smsfactory | 4da1a07d52db4243c001d32265f0a1951091bfde058c4919ef2e973a24c2a8ca

Analysis

max time kernel
132s
max time network
143s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
15/08/2024, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a6a0065d390836ece27df30ba14db7f_JaffaCakes118.apk
Size

5.0MB
MD5

9a6a0065d390836ece27df30ba14db7f
SHA1

0cf21e39120f41f5c96360faa9260443aa9db809
SHA256

4da1a07d52db4243c001d32265f0a1951091bfde058c4919ef2e973a24c2a8ca
SHA512

81d1302021d133b802a8b6ca0252097a7cf2bcd6930ed7881c1996652de2adc66348c66e2183b16865f08d3b5df0c7f1b576a5dc0040e99fb931783e498146ec
SSDEEP

98304:1zkLWIFcjwYlBRHXs+53WlmBmVg0sN50dy4/X4gWgDQB1+SqfaHVxgw:1zwTFcEqBRsKou0sNbSogWgcBQk1xgw

Score

10^/10

smsfactory discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

SMSFactory
SMSFactory is an Android SMS trojan malware first seen in Jun 2022.
trojan infostealer smsfactory

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.cmplay.dancingline.hack
/system/app/Superuser.apk	com.cmplay.dancingline.hack:Metrica
/sbin/su	com.cmplay.dancingline.hack:Metrica

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cmplay.dancingline.hack
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cmplay.dancingline.hack:Metrica

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cmplay.dancingline.hack
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cmplay.dancingline.hack:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cmplay.dancingline.hack:Metrica

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.cmplay.dancingline.hack
Framework service call	android.app.IActivityManager.registerReceiver	com.cmplay.dancingline.hack:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.cmplay.dancingline.hack:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	com.cmplay.dancingline.hack

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.cmplay.dancingline.hack
Framework API call	javax.crypto.Cipher.doFinal	com.cmplay.dancingline.hack:Metrica

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.cmplay.dancingline.hack
File opened for read	/proc/meminfo	/system/bin/cat /proc/meminfo

com.cmplay.dancingline.hack
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4306
- /system/bin/cat /proc/meminfo
  2⤵
  - Checks memory information
  PID:4546

com.cmplay.dancingline.hack:Metrica
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4344

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cmplay.dancingline.hack/databases/OneSignal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cmplay.dancingline.hack/databases/OneSignal.db-journal

Filesize
512B

MD5
fba458a44f802c38fc690a872112218b

SHA1
6f9ad73307412f3b0bd822a717adce16ab66bd5e

SHA256
e339335f4455cca1b461a70ac38c5e573a4a398275c6f80a655716302b2eeff2

SHA512
2948656cc0b346663955f1a503cdc39261a691a0bcd614ecc57e82f13cfafca3db91d91beb49f7a38892e3c7378649319459ffa097daae66e2857e06cec0fa97

Download Submit
/data/data/com.cmplay.dancingline.hack/databases/OneSignal.db-wal

Filesize
64KB

MD5
dfc510bf663e327259ae611606ae8e79

SHA1
55b1082c54b9918f233b22515d983beae1f27019

SHA256
79465c934de8de98302eb6406d731ff6f6d8c5880d46f0e85ce2889b45cf52af

SHA512
06d7c08ecb27c99b778d7919382adfb3bb4d505714ebae4e194993acdc502bfe8abd7a00d3c7a95394cdc1701a06c55accdbf5f4b24fb3c697c261592e8dd1cb

Download Submit
/data/data/com.cmplay.dancingline.hack/files/Mint-lastsavedfile

Filesize
32KB

MD5
1554831d898519147b60627a1feca23e

SHA1
97f437d9d17557f317470a3ab457ac5b7cf564ad

SHA256
2f1285bd04254ca4f94a598b143d951929c94a79bbf9dda3ab8decd13b10433f

SHA512
58f7d77aeeb6b93b8de0b3756bb09f95a1a3ea635ef7a6ad4c9c40cf2b4fa102a2267968decce62222324bbcaef30d5cae6a90c9b5ade53ec7caf7b0f204c6f3

Download Submit
/data/data/com.cmplay.dancingline.hack/files/Mint-lastsavedfile

Filesize
8KB

MD5
6aff36d87fb0ba28248f8e5656492347

SHA1
74608b5286ae65fc58a78727138ff066ec27cf0b

SHA256
51bc578d3c19bcebb33f11360e46fe2527acde0ae1d2b80ae8c27ac25cee1d24

SHA512
a6dc9aacdff263df8a361cebd197e03ee0676865d60edb1bee8d52e01972ae84f3e87acf93b40ddcd49dd9cb8e842d4bd6cb292e7af06d801bff22f225da8469

Download Submit
/data/data/com.cmplay.dancingline.hack/files/MintSavedData-1-1723732448791.json

Filesize
669B

MD5
68bafc30acb43e6c9ba0ab8f16765208

SHA1
7eda5f5e88a491ee1af28369b326adc3974b16d9

SHA256
9013db981f23c6111e3bfc8ad8f52302b1e194843a5beffc74065d2f79d1111e

SHA512
c1dff3f7912e7d389c17ec6ad14599aed827159a46c6c61bc85df3ce2dd58cd80a752d6f23461baf05d341ee0160fb0f015fd9682d1787822d18e6c9bdb4e857

Download Submit
/data/data/com.cmplay.dancingline.hack/files/MintSavedData-1-1723732448791.json

Filesize
8KB

MD5
13755ed2052cb912c3953a9481da73d4

SHA1
88a5d6bae687775c8cdc811d73ce26e84b9d781e

SHA256
2c35eba57a78cad97a468e879e3f92dcacc932b1045cd8d6e5a8228eface98ce

SHA512
bbe9416179bb2394b5a5aafb853e83e66f990f96ff9162bd032625518c73add5b3a605d420dce86ebaeb5f8c908722eb003bb55a9c07079ffe05a82c54a23228

Download Submit
/data/data/com.cmplay.dancingline.hack/files/crashCounter

Filesize
20KB

MD5
42d180833db7fff0d14ae00346c04b11

SHA1
6c14f92790173242b2f451a5e0bfbe27eddbe175

SHA256
77b5080d4ce7e4116d44240d36faf5559803b9b252c7c809c0b48e5975c1e623

SHA512
3637337ff74e9a2522b8813a2e60de0b3c717ac520d0b7cbb227427c8bb4b156aaed1661a7f8c3fe550f57589198855b0bd9ae455db25585f7453562f8f2d663

Download Submit
/data/data/com.cmplay.dancingline.hack/files/lastCrashID

Filesize
265KB

MD5
9b8547e064adabbdb5220feab963161f

SHA1
9833bbadc8a33fdc9fc37715a267bb06231c825d

SHA256
91e136a5aaeb66698a80d3a0a3c6bf2653a0be606dbca0100d067d3f185754be

SHA512
754a32a197039a90305abcfc0d6631bf3d6ff6ed18fd487dc28bdedb9de5355dcdb1d03ac6820edea10af7f6c32ddfe499fccb972e4a2950d623d9aa4e1fedcf

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/androidx.work.workdb

Filesize
4KB

MD5
139d47155858f6550c350c46869e0222

SHA1
e83986492f03b8dc6703c32ac2f0ce7e426b2245

SHA256
fa89878bc33312878435bc5dd541f19c8208689d01466e494f76b11d7e154332

SHA512
6e7d195ffc1dbf51ccae0a98950f8ff1555e603b5ddbbd224ac79b53a2fefb0c043dfff84ae8bf80c102a8e4320a32756e3736f6c4016b9b975fb6518ddd0971

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/androidx.work.workdb-journal

Filesize
406KB

MD5
e0834ba462429da716243693ad7c0f4f

SHA1
49d41811d9dcaab04e4598d28b1396e286314d7e

SHA256
d4b2a2c80cbe1445df5745eb43e211e31b2286d681bfd5f6ea5ec527d3dc37cf

SHA512
c8f725a0f22ced2844c31cf34ca1a532ce1973be6f24275cc07d49f8c26b4b64484bea7e39d0bf2ab274ba920840887b7b14cc0a44a157fe10b52ef01838586f

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/androidx.work.workdb-shm

Filesize
76KB

MD5
61f7f368d528aa91adfb7cb5d678b449

SHA1
ca87c0eac2d580fe4c9052beafd647d8ddd91f40

SHA256
2af0357b83e69e81857c10869102e2b6d4108ec9cbc30b14bb49102759d29ca7

SHA512
162fa4ad1a0cdd7d163c0f02a689b2557a004e21ccbb7010407bf1928f78951816a6112635a8792e881ed63c080f96a1381e31582cb864178d544e04cb9ba961

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/androidx.work.workdb-wal

Filesize
32KB

MD5
0619a6bc720029ad36304458aa431401

SHA1
c9ea3ff118f9785f0ffd28072e1f08ee6ae9ba4b

SHA256
65bc8acebd19bfa90e25fe2fd480b0376a931a1ae0bc59e310fb93f4de17909f

SHA512
dae5944a914ff8e1c86c8e73ca0d360420f3c29e5909479148676d3d567feff0f383701dab52c8ac6466a0418005f281329f13089cee41fd5fc4a43cb5ad9730

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/androidx.work.workdb-wal

Filesize
402KB

MD5
526dbc45a17ba2332b58129c2eaafe73

SHA1
3df94cec0c459dd7d63b7abd855ad16b100c28aa

SHA256
9749289ae8250d5ee0cfdbeaebd1c53d3ac9acf219a5f2ef722bc30e55ea6e90

SHA512
d491201b524dd77e58e9203c03e6720adf3c7df1adc2d748e9735c2d3e808bc29b123fbcc26990b55abf654e00906a8026fa6dbd2a1709877fb0ea3543c19870

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/androidx.work.workdb-wal

Filesize
185KB

MD5
6e0961fce813ab40873fe610120332e7

SHA1
038168610c260a2f2b69c3aa9e1df3b3f7b0266f

SHA256
ad60da76d74af7d91338cacdb3fc29c2ae512b14b5206c31fa74dea65f31e3cf

SHA512
3958206759ac7d79d441cc3a3202fca6eb036e04d5cd34ed4499787642d9f146f7d7c826a5c3bf7e2a94152f8a7f359fd15550593dc0f5668aef4631f047af86

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/com.google.InstanceId.properties

Filesize
116KB

MD5
02cdc77d00200dc771a94db078048409

SHA1
a4787ff0a395b71b97ffb409b04ce5b7dfd11871

SHA256
3d73d0566ef6a266e4133c0a300f08d87d978f3a33373fb53cd7d9d428065a94

SHA512
ff35f1d56c42663197e8b23fae9de5e5a9be636e1db17fe240c72491ea8a44530449a33d1b7f33b225dd81414ea91a5ff053c2f281d42df1288dba351dbb2a74

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/credentials.dat

Filesize
226B

MD5
961eca33d81c8080f92049afdef2dd4d

SHA1
f7863234202867afe8ec0ab5128e49d884b05cc0

SHA256
94e8066acd6efe94d3e906d47b1be3548d20c5890bfc26fc2cefbe2d5e6452fb

SHA512
e7ed3f637d377b2541c863470eca29193afd82d7103786111e6d2003ba95ced3a00b4539b58943890c3ab7eb41f4010f94e6ed0acc8f2be077020d7e8745c281

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/db_metrica_com.cmplay.dancingline.hack-journal

Filesize
512B

MD5
c5624d96f53b47ca1c7196c0ceb614ef

SHA1
ef3f46631cb6894dae0486505e6ec696e06cd58f

SHA256
f7e299fe0255d01e746d4122fa4d146629d59964e685d860f87b35efd1fb6660

SHA512
e84ae99653f19c6a5bdda6fbafbdead8767523b2cf3ad892d48d23be22d1a287e372c0812c9fbe93ca0b040028c06e43aaa7d33cd0373a63fb67e5bf9fa80c85

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/db_metrica_com.cmplay.dancingline.hack_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
245KB

