smsworm | 71f44665d167f6c6fb93ebdadb0fc2b1513dd3589c5ecda84591bcba9f6f365f

Resubmissions

19-11-2024 12:38

241119-pvatwawjf1 10

22-08-2024 20:53

240822-zpe7hsxcqd 10

Analysis

max time kernel
13s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-11-2024 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HD_STREAMZ_Latest_Version_2024_HDStreamzs.Com.apk
Size

19.8MB
MD5

d9a3a25181c4e14d546b7a12cde29521
SHA1

9f48d6bf76640e5cf64e1397baf357dde3938a87
SHA256

71f44665d167f6c6fb93ebdadb0fc2b1513dd3589c5ecda84591bcba9f6f365f
SHA512

d3da5cc4c4ea29f8bdac7f8199e8c38d7342adcc8908fe0f88dc87a431571178e94e19c08eba448da365aa32981fa12b34bc2c71a1060487d994866bd5a1a032
SSDEEP

393216:DjGJoe37RquDHhFVhytkwrgcY9sNORkooI7wpZOTsAI6s9QfTEn3M14GEIV:nGL7Rq8xAawksNYnJ7wp8rIeE81Zz

Score

10^/10

smsworm discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

Android SMSWorm payload 1 IoCs

resource	yara_rule
behavioral1/memory/4227-1.dex	family_smsworm

SMSWorm
SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.
trojan infostealer spyware smsworm
Smsworm family
smsworm

Checks if the Android device is rooted. 1 TTPs 9 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	insure.cable.estate
/data/local/su	insure.cable.estate
/data/local/bin/su	insure.cable.estate
/system/bin/su	insure.cable.estate
/system/sd/xbin/su	insure.cable.estate
/system/xbin/su	insure.cable.estate
/data/local/xbin/su	insure.cable.estate
/sbin/su	insure.cable.estate
/system/bin/failsafe/su	insure.cable.estate

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	insure.cable.estate
/dev/qemu_pipe	insure.cable.estate

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/insure.cable.estate/.jiagu/classes.dex	4227	insure.cable.estate
/data/data/insure.cable.estate/.jiagu/classes.dex!classes2.dex	4227	insure.cable.estate
/data/data/insure.cable.estate/.jiagu/classes.dex!classes3.dex	4227	insure.cable.estate

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	insure.cable.estate

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	insure.cable.estate

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	insure.cable.estate

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	insure.cable.estate

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	insure.cable.estate

insure.cable.estate
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4227

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/insure.cable.estate/.jiagu/classes.dex

Filesize
10.6MB

MD5
2ad2f7af22c5704deac203184dba10a9

SHA1
40d647ba97ee7775841ed7d9845d2ad172e8d77e

SHA256
6fc88c27d8f657a8f95dafbd267792f4984448e671aade2a57d2faa1d0c62f16

SHA512
38e9c4a9a2837542d8163224fb0bd394db4c31f608b3fd7872d41f08f7035c3fa855bcc86f99e0a0428043cee5cebd161b2c000a7cffc4b2863d03029c497f42

Download Submit
/data/data/insure.cable.estate/.jiagu/classes.dex!classes2.dex

Filesize
9.3MB

MD5
c379ae1e140a18af67f142a985dbef6d

SHA1
91685400fd042026fab6de4e7c9afb3b7a9af6ec

SHA256
2862fc1602ff670387097865718eba335a324c4deb379739f188488fe64821dd

SHA512
cf4e39bb1f413fecefd523ddf7721938bce185ebcebe01b11d47e08002d87d500bceee4618c04d815b0146df301b0e849b2815875956e7fa918c07f603d9173c

Download Submit
/data/data/insure.cable.estate/.jiagu/classes.dex!classes3.dex

Filesize
91KB

MD5
b237cb71784406e1849399221ca65b83

SHA1
a6c230f556bc4ad1573e01537cd7eafa9ad98905

SHA256
14d4fc8cdeec7dd19a7fd010ed46037395a9d50ffdb6aaf64ae7f650c9ea8ebe

SHA512
6e3ab92c119129c2404ce079746cf423ea5fed2c64e7efb974f3517eaef16d85bc99e4c79c3058832a29aae46cb2b9fcf622618fc7122f8577b1b062ba29d0f2

Download Submit
/data/data/insure.cable.estate/.jiagu/libjiagu.so

Filesize
730KB

MD5
9c09b44d28dc9ef1dd810747820b0348

SHA1
55b89c9ef314df3da3b350ab13bfbcf514a84041

SHA256
2d969529ce8391a2088e4cdbc642bb7a8438e645b2563ba44b47fae6a6639a1e

SHA512
dfc0a654653b55abf989249b2eefe3b014a71e8501ed7d9cb56d27a23523601f0be823369072b7a1972638ab894418b7eb69ea0a4a46d14169f49f75be60978a

Download Submit
/data/data/insure.cable.estate/databases/StartApp-d6864f2502af7851-journal

Filesize
512B

MD5
8ea69dc7d3a94cccf55df60032a06325

SHA1
1e6958e57f1efe9f4859f3dd74f651f271e16cdc

SHA256
ca3d901a175dd1a2c53fa75dd87f916d17e38165fb87f3de08eec503c522e886

SHA512
3dcb6fb1143c156612f5f7fdd0c5d46ff29ae0d33d1257d0db00b7efc59b04203075daaa43d7096c327cf87750bc12736bd760eb964fc909053edd8489c8bf72

Download Submit
/data/data/insure.cable.estate/databases/StartApp-d6864f2502af7851-wal

Filesize
32KB

MD5
8a17dee0976c6542cc470a7c6a3879b1

SHA1
625388b1fc0fca82c25b50ae2252c0d47870e89c

SHA256
defd6bbd36c45e43c4b4784c13544144d07d0cf3f0f68a5ca6c88c290a6650b9

SHA512
a35f97a521a8e890e2117336fcbb33c44247da2ecd35df05a5804d9a43731f61a760f6b46bb8aa77e218081d4d4824d12891a9f1c8481c30d6b2af6271dc2036

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4dfca3a88d25aac03919b55c3fb53a53

SHA1
f2f5942b6a8ea7973c9ec091166a5d32c9616acf

SHA256
ece1054c14c8baa495fd3f94f628694c80f4d93b61a55ed639cfd1100397ecb4

SHA512
b4f96e9b8dc3bee6857823c3cb9a11f81f900c3d2b7de393df1901194345af07d015369b97128838ea6ecfb25af24e1dda888f7500f26ffc13aed60ca019aca6

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/insure.cable.estate/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
0812d3b46be559ad8db14abf2e668be7

SHA1
5caaba3d44f6b048c19d844a65c1e4fd23f56c46

SHA256
5b354bbd1d020c38ce68235b787f24cf748705b037201284948ce408fc9b70ac

SHA512
7c2407a149e29c8decad7f4cf4fae801af4b09e5bb8c90eef64de626807e94b7c84cbe5f890a6a24630417918bec463829fa6415393081199c2530082a4ee44a

Download Submit
/data/data/insure.cable.estate/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
1602745c1d72607fa477a438292f6165

SHA1
da65cd48a7d870ba9f1f21a42c5a462f0464c1c5

SHA256
2d28ebc87aa3dacde65fc882423491c7d189ab6ce8982500cfbd18dec0f444f5

SHA512
a1f79e095eef219e1b8b9851b44a23c5d08f7c3c3e022e1c4cf814c111a4c84274f3925763776d72a7cfa56260fb9ba850c9314e12f058b14d73db510bf64282

Download Submit
/data/data/insure.cable.estate/files/.com.google.firebase.crashlytics.files.v2:insure.cable.estate/com.crashlytics.settings.json

Filesize
715B

MD5
73535a6f21866d40c5912a9cfae93bd1

SHA1
66214ec807620b4c656530e96edb36b306def74b

SHA256
ea747be6f0a20ae06cb1c06322c0e2141774cbc7c35eb407a96d113427a1a40a

SHA512
3e12b5dd951738fed7576d8ee1f4edfa485a3887cc46ddebaf3af126dd37ebe2ca97f0e1b4936ba7b25aee906b0277ebb63846d8f316c1079977f7b0c736a4db

Download Submit
/data/data/insure.cable.estate/files/.com.google.firebase.crashlytics.files.v2:insure.cable.estate/open-sessions/673C86E50056000110838293A6ECD0E3/report

Filesize
798B

MD5
706d0f3c05a5d01f242d1ebabb36477b

SHA1
5c37db900278a7c7733db6001f89f615a4d51bd6

SHA256
21ba60dab8e8adeb5f01ff8f587f92c37039cc6a27fb32273d94a8dfb51fe3c0

SHA512
42c7a9e18223b18de21a47627234eff0e64170f2e782f0d3eaa59b40a194ee41134c7d355bc42fd2c62865dc5451308c30b9f6ccf152638d79598156623acc5a

Download Submit
/data/data/insure.cable.estate/files/PersistedInstallation5664622796670003145tmp

Filesize
90B

MD5
358ffa081505f02cf6be1fccbd46ac6f

SHA1
0f45e03590555885e2e8bbe763fcced8f0f067fc

SHA256
73d25f772363831bb198e11795ad7c20c9650e80af28cc0d142332f564b7d63d

SHA512
34c8523f7452539a3aa1556c1abb1ac4fad4e0ce32c13a49cb60ab95daca647544ba8db5d5e5986b67be028c7245c72fc2a2a77226dd48af513172896c7295e7

Download Submit
/data/data/insure.cable.estate/files/PersistedInstallation6706555901528757666tmp

Filesize
569B

MD5
09911deba9294830d3ac02a6c26c8d57

SHA1
5861986de5e38c2ab264a8a6ca37da11743ae3c3

SHA256
0027e808f153058447e539a2433ac470e7f07ca4b90b5d87dc86249a0016d552

SHA512
ba864501fca4b1015a191746a3845baca4e2a95635f05c9e109b462c07badcf9c9ef8d172c05fb14374901e75b1a033f24de09da19541d97254e896f2aef8504

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/insure.cable.estate/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
b042a148fdea2a99797e440e25f08f8e

SHA1
afbe84b2eee208980cb2118cb509562e9877bb83

SHA256
e28aa856e2212ac3bc87edbcc5a5b23049a854447612cd8575fc139ddc66c13e

SHA512
dd3b86273eb4158d406e14e41e4af9b0b744db67fdbb5e22a94826b2b7eb1a49d214469ca8719884a92db4edbc954e2ea202994b4f2f0e8abf2a6249c93c93fb

Download Submit
/data/data/insure.cable.estate/files/frc_1:614315011479:android:59cce33af57d3bfc66a8d2_firebase_defaults.json

Filesize
128B

MD5
7a845c35ee49d2391daa9795ee60001c

SHA1
70748279b9220aa33d412ebf4c112c5ef9e04346

SHA256
b4837f5556a74af96fbf68913e70f7011d54e8c8ceb75db2830ad737264f1755

SHA512
040139f518e44547886d2c4be50baf6f92dd28d000cbd9fdaf86bbca50cb1f60e75967ee4631dba3a1e8e1617ced72611c78b9fc24644c41cce927616c9756b2

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
72e86c711d46241d3f6d92af1289bfd1

SHA1
3f8b4660f0291bfbe132bc30fc038d15e2521bcd

SHA256
8288fe741b74b7ba94b2da5f60efc36828e13e781f6c3af008c7180e87a09755

SHA512
26cb8db6f5d3a76ee8fe5d3294424ab0902ecb3b38940ed0330ca1a324b9e851f7c319b04949af684eaa05f8fa6f1a8de20f21dba5c5c13f12e36a6d1d723304

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e5ba5bd3c5cbb72a053ae339358faf12

SHA1
c34e3779dd5c94764c5a3df1d311e363a792ff1c

SHA256
ec200b49a9ff37fa947fe84386d6621ddf5b809330a91a8b50321ad5fd64ec77

SHA512
4df44aa2498d5d7f981f6396000579852fa165394aa062d1742b9867c14a8883e93f6bc78984d7d8dab149fd62bdbb3a33a614816d10e680f7bfac6b86b08e7f

Download Submit
/data/data/insure.cable.estate/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
34169a27b06c8c263bf169b1fb2fd1fe

SHA1
00905dbab6838cdda2988ae63858807103977a17

SHA256
49a68caec41e5c187c026514da612f97db54311ed8eea4fd9915538c83feac5e

SHA512
be38087f392dfcf2a8dbaadd12a05557d7e26a0392f625394dfd8a086a9329a94324c8de6285535cdce42e26f644806c4236d345ac4e85944365a084b3811790

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads