smsworm | 257986f667b4e9bb26dbf219dfccfe01254163fb4ccb7d0547d398a2542338b9

General

Target

257986f667b4e9bb26dbf219dfccfe01254163fb4ccb7d0547d398a2542338b9
Size

9.3MB
MD5

52e49a9b7159ea5a93b36cc674cd91da
SHA1

4247b689b00da89158334b6a6e34884691533f03
SHA256

257986f667b4e9bb26dbf219dfccfe01254163fb4ccb7d0547d398a2542338b9
SHA512

2216387cd0b621e69a27be5044197edfc4c47f0e221476d1bf931d4cdad99ba35b7b20032224603d71be3d2461d8aec9989ff73124445d69dad02152fabcf34f
SSDEEP

196608:qV1DlRRdQ+0NxBtCEVpPbUrjZIeiZxBE2Itj:qLDTRW+0nCiBsjD

Score

10^/10

smsworm

Malware Config

Signatures

Android SMSWorm payload 1 IoCs

Processes:

resource yara_rule

sample family_smsworm
Smsworm family
smsworm

resource	yara_rule
sample	family_smsworm

Declares services with permission to bind to the system 1 IoCs

Processes:

description	ioc
Required by remote views services to bind with the system. Allows apps to share and display views across different processes.	android.permission.BIND_REMOTEVIEWS

Files

257986f667b4e9bb26dbf219dfccfe01254163fb4ccb7d0547d398a2542338b9
.apk android arch:arm64

dzpal.aplicige

dzpal.aplicige.preinicio

Activities

dzpal.aplicige.preinicio

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

dzpal.aplicige.SearchableActivity

android.intent.action.SEARCH

dzpal.aplicige.ExpandedControlsActivity

android.intent.action.MAIN

com.facebook.CustomTabActivity

android.intent.action.VIEW

Permissions

android.permission.FOREGROUND_SERVICE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WAKE_LOCK
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.ACCESS_WIFI_STATE
android.permission.RECEIVE_BOOT_COMPLETED

Receivers

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener

android.intent.action.BOOT_COMPLETED

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.appnext.base.receivers.AppnextBootReciever

android.intent.action.BOOT_COMPLETED

Services

dzpal.aplicige.MyFcmListenerService

com.google.firebase.MESSAGING_EVENT

dzpal.aplicige.MyInstanceIDListenerService

com.google.firebase.INSTANCE_ID_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT

Android Permissions

257986f667b4e9bb26dbf219dfccfe01254163fb4ccb7d0547d398a2542338b9

Permissions

android.permission.FOREGROUND_SERVICE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.WAKE_LOCK

com.google.android.c2dm.permission.RECEIVE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

android.permission.ACCESS_WIFI_STATE

android.permission.RECEIVE_BOOT_COMPLETED

Sharing

General

Malware Config

Signatures

Files

dzpal.aplicige

dzpal.aplicige.preinicio

Activities

dzpal.aplicige.preinicio

dzpal.aplicige.SearchableActivity

dzpal.aplicige.ExpandedControlsActivity

com.facebook.CustomTabActivity

Permissions

Receivers

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.appnext.base.receivers.AppnextBootReciever

Services

dzpal.aplicige.MyFcmListenerService

dzpal.aplicige.MyInstanceIDListenerService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.iid.FirebaseInstanceIdService

Android Permissions

257986f667b4e9bb26dbf219dfccfe01254163fb4ccb7d0547d398a2542338b9