smsfactory | 0cc18aa0a58ac84d39ea0d681caa378f0c85e39fff230b85239fec5960068870

Analysis

max time kernel
132s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04/12/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3fd36103f617324d4d2fa833989096c_JaffaCakes118.apk
Size

4.9MB
MD5

c3fd36103f617324d4d2fa833989096c
SHA1

f12b9d0c224e0130e33af012b883c6405bb32503
SHA256

0cc18aa0a58ac84d39ea0d681caa378f0c85e39fff230b85239fec5960068870
SHA512

8d4b97982f18c67d90f074c518ea496ce2ba3add85529903108acfe266de02c9aa4c93b93e1fbba99a08658a78fb788450760a2d9c7983e65ed9a9eb195ea00e
SSDEEP

98304:U7pojb8O89LBkmUVyt1CXzTAy6ndf8GDLPGNw9PSqflLO0iX:U7pTO89K/VOCXfm98GPuq5PS0iX

Score

10^/10

smsfactory discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

SMSFactory
SMSFactory is an Android SMS trojan malware first seen in Jun 2022.
trojan infostealer smsfactory
Smsfactory family
smsfactory

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.contextlogic.wish.hack
/system/app/Superuser.apk	com.contextlogic.wish.hack:Metrica
/sbin/su	com.contextlogic.wish.hack:Metrica

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.contextlogic.wish.hack
Framework service call	android.os.IPowerManager.acquireWakeLock	com.contextlogic.wish.hack:Metrica

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.contextlogic.wish.hack
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.contextlogic.wish.hack:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.contextlogic.wish.hack:Metrica

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.contextlogic.wish.hack
Framework service call	android.app.IActivityManager.registerReceiver	com.contextlogic.wish.hack:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.contextlogic.wish.hack
Framework service call	android.app.job.IJobScheduler.schedule	com.contextlogic.wish.hack:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.contextlogic.wish.hack
Framework API call	javax.crypto.Cipher.doFinal	com.contextlogic.wish.hack:Metrica

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.contextlogic.wish.hack
File opened for read	/proc/meminfo	/system/bin/cat /proc/meminfo

com.contextlogic.wish.hack
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4261
- /system/bin/cat /proc/meminfo
  2⤵
  - Checks memory information
  PID:4497

com.contextlogic.wish.hack:Metrica
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4300

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.contextlogic.wish.hack/databases/OneSignal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.contextlogic.wish.hack/databases/OneSignal.db-journal

Filesize
512B

MD5
444770eea0675ea8c41e7d45c9da254d

SHA1
c27a977f5a3fdab0cbe4974a9d5405b7f609fa0e

SHA256
e47a5532ed3845ca8f4f13cc37d6cfc296b222e26ed377640b9ea77ade0bd49b

SHA512
2ea55681d75f58a5787ad9299ebeeffa3a051c68e6b2ecb825e9aa7b69dd9b42f429a31c7dacdbb815ca1d6761f97253cfca27c09b2a200bb8cf4ad3acb55d25

Download Submit
/data/data/com.contextlogic.wish.hack/databases/OneSignal.db-shm

Filesize
32KB

MD5
7d88c811f8ab0e73a4c394881f0d2a7b

SHA1
0bacdeb77e64ba114b793b2d02b8f59ff408550d

SHA256
af4192a42d9cf2e9fb6c655469540a1e8f9eec3a3dedfb7bc4e7e6b6cf93e892

SHA512
8f02705b31266c404559a58b7f20ad9cb468dbf2f6b6fb7fe51960463b1ead4c5d3057f394ece232421b2e7c3ec2d69394e754c2802c3763c5e11d3b6b3bad83

Download Submit
/data/data/com.contextlogic.wish.hack/databases/OneSignal.db-wal

Filesize
64KB

MD5
5b71edeeda822e27bcf303f85d760033

SHA1
081dec535239b0d0c4a97771d466f773c833242e

SHA256
97be63e8f04348a98957eae0be56d401b4d82276c78f3a651e8e874721a560e8

SHA512
a1b00f4ac4ff296dd74d8bb54374ce3511d75ea81aab778565d71b4951703a6935f59fb7b6ff3e9deebc7d01f8a16635a0f3fabc34a58b41e7c36ca0bf67d0e1

Download Submit
/data/data/com.contextlogic.wish.hack/files/Mint-lastsavedfile

Filesize
237KB

MD5
3e9f1e912548b2c8fd05b3564fc92ec1

SHA1
6b213930a3032509584f1d7f6d0a07106f31a2a5

SHA256
b48d95fd1d4360e13eda8f1ae96806b9264316f15d8faff24b4fa643dc42d1be

SHA512
5c93ce10654d8f39d3aa6ef7f12b641f6d2e59638d7531d0ce3d52880160511cb4e023496c4d8f17c7a9a94196b124dddfd60d6fc3303323e250bc254edd35be

Download Submit
/data/data/com.contextlogic.wish.hack/files/Mint-lastsavedfile

Filesize
20KB

MD5
fa44b6e49996ee53e47fd060f95cd2fa

SHA1
ed94767f7d35caf570d421568162b8df68b4ef00

SHA256
ccef73badd8d33ea51697077c298481d185ce287ad11fbb18b0d41e3e7c82945

SHA512
257092ab159ff252e0008bdffc81c1d4f48a2620cf843bad027aec8270cfbf20912cbe88b48c2c10de13623fbfeb9c1e6f7168075c8c63584c39cfd4262292ed

Download Submit
/data/data/com.contextlogic.wish.hack/files/MintSavedData-1-1733339524536.json

Filesize
20KB

MD5
c2227cde4535610569df285d7b9e2fb9

SHA1
18569966ceaf5b1d33c4d7ea1ae910742abcaae7

SHA256
c33fd29b2822aec86858d5fd93a26f475f232678660b9e6566114b25dee80f58

SHA512
1b3a08aa78dd734929d4c80edf95513e5962780f21af798e8833487c53ceb92a71c21ec52e2e20f4c78b1e2a5b76280b334468231af9de9070edb34ded4bb712

Download Submit
/data/data/com.contextlogic.wish.hack/files/crashCounter

Filesize
293KB

MD5
310f2403d1ea7ef02a030bfcabc58857

SHA1
0764c7b37d6fd91c4e45a9fe2981b3fdbc6f54c8

SHA256
3d1c1bec51d161b3622ff1ea7c6f21b17b8fdb4deb30299511f6d3f744b9f551

SHA512
95995d440bb5cc22ba31b48c3f0c3d03241513b0faca6d7b15455dc663023e5a9a08e134278516b90748b8ca9d10fc2582ee1edb9626e37e892fbdb942563387

Download Submit
/data/data/com.contextlogic.wish.hack/files/credentials.dat

Filesize
226B

MD5
a9b34770da7afad6e8e34ca1d9994b9f

SHA1
a84b066dc59d19ef28e7eaffcfd0dec39a8f5295

SHA256
e406672e9b65e84e9df58fb56adcd557aa7123b3dd9272ac9b83102da0b78f79

SHA512
6e8e0aec0b9c89365dea900a9fa3fcdc2421dcb4c0db7767a30a44ac9b1d6753909dd97195c33c174ef20f788e3271abbecda7e5e0a4c8530abe8e1d08f2efb6

Download Submit
/data/data/com.contextlogic.wish.hack/files/lastCrashID

Filesize
8KB

MD5
81024feaf262edef6c246fbb45b62ab0

SHA1
e465bd0456f3d710e8361e3170c51522d6b29a1b

SHA256
739a7c074334ad102656d8479ffbbd6039419b2c8839bf4ee9d6f8a5bf9ce1c3

SHA512
85177efb942672bf8858c1b9663a9f49402012bd6598c5f55cf89a8169f5adc5a8c23d9f01e8dd0cab5b0faa3fc68cd935f5cd2d455f06885e074f4fe9dd6204

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/androidx.work.workdb-journal

Filesize
44KB

MD5
eb4e14a0db8a00d7b831a04361b21a37

SHA1
aa57298dfe2e50a471f5285d2341f3a78a32cc87

SHA256
ab34c96a4244aaa4e2bc6cd8757536469e878356e5298de7826983522fd787c9

SHA512
1d6fe295b63dac012f417fbdd28d39d46f300ef0a16edf9e66bc0d31e966d1f1d968ce90753c691842eaff52892e657eda8741ca06cbd34992e4a8ce23f73132

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/androidx.work.workdb-wal

Filesize
32KB

MD5
471505eaf3908ca11f8e3696831c5016

SHA1
b76238a46b864cc2eb9c41e2aa5663f35fbfda06

SHA256
10195eb694032a49284fe84be3366416ae0a5bfb8ac9a5885cbfa06943d2ac3b

SHA512
4a2d2d4564b264e65ad63b510ba1a8c8ff86bb684871d6088d92a19fae6559b096dd4215f0d450c99451510d6920cbacd3605f73fc5a1e680d7e2c92758d925f

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
7d78e437e58eb41a9ab48eb7f5d01029

SHA1
7a0de6d10aabff2be34e2cea50f4d1d2fbcf9172

SHA256
42f717789427db8586565db5975fd53acfb5fda60753b47694dad088227ce89c

SHA512
a05fbb1c5f25e1df55e7854960fe8273590a42807d1c52b4ccafc98924801967f4c620e7788c6d3edb2b43a9a86a337a5d123d79910174073076415ef7505ebe

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
56204b744aba035fbc900e3e96d6119c

SHA1
d6777770dfa01d7574c0e9cf36693c0ba68431dd

SHA256
06d0778b6b67438573e99191f34cca85b64e494642d8bc81f2a819e9281c1d61

SHA512
6d476bd4e797ff42fe5bf2fd23d32ce25fc0a3179a090c18ddcf2bb3b70046e23cf9962705f551ed852fe1e6637d9bdf14ccddd16b5d87c0b7d34816b575e3bb

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/androidx.work.workdb-wal

Filesize
205KB

MD5
96fdd650889a3406e8545170442b7d7c

SHA1
65fe6cb45e347fd00616cf272c21fa57aa673e52

SHA256
6e729be92d177e30e1a471c31af7ef5d0c608a4b05006a318782ded72cf19ccc

SHA512
f03572e9b48f8138b619b9e0ebff2a2a3fbf9de0b20f93cd256f14835bcf24363f756cabd5e0ad41c4c7c6f12538667f52575b6b5935a63745eba4604a204a88

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/com.google.InstanceId.properties

Filesize
32KB

MD5
30f7b8329cf261b56a950975e75d3b6f

SHA1
bcf33cbacb3b61460cafd4f7026f58915eb3ecde

SHA256
75f35514d3f9a70469232059de408caf807c1b4183ece63a7390bd27b54a547b

SHA512
54381f2d32806859ab764825318a3d97d1803b94b25658b6ea1a5e5dfb3a80a5197778a04899521af2881f87f70c5999c97d830766c5cbec60d9ac6d49fd7376

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/db_metrica_com.contextlogic.wish.hack

Filesize
84KB

MD5
44a0cf63181e87f041fc32b08be6622d

SHA1
1ade4c37a70bac19c1998d94c5cc0256967afc53

SHA256
29db664f3ca05073ce8f59aa298cbc7ff5ea07fb427288e2839cf451ec4d7551

SHA512
97821446c92d1dad0702e9b7d5f1bf62821eed013224f699fa6e7bed2ef4c67d9a7fe68ead49d0013106fe8db96496f949972328947268ad3a52a8baf76cdcf5

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/db_metrica_com.contextlogic.wish.hack-wal

Filesize
406KB

MD5
7e8149ca2836d1a0e7fddc62ad2af0bf

SHA1
91079f927bcaee6e2b432e64a5585ce4edcabd2d

SHA256
9ff606cdaba52e57deadfb34455ef76fb17c1a1734c18e5816904dc36a68c86f

SHA512
8f6ffb397acbd9e133e93a23d59a6ee7b558cf119f737bde2bf65d5ed705fce5feb7ab7254f1d5e237b6edcbe3bb18be6787961e54dc0ecca9bf10909c496388