MD5
e8c4e85ca98c4f68dd3985fb4d3c64db

SHA1
38dd2b7be0744789fc65abafab369f863804f640

SHA256
f19d0bea64ea72806a9146924e62bafae29825d16f9ffdd93db227cb4322d35c

SHA512
0d2d1417daadc544766da51288fe70b439c0ec3835b9c7abb7342dce34b542573e6c89a81e1b574d73641265f1078baf7433e9651b2a2c466660724c34002311

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5ae1dae9eb36649faeb07a94ca96e7f8

SHA1
9056cb35b999726d6576ef6ced55ca9228cb97c3

SHA256
62eafa0fe191047857cbfdbd6909930487f2216d260b4be27fd52e3cff6086d3

SHA512
e33d2cec8122673da3c8ffc788bf2984eac878f7dada265485d960a886ebfb00e17b12a30b546c959bc04c62a31d5646fda748df693e0bdafbb974abbbe77c1a

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db

Filesize
44KB

MD5
1433e3d0df68adceae785488de8bc096

SHA1
c60df2c20759883f557b9ebcb2937b842241a2f7

SHA256
7c97d069202da25a2824be47680bcac2bc44bcb2a75e61ccf1436c20cdba46b4

SHA512
97aac62c395a500310db91c3d9128c9c3dea4e4dcc4b1fec321664854d1cf4746ea8587b079cc4080940d439cb8699d791c4b159227502fcd1421c202482e76e

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ac26a375d5d673c2a7b39bbe42efacaa

SHA1
a7384db83f153cce2cdd67a97a20df068f6ecd67

SHA256
001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

SHA512
45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
151c7cd69a4855b47576e4952fa4ea07

SHA1
f26a2f4421d3b70458e46ea57bb3086ab2be3998

SHA256
68f73a59a81c917c1d37f4e8e59e5c90bb8015c87fc203cb06836428d6e07f15

SHA512
959070bb5b08c9183667495f8de0639267e2a06f5c36e3656061805bb720b77987553dc8089caaefe600f294a1e09d9e0ec3e79fb5741a6b66c8bb3b05ed7106

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
27fe39010e4cda7abdb5e32643f0945d

SHA1
9887000afba2740e2a1a879dbf8e4ae239c65696

SHA256
a0b6a8de21dcf0a3f20fe53ba615225bb4761f45ee6a775e8b06adf6a7fd22c5

SHA512
50ee0beb4bad7bda9e2e4aeb058783bebd591d8498f38d655a0b8877a82f2fcfb3a33c22530e152ccd61e217a50ea832d78e742ddf482fade85b58d627cceb0e

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
06f11ee99010c68715858276590d1ed2

SHA1
1f52d89f7106fc37a53574bd6617b9b1c043eebc

SHA256
7d89ada45fe161fcce275cb7424a464f0057a0d91553bb7b0485bb3e55a16bff

SHA512
605adaaa21549880136e122a0b73e441780c55d01c500c151bc08de98e7e1bcc97124b662859ac738a885844d45510e66f470d9140fc704b561ce6acc0ccf6c8

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
2bbd390503bcc3232bbef70c1b3adb5c

SHA1
d4d95a490aba891e703d896f42127916bf3cf5ad

SHA256
a497628a06317634f1dc2af3c9d1ee5664631d767bab45c01e72ab0ffd84eb89

SHA512
a30357aa9ea89da1794a31f8d30feb3fc948997c0ab5d54f58a2efcac140b868425c6e249efec2a223e006625e7f1f71c792a71461533c5d629d191c78c9871e

Download Submit
/data/data/com.cmplay.dancingline.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
c9187c1d62071c76453e2f2a6df70dc6

SHA1
1d7f2a06fd3b14293fa933283054ef425c38ad28

SHA256
e0aabffd64f6969da9252b578bab8a141f5cec775c75420f414b6a4f491f566b

SHA512
658eb55ddf76c59624234f68793ba70929e1bf60202472d25912ca65c1a4f65aa0b3e3becb3674d06dab853dda04985e139fc80a52ed8b8aa48efbce6a7d7542

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads