General

  • Target

    HD_STREAMZ_Latest_03-Jul.apk

  • Size

    19.2MB

  • Sample

    240822-zp3mtaxdje

  • MD5

    47f9616a2bc5cbf6403e49b80d8bc22f

  • SHA1

    5403978c89bd0d8203b5fd471e0dd4336cae7342

  • SHA256

    364359495b38102bb781fe9ea2b0a4c2f80453bb42f52ee81bfd1ebeb020c4df

  • SHA512

    635f7ce656ae61dbd375baea5ef5d19c48c70986397bf3f79489f1ddeb9facbe3be37a86a228b02700b7c72bc6943ed73906f3bac8e97c5a82fb2c9fd8eae5d2

  • SSDEEP

    393216:QB51Df5gEeI8w9Fm74Su2AI6s3ny5fTIEXF7M2A:QBvVgmU4S8I8IR2A

Malware Config

Targets

    • Target

      HD_STREAMZ_Latest_03-Jul.apk

    • Size

      19.2MB

    • MD5

      47f9616a2bc5cbf6403e49b80d8bc22f

    • SHA1

      5403978c89bd0d8203b5fd471e0dd4336cae7342

    • SHA256

      364359495b38102bb781fe9ea2b0a4c2f80453bb42f52ee81bfd1ebeb020c4df

    • SHA512

      635f7ce656ae61dbd375baea5ef5d19c48c70986397bf3f79489f1ddeb9facbe3be37a86a228b02700b7c72bc6943ed73906f3bac8e97c5a82fb2c9fd8eae5d2

    • SSDEEP

      393216:QB51Df5gEeI8w9Fm74Su2AI6s3ny5fTIEXF7M2A:QBvVgmU4S8I8IR2A

    • Android SMSWorm payload

    • SMSWorm

      SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.

    • Checks if the Android device is rooted.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks