smsfactory | 6041b3e0b3b1b88b0c93f26a58a5d1f35b3552d4af92b500a07fbb7f32cb4f01

Analysis

max time kernel
148s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/09/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb833cdb0bb1a7ffc9190ff366cf0cfa_JaffaCakes118.apk
Size

5.0MB
MD5

fb833cdb0bb1a7ffc9190ff366cf0cfa
SHA1

5340c06cc99bb6fbb7700f8f85aa7b3da45bb74d
SHA256

6041b3e0b3b1b88b0c93f26a58a5d1f35b3552d4af92b500a07fbb7f32cb4f01
SHA512

1f57369d9705941ed382065660c52fe8281b89a7bc5bd0d231b903f534cd6d1413609f3d45a473e1514cf84bd6e91925ccec690d1a668a4dcec3b9091a3ff535
SSDEEP

98304:mrfZdA3eOQGLVqAQ7MZPwz9Vqo9AuICisplUhii22Sqfapn+2Au91:IbA3bQGLLOKa9xGAlDifIp+2Au91

Score

10^/10

smsfactory discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

SMSFactory
SMSFactory is an Android SMS trojan malware first seen in Jun 2022.
trojan infostealer smsfactory

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.scottgames.fivenightsatfreddys.hack:Metrica
/sbin/su	com.scottgames.fivenightsatfreddys.hack
/system/app/Superuser.apk	com.scottgames.fivenightsatfreddys.hack:Metrica

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.scottgames.fivenightsatfreddys.hack
Framework service call	android.os.IPowerManager.acquireWakeLock	com.scottgames.fivenightsatfreddys.hack:Metrica

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.scottgames.fivenightsatfreddys.hack
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.scottgames.fivenightsatfreddys.hack:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.scottgames.fivenightsatfreddys.hack:Metrica

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.scottgames.fivenightsatfreddys.hack
Framework service call	android.app.IActivityManager.registerReceiver	com.scottgames.fivenightsatfreddys.hack:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.scottgames.fivenightsatfreddys.hack
Framework service call	android.app.job.IJobScheduler.schedule	com.scottgames.fivenightsatfreddys.hack:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.scottgames.fivenightsatfreddys.hack
Framework API call	javax.crypto.Cipher.doFinal	com.scottgames.fivenightsatfreddys.hack:Metrica

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.scottgames.fivenightsatfreddys.hack

com.scottgames.fivenightsatfreddys.hack
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4266

com.scottgames.fivenightsatfreddys.hack:Metrica
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.scottgames.fivenightsatfreddys.hack/databases/OneSignal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/databases/OneSignal.db-journal

Filesize
512B

MD5
eecce9dbddc6c56e5eeefa23500732cf

SHA1
9857c700ec2f3d25627c6787dbb87682a6c6ad8c

SHA256
5683600fdc7bf4551974f5977bdb3e6ed5f3dddcddb775c1465a5a971c4fa428

SHA512
c890a99e641351bf7fd80d25539ff81873ea0636ef33020c2003bb7818018dc0c649ad7a5051e2d306cca664122182622bd11610ba5c4d84a60bc7a529ef86eb

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/databases/OneSignal.db-shm

Filesize
32KB

MD5
7d88c811f8ab0e73a4c394881f0d2a7b

SHA1
0bacdeb77e64ba114b793b2d02b8f59ff408550d

SHA256
af4192a42d9cf2e9fb6c655469540a1e8f9eec3a3dedfb7bc4e7e6b6cf93e892

SHA512
8f02705b31266c404559a58b7f20ad9cb468dbf2f6b6fb7fe51960463b1ead4c5d3057f394ece232421b2e7c3ec2d69394e754c2802c3763c5e11d3b6b3bad83

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/databases/OneSignal.db-wal

Filesize
64KB

MD5
bc9cd1778a6c3f0a5cfecb9265aa00e7

SHA1
979138fd54de7f5620616b9eea9d296090bd9f04

SHA256
9728b3244c25baf50ca6718fa4c2c1f9f96e15d073a27029d40096a7b26ed12a

SHA512
1f895156ce59f2c0d4f6c532616cacc6e8efbf6786907ff28c387426abdede314c134f7759f5c988fe85ba868a6d23e1b8ed6ed19b41371da60e4946eb57dcc9

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/files/Mint-lastsavedfile

Filesize
205KB

MD5
7308c4ee3dd33de10866993c72fe0c83

SHA1
e51f812d3290e8615cbfe8f6e5d0ebe28ed41a4b

SHA256
9fe87027cd29c3ad2f18b60f864cb132de54979fdad987b5c2f513e709e83b54

SHA512
e16c2a4db5b3a1c40e21f131f4c851f925583cbb8b42b981346da293d9e68257fd4952190498a7c82490616e177e4d787f9ce377fcd31c436f48596af833f6e3

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/files/credentials.dat

Filesize
20KB

MD5
47ef9c79934742c0444fbc02d44ba348

SHA1
c38050c5216fbfc99065d041d48c97b86726284f

SHA256
662cc124ce7d4798379416f75d0632c70d2750a625b8432c1b6ce448b4be018e

SHA512
282bb3b22f592344b490374192ac813afafbaf6d0887f32c8722a6576ffb01e552f42e65ffce1560cc849bc5d71590547dffcba1f534bf2ff0b3215a84fc5a6d

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/androidx.work.workdb-journal

Filesize
44KB

MD5
abb6e5084734ee86dafa33ae79418513

SHA1
aaf98324f86cc2875f25f0b332319c8d85a9c7b9

SHA256
967a830748dcde13ba74034e326de5528fe69e721ca1bd448a4f705954aebb5d

SHA512
958376cc356c250a910aa984e2dbb6c1b879a6e0ae1e89d38868da175e5ed57b78fcdb401fff3184e9fab2e94a4bcdd6ec52481c5c3ea5d452ac6e5bf3727350

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
00de656819c22189b52b5d19f52a1389

SHA1
4a4ef04e6d702b8aca2b56dcc1d4f17f02f80946

SHA256
de73ac49be9bfb2ccfede0db38ab90317418d0ab810988777cce028d83d69204

SHA512
75918dd1bec9c9e000f1ffca8e0240d7302fdac6373f2a9120a6ccbe9e8ffa58cbc3b4a0b9247d0cb17e3bb612da1c47be7a340f1dc4103f46dc8d91482e64a6

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
00b882147d0fd8de7c29023ae026d8e2

SHA1
556eeb5648d9adee5390ca829a5483efd77f9f62

SHA256
ea4ef9b49d70939c6418cf40bd76425344ae02aedcf4457d8cda14dfb23d0040

SHA512
1d71b8a8c12865138ebefd291ce1bfdaba029c2a3d243e73c5b49b12c58af72d204d431c64563e30d9a79e596ca420ec2bbb5e33f095aa721956e2a880ffeab2

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/androidx.work.workdb-wal

Filesize
342KB

MD5
e409147fc81ba26b2d033fe20abe9be3

SHA1
e42ac4f775a0eff5d47006caf7e5910032fda59e

SHA256
3cf55f8c52dcd3adf59a9bba9ceee970b119e431a446f0b862a0f811699a4852

SHA512
5cd43fdaae74d396ae90bb1e1f9895209a04192d215f1bd192ac60d79ee3c8d81904023ac5369357ff150e6cacfa519c30ab879b15ccfbc15a918712f6547e27

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/androidx.work.workdb-wal

Filesize
261KB

MD5
673057b9d39f1fd34eae4d3490719b58

SHA1
cd6bae20dfe103b1feac24a48a492dd433e0cb66

SHA256
dfc8072cd4b1089c583404e237308722d2a86c56bf973750f2e6b70cdd55ab7b

SHA512
f6c4931ff748e4e662a55636307d30765b94bbcd1762649c52ad5d209b5a70e37ce0e8249a506d7074a68cc822e6c64cdf7a4d5dabf65e30dbc7c06bd791e4d8

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/com.google.InstanceId.properties

Filesize
406KB

MD5
8831ee1d046f4b915a749dcff4ce3cd1

SHA1
5db8b16b60949a6e16f1e8df5e2d417620f97f62

SHA256
e45eaea013bb436ef0f076f60994bac51ee94ea1ae69d6b8494bf105d3790efd

SHA512
5d36ca2a7c0f25021f1530ce4427cb148ec641b628ad5e606fdfd78e920a952b980477540a6a664f06a8db4056be114a458f218f082d976c9446650a4546e458

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/credentials.dat

Filesize
8KB

MD5
7608dfc66cb05d127bb9e4767f04db57

SHA1
584926765401c5eb82d11333c398ddb300d1eb34

SHA256
6964a5b0ccb952d2485be9cd538f8cf0a4d6317d3d3e75d3ec0d2549a08c13d8

SHA512
09d3d744bf758d1be1457536475bb7e6bacbc2681a2f6cbd9707aff52cae5c7ad7e74f6764c99ca280f8c5b4397e3a8288c7dbead054f102278341d64b564f16

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/db_metrica_com.scottgames.fivenightsatfreddys.hack

Filesize
36KB

MD5
b96485420893377c5920073d5950c14f

SHA1
ee452fcd35e554352a26f7f62ce390e73af4f6ea

SHA256
2c23225495ec39341924ec3f962969de68f716400940aba91b0f5e9953738e1c

SHA512
7eaf8d91f26f404b2851bcbb5c98f65417561b32a9ca8ab6115d59ab98ec558408b1703d5630ece948c134f0722cd4ab242a4ad9ea0c757499b49ab123b26fa9

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/db_metrica_com.scottgames.fivenightsatfreddys.hack-journal

Filesize
512B

MD5
8ea2e15dee5630c8de9b16d748657388

SHA1
feb5f283c26bc14ced6da6dde2e9e1fdc088108b

SHA256
3245714839c16cb9b71b88d605b8e647547e3c107df4cc1f2e058994906dc7f3

SHA512
117e9f5c607452fb5d7fd7e0479ad9b6caa16240168e05a88bd74461c64255eb3c799318f66b074623ee0d754226e5a1d9e3c5a2e0ef6c585a9b27fbc5dd2603

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/db_metrica_com.scottgames.fivenightsatfreddys.hack_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
e31c85cd544cc30492d71b923e33fc3f

SHA1
9b62171de32651eef80d5bd27f8b630f20dd45fa

SHA256
cf2bd277a0ea1a9c421241d15ead59549747ef496b632f62c242df1951d1c855

SHA512
5be6505a9ab61cc807913fab4fe89e20b30c475cd6197d0016ec41465b46b23bb16efd426e28e763aea9f696b2c8564e61bdf037b0260bce63910256fa4acce1

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5ae1dae9eb36649faeb07a94ca96e7f8

SHA1
9056cb35b999726d6576ef6ced55ca9228cb97c3

SHA256
62eafa0fe191047857cbfdbd6909930487f2216d260b4be27fd52e3cff6086d3

SHA512
e33d2cec8122673da3c8ffc788bf2984eac878f7dada265485d960a886ebfb00e17b12a30b546c959bc04c62a31d5646fda748df693e0bdafbb974abbbe77c1a

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
bc674b9822dc0f63d98be73a3a054190

SHA1
982b88416915dfaa63e14912fd013a22fb0824e7

SHA256
8fcb25b11f4c5a59afb448ccc116ea3268d84d1a862d7ff13832b08877c28891

SHA512
f05a125595ce6cad96875e5b06d65f04d904df976feeccaef7cb17b439047a278a6606fdb7aa9f203c8560ee8a2efd55b64feb2c1fd5df58dce01099315643a7

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ac26a375d5d673c2a7b39bbe42efacaa

SHA1
a7384db83f153cce2cdd67a97a20df068f6ecd67

SHA256
001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

SHA512
45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
8e55705d8704d07d8816184051a65835

SHA1
a62ad10834d4ebcf9033deeb8121a74e5317f6be

SHA256
fde16a6600e59cc6af943f8ff98f290225c4de19f8701fbb9016257a278fcf46

SHA512
de1d4580b967a16a8984559d1b2569ef4ef11e104565a6242b941b1535d79c868c4c4dd28b16bbc0443b4aee5d6c4a7d75676a08bad60566f6d845f679860eb2

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e3e5b98ece2fa3bd3a1cb7d56ccb7c1c

SHA1
b2a239bd3900beff9ac2aa3374752de3100a2c62

SHA256
399d459dc78f412c81901052924bcaa5ee9190c4b22e3410e06b11b1d030853d

SHA512
638377fa1c99cb801e839c15df3dbca080b4b654ba41e0e43d90aa22d33dff07cd305960688e71cf6af3c02ee571ffcf8a5f110480bb92c013a443e232a0966b

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
c9571dd55072658e31b067f9fb7bfbd9

SHA1
967f37a4038a12138e354f8733a274be2bb8767f

SHA256
d4fbf09cfbf9ac609666adb9190bc712b98422078712de4588208bf8854fa224

SHA512
f0a2e1c9fd86cb7643692bdd21a70dfe60eee68297f1028eda741cc8b514e92065eb18984678c45429b8972dd1dff5d73c815c8608a0363cafba77281d575ce5

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
3b54447f5d4d6d5303e1cd03d4583206

SHA1
96ace96929b2132ca890ab23ebceda067f72df42

SHA256
962d14f4558c629823c1bd1759615a1dbd1b8eb9c64b77d495a305519d4138a2

SHA512
900175ec42615151a32670e9fc7aca5009ad9bbb251c856a8b0db27adb9bae686e6b5c3b22a1032da54b01ed43a23aabc6d161414e2a9d7b98874eb66e5d8f4f

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
5934edb31113ef4ad59cbf92d370fd4c

SHA1
84d2f68c6e0aed26bef476c24565c82cb02b628b

SHA256
ab3ad8dfe44ba29d112dbbedf8f487c456bd5a4b30368f3d516d7053c0b75318

SHA512
799b5c8f2097978482e3033dde03bcbc5cb1ef43be11d3b1a114b9e85dc0768456e7adbae43f9738d0984ad69026a56dfa04594fe6684fd7949fd0c855bcc24e

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
5c6562529799c0a7f557cec04c405e11

SHA1
58e798dc470667fb250065444c619d31dc24c674

SHA256
3f929860c6b503b8e1ab39ad0507b68d7c975536050d2fa3b2ae24c92b7f7155

SHA512
f74403a6e3acbfbdf2eda6aaacccecf6c2d554be55cda4eaa62f869dae92ed01b0e69b028f6663d5acde379300fcd49f90df224490cc2b24c67e6ae8fcbb77c0

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
afb337d3304852ad62bce8a0c73905c9

SHA1
1124b3452e86bcef4cb7a3df546a99c35b670088

SHA256
b79822757d7961452acc1967e1cba42ab24061583dd0bfe373375f79ec96fa8f

SHA512
52dcd77c764932109aef0c662ce75649b3bdf824e0087d486848a1345b1c41fdcf5844cfd5e133abafc06df3775d1e8a437662053b82ac2a8cdc8f22902c1d75

Download Submit
/data/data/com.scottgames.fivenightsatfreddys.hack/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
fac031415c87b11025df811e72b4cb70

SHA1
f648ed8b7c2b771447ef2c2491d9d46941c5ee41

SHA256
c6c5dcb57624da0adca2b9b818b5dd6cd7cf3bc1aa98b7a1a1c48a7aa4111b68

SHA512
368b6b7eaab962f04a6073cc659d41ef4f5f40d0805891841dde29672e0c9983b46e38a554af3fce5c1982787a7e59086ba635a3a2bdb0d1c6788d03059d0a18

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads