smsworm | 364359495b38102bb781fe9ea2b0a4c2f80453bb42f52ee81bfd1ebeb020c4df

Resubmissions

14/10/2024, 23:12

241014-26vdwa1ejg 10

31/08/2024, 07:58

240831-jvawzstblg 10

Analysis

max time kernel
13s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
31/08/2024, 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HD_STREAMZ_Latest_03-Jul.apk
Size

19.2MB
MD5

47f9616a2bc5cbf6403e49b80d8bc22f
SHA1

5403978c89bd0d8203b5fd471e0dd4336cae7342
SHA256

364359495b38102bb781fe9ea2b0a4c2f80453bb42f52ee81bfd1ebeb020c4df
SHA512

635f7ce656ae61dbd375baea5ef5d19c48c70986397bf3f79489f1ddeb9facbe3be37a86a228b02700b7c72bc6943ed73906f3bac8e97c5a82fb2c9fd8eae5d2
SSDEEP

393216:QB51Df5gEeI8w9Fm74Su2AI6s3ny5fTIEXF7M2A:QBvVgmU4S8I8IR2A

Score

10^/10

smsworm discovery evasion infostealer spyware trojan

Malware Config

Signatures

Android SMSWorm payload 1 IoCs

resource	yara_rule
behavioral2/memory/4315-5.dex	family_smsworm

SMSWorm
SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.
trojan infostealer spyware smsworm

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	insure.cable.estate
/system/xbin/su	insure.cable.estate

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	insure.cable.estate
/dev/qemu_pipe	insure.cable.estate

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4315	insure.cable.estate
/system_ext/framework/androidx.window.extensions.jar	4315	insure.cable.estate
/system_ext/framework/androidx.window.sidecar.jar	4315	insure.cable.estate
/system_ext/framework/androidx.window.sidecar.jar	4315	insure.cable.estate
/data/data/insure.cable.estate/.jiagu/classes.dex	4315	insure.cable.estate
/data/data/insure.cable.estate/.jiagu/classes.dex!classes2.dex	4315	insure.cable.estate
/data/data/insure.cable.estate/.jiagu/classes.dex!classes3.dex	4315	insure.cable.estate

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	insure.cable.estate

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	insure.cable.estate

Checks the presence of a debugger
evasion

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	insure.cable.estate

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	insure.cable.estate

insure.cable.estate
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/insure.cable.estate/.jiagu/classes.dex

Filesize
10.5MB

MD5
333810e89b9f11c61814e7002bd516d2

SHA1
e310f730138361b43ff7b2d87f73ef5a14cbc352

SHA256
f2f3f53e9ccfc80488522d058616bbda20dc2d61af1f6741811c9b9aa301381a

SHA512
92b9f8811cb797e2cd3286073578ec54d4a197bed4c97bcb8463dd3d75157f544e13b777bcf6ce4889b54c0b4400f341058d8a316c8bbf725980890ff1ae5403

Download Submit
/data/data/insure.cable.estate/.jiagu/classes.dex!classes2.dex

Filesize
9.4MB

MD5
dbabf3dc633ae99e69800dda56816b19

SHA1
f92b3cf91be7846570e09cfd0e35f49ac020e435

SHA256
a6ff7ff2d2aff124c7506da18c79e43456a84d762914c01bf9f47d1f904a9eff

SHA512
ed33bfa82b539c548e41b60075b4c6dd47517df952ab170cd287aa8629a36fd3d952765b8357a5763afcb6e80ca3f90e0fef6674c98c2bd75bbf11560fa98311

Download Submit
/data/data/insure.cable.estate/.jiagu/classes.dex!classes3.dex

Filesize
91KB

MD5
4d69ce4197defcccd9d3f66c521403ae

SHA1
9de024d239a3ec19fa9c3f687a0714e8f6bf7c88

SHA256
dc41313777a66539c3ec52e4b26bf997888cd08bbe2c1dfd2ba734f9d4d2196e

SHA512
327b927055a866b4e5cb56f1dd206ea0539a3b5ae45b5ef5e1f77e387bea8f45395eecb3d1ffc0ca6fadf4aed4c08b95be75d266bfc529dceb93c622f9bae388

Download Submit
/data/data/insure.cable.estate/.jiagu/libjiagu.so

Filesize
733KB

MD5
0b559e54cc4d58d8d894041ac77d6b1a

SHA1
9f0a75b91ca3fbfad63482276e0af1d6f5f1f13e

SHA256
b8af0ca3197da1c1e9d8a3a9c60ac53dccf83f975a60b6591007d0a3b3abfc18

SHA512
8cad681faa9c85e1c954c1b892cc3c4eb417cc70c930926b5b3c6af190789f8b06d16d1427e4daa6ad0c406df7dfa2de9246d0466229d91c2143e4ddf3f9af08

Download Submit
/data/data/insure.cable.estate/.jiagu/libjiagu_64.so

Filesize
820KB

MD5
c045c83a44b1c355bac9c609e8129a45

SHA1
5e943e71dc0d00f36dee7ea5eade721039b1652e

SHA256
54701273e61fb53a1fd83e486d0bcdecb2084c7f2adce039f3ab82e75782e924

SHA512
75dab264bb6dfc8237f13967150e61c3e904e6227565c7a9b27201b4839a00d6752ab131d6ea523a6507519cb1d5eed6d56df0146532c65c890ea965d71c8c34

Download Submit
/data/data/insure.cable.estate/databases/StartApp-d6864f2502af7851

Filesize
16KB

MD5
d746cb731c64bd020f1fc8d55d7dc1b7

SHA1
692e41abbfa114f4e0ffd8e4cb2d11552395de67

SHA256
c457077ab3d9cd500a2729eb8a3ce86fd08411ca58f9c94c15e634313149a9f4

SHA512
368e6d94268eb9523790bdec2ed36cbfb9f75cae066ec699f6a145342432f41ff89b738eeb458a0689c80281a0a3f9e107ce6c20ae065c3ac332e5eaadfe99bd

Download Submit
/data/data/insure.cable.estate/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
2611eb85c31c8cf0410ccbdcd34e1c6a

SHA1
66b25af1dd4eafa43d9fc55a7d2226d40ee8e7d1

SHA256
13c4c59750b3f5db6e1366c03c319d96f89d52cadda021a14970bb737a0c71db

SHA512
b21d7b7e03af73ff5dd9fd92055fd5eb8ef3d70fb4bc0d1cb1f154fea1d93d399d4bbd37772e6ee262ab921869a9660e3996bf01176e2bc3a44712e283b39d36

Download Submit
/data/data/insure.cable.estate/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
07d3d4bbad0e65eb827e6102a267fc91

SHA1
9f8715671c147bea07163d67108de2d00e03445e

SHA256
b9adfd8fa589ba480bc442756db5145cbf02fafef2c25ebd579796d43ad4534b

SHA512
6a5fcb671e197ffd03092cd1ead0167dd68c2d9ff9016b16ae3eed4a45bf162d0435b17d55a4f3bdbc6aa06678250f637fa693f141c84ca02e4e080fbad21122

Download Submit
/data/data/insure.cable.estate/databases/StartApp-d6864f2502af7851-journal

Filesize
8KB

MD5
c31d7d60dbfca53c250d2a53b8048a23

SHA1
525c29198271a5cb0766cb3b7d994090c563bae8

SHA256
580407d55da4b087087f6abaa890616dd4bff14a68a70e9e4490e028250c5456

SHA512
778ce8ca6f03b306d51ff104846af8d47c3a9302d1fec52b9ee5ab9577f642c69419b481a4870466eca1b2dbccd9757aa152d094741ac2df97ce680b9b8408a8

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
afb277b0b194881726d19b10abbcc713

SHA1
415198af95b1de53bb57d18b3bffca4fd88554cc

SHA256
9acb34ecc276c9ff4a9816af23d031bcc1823db4229db583f9b71566426daba6

SHA512
46a0d0b3cd2ebbb41b6b41f9e6ec8fe4d3f81ca83dfa9f4afa1d0dcc0db978ba37ec03128c705062f093d187982663d3a5d8f5799275bd65dfa2c4c9a19127a8

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
b04ddf80cc6dbbeeecb04ec5a67624cb

SHA1
ba3590ff95dc5ea7c23dca521f6388c0b148256d

SHA256
6b49dc60943126ae3685a009a82bd1c7074aa61b6153315372995797cb5c6533

SHA512
b8c8ea278136dde78339d096073b03851bcbf1f919644d2a181d7d8df273fbcadcc737993e621e9e665186bf8fb323db74b325b23cd5fd3c826e5c679a747307

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
85130ec8db990de22e79a629c3b7e87a

SHA1
e3f6c5dd45867c58c2cb8b49dd7e11081dd2d1c1

SHA256
a281874a079b2e241b556629babe551559f3c1dcd2bf8ad396bfc114392490af

SHA512
136203963801df0cde15dff7e5f325203bcbdecaedc06cfb3324d58658dc13c96e998708c5afcb8bb72305f20ba23d221695b99c27e182e2914f902ae6ac1053

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d463ed8948f785390d725ae9e7545b9e

SHA1
4f3f7132a7388827bafa9d5d1ecc8d08edaec3f7

SHA256
ee25a1d3cb76394e922fce495077a0a71cac6138b1354cd40dc4977ebca304c0

SHA512
c36a8155c511376bb262597108d4285aa249b501d5785741d4a41f52207506b4f65ad78703ad1d078fe4542f5c67094caa976c7d867e78e756ff2c0ec7c9e71f

Download Submit
/data/data/insure.cable.estate/files/.com.google.firebase.crashlytics.files.v2:insure.cable.estate/com.crashlytics.settings.json

Filesize
715B

MD5
65f1e694d018d762902833e2fac63307

SHA1
f189cd4f30ee14bf40ff94881ab5adc2ca9e6678

SHA256
4467fa9ccdd4c7e940003ac535b14a895aa5797cac9915f9d06c8c1c998e76cd

SHA512
1db7df4d56eefd0fcc2994aacca8b7cf3ce820edca200c9f8c051b625213ca4dcaf0d070bda64e8f951587deedee1795b03efb07b0a4543fece94e0eb1ea57fb

Download Submit
/data/data/insure.cable.estate/files/.com.google.firebase.crashlytics.files.v2:insure.cable.estate/open-sessions/66D2CD6701AB000110DB01E2CA4E044C/report

Filesize
800B

MD5
223a11f20c96214438f833f0eef26d69

SHA1
2afe8499567bebbf39ec36940c88780d23e6a291

SHA256
0e2f98de1c1410ac0606c91dbf00949818e7106c6c86513e115a56a2152fc27f

SHA512
9ec4835ff247f93b9dc0cce56158cd2d5ae04ffe96f2a1802d51f55c50638edc5e97ef48ff25f2bc2b8def00ca28a9193bdcb5182dd364ecf3df0564d4912ee2

Download Submit
/data/data/insure.cable.estate/files/PersistedInstallation1966110471745949528tmp

Filesize
569B

MD5
7e8bbbe1c83fabc3f58b5810dff8608d

SHA1
271dc6213633b6eb1398418344f4f542c1661ac2

SHA256
96bd32873fccea35031295437c16f6ee92c8476e4240c65a3a39ae3be5002700

SHA512
02e96c49deac48ed9b2cbe6c8bf4ecb08e768a5447a95b0d308dd254e113f4493741ebf40cbe25d3046f16157809c962f5991513c6345ccb285999e6eb60f653

Download Submit
/data/data/insure.cable.estate/files/PersistedInstallation8208110869820469871tmp

Filesize
90B

MD5
e20877563b58930b19014148d18a88fd

SHA1
6440b045cf93fe27d61d92709c3594588c4b4cdd

SHA256
313c478a81d10bc3884d6a8f2a2cc0398cab20fd76e08fcf86ce471de8525259

SHA512
a6a69889a25d16aa2a178ca29caf36cbbf5ed204088e2ca55a2e8b4acc390f4f154d7638f089e4906d2083f93d03e4a8e16ffa3a718b8f76f505bbd20a5c2b31

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
4db827201873b609e2a4b420adb88074

SHA1
18044fb042398fa693ccf652d7223d9bd0ae1b5f

SHA256
bdedb87792ec1770a0a3ad4ad17e880edcc184b95bf5fc07769a22e2fa3a6877

SHA512
33db131d5d7fd9907e9cea943d4912ab528fb75c77fe4748a503d37a303cb87cd5f2cbacf5525b0aa9ff92016283d347abc0c23ad9959731ea8288007365d40f

Download Submit
/data/data/insure.cable.estate/files/frc_1:614315011479:android:59cce33af57d3bfc66a8d2_firebase_defaults.json

Filesize
128B

MD5
7a845c35ee49d2391daa9795ee60001c

SHA1
70748279b9220aa33d412ebf4c112c5ef9e04346

SHA256
b4837f5556a74af96fbf68913e70f7011d54e8c8ceb75db2830ad737264f1755

SHA512
040139f518e44547886d2c4be50baf6f92dd28d000cbd9fdaf86bbca50cb1f60e75967ee4631dba3a1e8e1617ced72611c78b9fc24644c41cce927616c9756b2

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
44aa8733a3e09ce84d67cdecd6492586

SHA1
dcde9c2b2310aa17703df7828403ccfb8bc2f55b

SHA256
d4e14da86f7232c3db89ab0860356276b16555a6a2a25c46ccf7794838d517d3

SHA512
faa4835fbaac9267388c6e5a602a9b38daa2a5bd6b6a17a782fc9818b6edc13cc8b35bf4e591369a2f9f3c5a3eac9567487397ea2819af97339e6bf0b99b65df

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
67374a7ed57ee8d89f98617537698015

SHA1
7cb254406304b2360fc78e5af713b069f4257e5c

SHA256
e96507f9fdc4b7aab511dee91e05597dee34e25fa78a64ab70aca6e78eab03fc

SHA512
92f6dd136b8a6bc98370a5dc02337bfbd6698e31c2edc78b4ae35d0e05730892cae2abad27829b96d808eba6265da82a6b3c5fb04173800deb94f057f2a8096b

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-wal

Filesize
80KB

MD5
cf6c1101fed61d946ce93a2ef166ba8f

SHA1
0fe9e0afba2bc07f917089756b599c75dfa73548

SHA256
39ec7dae270be6c052714e9b7a32208ce1f7b892789134cbe25f38cdb6143b09

SHA512
5f30cc04e76e19776b5ec44059b42799286008c48886ac55bfa38976e5f03b3b462af7abab5b2c9e6861c3250e2e257fd2453ed584c2245fe1eea6b9b39657bd

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads