smsfactory | b4197d979d39877cb7fe350ce9ff6307177ad8121b9a0f3aa8267fb3fa893ee3

Analysis

max time kernel
146s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/09/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81d22a908f7989dbafa747a6cc3ce42a1068d5bed9f34cc69fa86672b4d57e19.apk
Size

4.9MB
MD5

fc0f20db5f8098e42d845492fcf3fca4
SHA1

380e9f9d17c1f13e66d367f4f8726200e2dee07c
SHA256

81d22a908f7989dbafa747a6cc3ce42a1068d5bed9f34cc69fa86672b4d57e19
SHA512

d4fee4bd9bdaa012b57346c407a5e46eeb8908727686bd7022faf704a3baba81b6b6380b260e2f672fd8967b39a4d6f2008b6bf5e629efd163f01a30663d14a1
SSDEEP

98304:UxQ993O4ZwUzMnKTI5qkVe6/7Tr/njx/3lIM1bfzyck/IISqf+HW6sR:KQ993zwU6+I5DE07TrPV/3lImKj7g26y

Score

10^/10

smsfactory discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

SMSFactory
SMSFactory is an Android SMS trojan malware first seen in Jun 2022.
trojan infostealer smsfactory

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.kongregate.mobile.bitheroes.google.hack
/system/app/Superuser.apk	com.kongregate.mobile.bitheroes.google.hack:Metrica
/sbin/su	com.kongregate.mobile.bitheroes.google.hack:Metrica

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kongregate.mobile.bitheroes.google.hack
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kongregate.mobile.bitheroes.google.hack:Metrica

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kongregate.mobile.bitheroes.google.hack
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kongregate.mobile.bitheroes.google.hack:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kongregate.mobile.bitheroes.google.hack:Metrica

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kongregate.mobile.bitheroes.google.hack
Framework service call	android.app.IActivityManager.registerReceiver	com.kongregate.mobile.bitheroes.google.hack:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.kongregate.mobile.bitheroes.google.hack
Framework service call	android.app.job.IJobScheduler.schedule	com.kongregate.mobile.bitheroes.google.hack:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kongregate.mobile.bitheroes.google.hack
Framework API call	javax.crypto.Cipher.doFinal	com.kongregate.mobile.bitheroes.google.hack:Metrica

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kongregate.mobile.bitheroes.google.hack

com.kongregate.mobile.bitheroes.google.hack
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4264

com.kongregate.mobile.bitheroes.google.hack:Metrica
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kongregate.mobile.bitheroes.google.hack/databases/OneSignal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/databases/OneSignal.db-journal

Filesize
512B

MD5
901f7c86916d1ad9ab32b10156b98729

SHA1
e0384fdb59db1a57cefe5feede9e1aabdef98c7c

SHA256
d4204addaf8ad59255537b204334282542c4df351349490fa79f1c18dacbe267

SHA512
41eb7f109b2ad6ab64410b8d23288e15950dbaa87041a580356e04fef99c853441ef7caed6eafe6c462ae34e90bca13d15cb0e07be010a51a7f10c8f9b29d98d

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/databases/OneSignal.db-shm

Filesize
32KB

MD5
7d88c811f8ab0e73a4c394881f0d2a7b

SHA1
0bacdeb77e64ba114b793b2d02b8f59ff408550d

SHA256
af4192a42d9cf2e9fb6c655469540a1e8f9eec3a3dedfb7bc4e7e6b6cf93e892

SHA512
8f02705b31266c404559a58b7f20ad9cb468dbf2f6b6fb7fe51960463b1ead4c5d3057f394ece232421b2e7c3ec2d69394e754c2802c3763c5e11d3b6b3bad83

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/databases/OneSignal.db-wal

Filesize
64KB

MD5
d0d73b7516bd795a08f3698e7e0ecfe3

SHA1
e044c7456f66f13a81345a44a6599ee9e9fd16b9

SHA256
24b2da84dfc613b719d6c29e52ac54d576f144d1fc16f8d8f664b9927ecbc4b0

SHA512
5f93bf47fe76f26496b4f9477d030bac0b18686dae87ff66037c56514198f9f61b63826a55647401606bf8287139b6aec7f73b07092e1ece2d75b639480b8910

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/files/Mint-lastsavedfile

Filesize
226B

MD5
3e283adab43e50cc2656a89517b48d1e

SHA1
6fcd5363f5302ffe0256219fcf9db27286c0a9b2

SHA256
9b1083bc03a53eaec95883f8d253f3ace4dc206d3094647e2a3ed28838c183be

SHA512
0f39788cbe33298bcabf49bb7b0d1908d85ec4076b5ef9b42181e03c16aea431f4a21820ca8b07daaae3732fc0538341b939df58a9f36c5b05c7e66671185bb4

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/files/MintSavedData-1-1725346048294.json

Filesize
402KB

MD5
b4128a7864e2db2f0dfe89cb01edd3be

SHA1
f0946a7e5a5d815627f834191a4ca82f25f39c48

SHA256
6d6f26d55a976477fae6e01dcb71292ee7db74f741c23d14c0bdc7d906c55172

SHA512
5d7e784ef771355d75919d579fed7b946954262005cdbb745c98d0116c0f952c506997656c858b715a7845b8be4136cf5b4b11accd29f1364c2748b347fc60cd

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/files/credentials.dat

Filesize
8KB

MD5
b5eca2c35f5355f5b1b24cf281edd23d

SHA1
3edf154dbd00112811604bc6473699dd131167ad

SHA256
f8df0093d337f83a0db91f821d422abd672e92c49ddb0f84c9e41cb088c0d80b

SHA512
b0da541b14a9102c73494fac31cd5640796357fc40e22c2700d68a575c265bd0d757eb77e3ad9c0c8aa8732d59f9a063257ba5104e6a540f0d49a1a51db2f6f0

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/androidx.work.workdb-journal

Filesize
44KB

MD5
57c3a055c43ae1b3d9c5936acb411f6a

SHA1
434228314376b2f6ed91aca2d936fd42797f7631

SHA256
3962315b228b3f4299b1214d30dac4776b1d4c60ef1cf07c2a3448e0f7af0a83

SHA512
e2552cf4966679270249e93c2a06f5b7be95a18729ad0a8a381f309f4d07ed7727502b12a6646827b588cf88cb26790982d35f9e631ecb65f81cf4515bac0a22

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/androidx.work.workdb-shm

Filesize
406KB

MD5
989e98542aa68ed4213999a432b72163

SHA1
9d163f23c8549b41f051204d988fb43ce54f312e

SHA256
6d9bee397906743378f26227a5bb6c76a39a6b3e4fd5d537f75e1e44aaef97f2

SHA512
6a25d86d2e389799592726c8705821fb24d1ed3556e4c65e1305b0f50706f00d9a5258acb554c90bf73c735e9c091bd127a9964498c140dac78fa72aa34f8a52

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3477cce571757756299741e120211a32

SHA1
d0f5f310e3e77fc1753cab2d32d80aa17d71506d

SHA256
175c163befafe0b4df6350f10286974dc699f9dbc0889bcc07c40190afb992f8

SHA512
f45368b292a9223ccc77e3a7c4e7926a4b7919b903fc881c4eb4b72efac6e9b72a87200a3e236d76abcd62856499056fab1dfdba2158e922bddd780a297550f3

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a2496a7f3b3052a610129f3f126ec645

SHA1
97d568f48d79d2d0bad33f1a4ef05893a172db75

SHA256
28b5950bff5c6e1c5ab58c659d40bea289a62e6d076e7a799dedf23f9a72adc9

SHA512
6859f14298c4fff4f684118f570c2d392130c53da0f56789fd6ce0975d218402a43a3e8031a59e4d81ad16f179440259fad3f33183a1ea1323557f0d013a5932

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/androidx.work.workdb-wal

Filesize
237KB

MD5
f7c313e21041c98fbf390a3188d42b32

SHA1
c31d74ed2e8e2d3ef6f82d02fa300b15a59a6f5e

SHA256
162523ba41f913b70c58166a6e8558b217cc4a7712639ab8409e0612cd56fd1e

SHA512
0eedcf7d3a02092016237904cc8da139d338654ddb0195e21a9e422cfa73a231712a11b6930de66ccb1736d8629ec1d7088538212d441877c169e15f3934f508

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/com.google.InstanceId.properties

Filesize
32KB

MD5
b10c09842a5472119a0b0d8c81667441

SHA1
b99a8d2e4fca2411938a2d8f75ed3e0e100fa6e2

SHA256
15a82a44d0a4243b76d246813aae954678157ec45c4916d7726708418a28427b

SHA512
50910a13787aba713640f011a501c61a030538b8584a3191344de6f9a2247929a09182c803eef345ae3f696047e5a7f41366d9f676403bddcf87b58549957dde

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/db_metrica_com.kongregate.mobile.bitheroes.google.hack-journal

Filesize
512B

MD5
ef2eb59654f60870a5b11bfc29067812

SHA1
5afb7d2b26be0e5572600e5ac5148c726bb9cf1b

SHA256
fcbf6b6cd36f8438a8125296dee398b9b83a0b9cd86a79dfcd5038841867ecab

SHA512
0008c2842582081f1d467e46ff64b0a40817966ae749e324f91193288bd2cafe259f438f55754619a4fb7858f8c20d8b210cc2f1664bd8a5a04a8abd910b71d2

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/db_metrica_com.kongregate.mobile.bitheroes.google.hack_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
9ee8a7edf9bfdd578defeec1899327b5

SHA1
b78f0dfd7157391f77f25f8e9321f07513325be2

SHA256
996660ddf7235acad080446341cf38e62afd9c0f96de64902bd6204df8414edc

SHA512
611f89446cd1a5b86807ef75176c1e211042b8930cbbe4989f3bb7c3b2e268ebabc2764478752ac4dc3617364354a37503bb4c6956eb77c548bf9814c7c4a6bb

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/db_metrica_com.kongregate.mobile.bitheroes.google.hack_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
201KB

MD5
80d330fa0ac742d5e87d2ce63ec80605

SHA1
20e27f14fd745b32681a1b7d90eb023c16fabd3b

SHA256
8c4701d4298dcbdf61ef7ed1999da618c4d313a43dcf01af3cdbd484861b1ffd

SHA512
d8508fc097e746a3efc431f440044059047d84b2afc0f2885876e84a3aa50372bb7b9e3f654ce8b62129ac379d4cd6b5971494abff20bdc86a2b34ca8bce373e

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5ae1dae9eb36649faeb07a94ca96e7f8

SHA1
9056cb35b999726d6576ef6ced55ca9228cb97c3

SHA256
62eafa0fe191047857cbfdbd6909930487f2216d260b4be27fd52e3cff6086d3

SHA512
e33d2cec8122673da3c8ffc788bf2984eac878f7dada265485d960a886ebfb00e17b12a30b546c959bc04c62a31d5646fda748df693e0bdafbb974abbbe77c1a

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db

Filesize
213KB

MD5
5b3e2ec9610ee35375d2951fa8277cf4

SHA1
6de2214ea34731d2cd5bd1cf5affa66218996986

SHA256
0b44f46e242a4619a1017c535b0bbbe7e3bc2a8a30c656507651840050fc17ea

SHA512
3a87c25dcc5c9b871996b5fdeca34fd908ffdefd918a04ca70971b468d9e90597c0a3852c07329c3ebe9bb86b87028863c5d883a79bcd6b5552821c11c116d97

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ac26a375d5d673c2a7b39bbe42efacaa

SHA1
a7384db83f153cce2cdd67a97a20df068f6ecd67

SHA256
001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

SHA512
45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
6856c5da1444197cc5e07dc95a04d728

SHA1
cc33e398222623d1e67b6d2f02aad5e046d4105f

SHA256
15eb15d6b0b4c0bcf9ca63e8cd192f22982dbaf35508ce0e38988f176c1bb4e1

SHA512
29023a3dab5c3354fcfe2974ecd3bf729bd7e6f58ad93428b77336870ded9828ebb908d01cc89c5af2c29ba3c836388b96b5a7f718e78bb2e8e85445157aadad

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
4fd6d0bfda2c73f662fd1189e420aac2

SHA1
52325fb2263c2e0ea77d9d13c9d703b3cfa03ca2

SHA256
83ced10498cb1b8d8b8375e323847a75a95e93bcce092e01ac649cf048f72d79

SHA512
4f98297a1bf76bb34922dbb60ece8dec4c7e87fd8e363188a9153cebe1a1c11bd7abb7c16752234006fe34e73f44d25ca252cc5e2b8bfb5a04397887c21cce88

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
2729ff8e7d8f6dd32fd133d6bcb7ea8e

SHA1
6e6903cd4499093ad8bd5a56b0deb873e7540fd2

SHA256
16745c5fa13e07684eb2760cc035247b1290f19feb08b06cff95d165554e313e

SHA512
250449c8d96568af099723eede0f3e4b84f65f20be82051ab400ddb498e74aebf60ee2081c5311b2a51648c546b6077b561452274a61b930853974f37a1f9839

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
58aa26ad3dcea412c9c78724f39ec614

SHA1
346ba368cae3fe83a065b36b70094edb95e11734

SHA256
d6f33193635106c51f0eea74e2217ba19bff57f01ae551a1a1972312347c38aa

SHA512
d04a97464c6376842604409a44f08a0cbf2e97b3c33e49a83535fbf4a641a8750f79c0a38ddf09faf83aac0b7d3ac520f7e5b5e987dbf7a78f76b43e3fd5c6cc

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
daffbccf0d51de8fdd8fc77e468a78f7

SHA1
8f9cc3ce6e6700c15e4ca0cc3b3e7ac8173a0778

SHA256
906a985dd072acd3787866b8cbc8098920ce85d71a1ad9880bb295f0b67fc744

SHA512
e1265b67748a73b8ca085dc3beb85a93ee01972f51697a95cffd0d24fcddfa678a2687853eac6bed1841f7671ef527f739ec30d1a85724c576b928e8b521610f

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db-wal

Filesize
20KB

MD5
5c175e743a91a8db0f10b24af4e270d5

SHA1
f6633b790a94f6d0e661bfa2e984167174a6b0f5

SHA256
70a5ad44c061139b712b8bfc0613c6cb2a76f33dbd1af9eb02007b32bdd0e583

SHA512
c7ea7b7a44f4f45622cab692d9babae76103ea331169374f9ea3625d1b9042cc326dd2edd9f80708260643488416ea1d26b11d7d373d84bf97e682bf0f549fcf

Download Submit
/data/data/com.kongregate.mobile.bitheroes.google.hack/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
494b23ca9c66e73bbee7a321eb1eaa31

SHA1
b8cdfb02a4a8d666ca339e07b951c39e402eb9cb

SHA256
c783cad33077a28d9420899182b4fcaf62798b91346674d5630f1614f651a561

SHA512
d8440ccab1f825b43b66f4cbcfcc0f0c1f8044de69362f02dded2e162e04434ba73ea5ab0fd99d9eb8f3facc39d15fda18ce7b6be4570699ad5116ba901b426f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads