smsworm | 92f211adb0da4cd916dd9f7e74582abe2fdf4d35fc590c99db297114949c5643 | Triage

Sharing

General

Target

92f211adb0da4cd916dd9f7e74582abe2fdf4d35fc590c99db297114949c5643
Size

13.3MB
Sample

241026-xb7nhavpar
MD5

ad8685363a026eb8a22c8eb507d1cf08
SHA1

1e1ac8dc688841052c589e533c4f39d334f9f858
SHA256

92f211adb0da4cd916dd9f7e74582abe2fdf4d35fc590c99db297114949c5643
SHA512

5d4fb4e8ebfba021fc4cb32c3f2d42c0fcfcde7843dd588b3a3fc3658f641034e27c71deec49fa0e5cc7aac0bad94cffc754b47d81599859c02c922bd66b1e43
SSDEEP

196608:Of7U2ybMql+wzQ3CFO0BEetR2kpXPhJ5jWuhM6GrOiJbZhmqH4DxhIlltNgB6CXP:Q7Xyb5zj/ppJRWuhpMvbZEqHdtI6CXKA

Score

10^/10

smsworm android discovery evasion persistence

Malware Config

Targets

- Target
  
  92f211adb0da4cd916dd9f7e74582abe2fdf4d35fc590c99db297114949c5643
- Size
  
  13.3MB
- MD5
  
  ad8685363a026eb8a22c8eb507d1cf08
- SHA1
  
  1e1ac8dc688841052c589e533c4f39d334f9f858
- SHA256
  
  92f211adb0da4cd916dd9f7e74582abe2fdf4d35fc590c99db297114949c5643
- SHA512
  
  5d4fb4e8ebfba021fc4cb32c3f2d42c0fcfcde7843dd588b3a3fc3658f641034e27c71deec49fa0e5cc7aac0bad94cffc754b47d81599859c02c922bd66b1e43
- SSDEEP
  
  196608:Of7U2ybMql+wzQ3CFO0BEetR2kpXPhJ5jWuhM6GrOiJbZhmqH4DxhIlltNgB6CXP:Q7Xyb5zj/ppJRWuhpMvbZEqHdtI6CXKA
Score

8^/10

discovery evasion persistence
- Checks if the Android device is rooted.
  evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasion