE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.WAKE_LOCK

com.google.android.c2dm.permission.RECEIVE

com.gmail.heagoo.appdm.permission.C2D_MESSAGE

Sharing

General

Malware Config

Signatures

Files

com.gmail.heagoo.appdm

com.gmail.heagoo.appdm.MainActivity

Activities

com.gmail.heagoo.appdm.MainActivity

Permissions

Receivers

com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener

com.yandex.metrica.MetricaEventHandler

com.soax.sdk.ValuesReceiver

Services

com.yandex.metrica.MetricaService

com.yandex.metrica.ConfigurationService

Android Permissions

hack-app-data.apk