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/db_metrica_com.contextlogic.wish.hack_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
a82c50af4ce23688f7f450364a2db5ff

SHA1
a53e826cab1b91e948cb072161744baad71d198f

SHA256
9e6eb616e7446c525e7331cd2a0c058fffd6281317b88911ec9c8665f4b070bc

SHA512
4c3b18e475edece17df5e70d12326d24b806e578b5f8885c15aa8334109a1cb9b8fc66d0642c59ea5ac4ceb0624338908dbb7f47410b0b52ac4e5b5b31daa62e

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5ae1dae9eb36649faeb07a94ca96e7f8

SHA1
9056cb35b999726d6576ef6ced55ca9228cb97c3

SHA256
62eafa0fe191047857cbfdbd6909930487f2216d260b4be27fd52e3cff6086d3

SHA512
e33d2cec8122673da3c8ffc788bf2984eac878f7dada265485d960a886ebfb00e17b12a30b546c959bc04c62a31d5646fda748df693e0bdafbb974abbbe77c1a

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db

Filesize
406KB

MD5
a51331f393184a1a26bd6d3afa38f05d

SHA1
e8995e8a0e45eba126ac12e14c473b35e4892815

SHA256
8fc332708c59889f40cb2f52cbebb956c96e6415780076bb364f78424e740bf8

SHA512
7df2312f0820b00f68a7a6ef3d15049008e5a26b7a6ff6a5e00078096759a81181da99b02cad7e5a4f4472301c241feea93095c4f8c0a18cf68f1da26015496d

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ac26a375d5d673c2a7b39bbe42efacaa

SHA1
a7384db83f153cce2cdd67a97a20df068f6ecd67

SHA256
001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

SHA512
45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
c2ed4aa83963d7fe817edf124c3aaf4d

SHA1
d7dc0c36d7cdf724a41f6cde391bf783eb5dc278

SHA256
0f7a71ccf570208230504cc69459352eef7fdce4283f12d3d2fe4f83c510a9a2

SHA512
93bb64451bfd0b18868f89b2a99f0d59433fea768cbfafcccc5dcdf8b2eec8e504d5c77391d5a5945e554cedbfe7e6e40bbe436e95bd45612b0d60317069408b

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
40acfe2bef464492723cff5fd290a5a3

SHA1
e778ffb1bde40573e00315931f0d20af4524a12a

SHA256
df99ddeb88be39113c29bbf9254a79b1f6cb04d944bdec3ab8addb924bc18902

SHA512
c786c8803c2fe4c7e487deb501b90d7a1cd9b8e5b51e755e4102ab969995842b914bc43717dc41a99d44a85f3683324108b75a7866bd9d9cad160002a279754c

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
f783dd81d8cceb903279dea0bf74ef09

SHA1
7367cb62dc8a488f3b1c91110ecb8771156159bf

SHA256
ea6054d66665a73298945f5b71ff35e9dd6ba00c36c94878d3a11b8102d2b95f

SHA512
8f08767022574e9060123a575263257a825f54a29e330ede76a33657977ee1df0ebf203d77f47354a28f272d9152a6ee5590937527216ba6f7aababbd402aa13

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
210e912d9e9355bb4c8212a45cd39cc9

SHA1
41eacabe591934521a71ff081521fdd9dcf976db

SHA256
8530bf8f793b345dec8b7c6e2c77419251daf905a2efcaad51cf233b27d7ab2c

SHA512
2ff12ead0737cb57f246c9a74291536861f0d55ce5a32395af2e928990c90ef7f630cfee33a2255cf2f402f4c029d1b1d1666dfd2bda7d01d50f2e9986437d18

Download Submit
/data/data/com.contextlogic.wish.hack/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
056e4d1667df7451d7ef7eb73d4ccb61

SHA1
44c61670f29ff78621d3fdb480f553354b6d310c

SHA256
eb7621eba43d90d16cf1b38c5ace46824df7a927ff9944b8c79d2ab2f720a10c

SHA512
31ee3b2894ce88debeea939ce6bb0dc56c49da7c4dc89f01a82ec95ced24844e929b25eb2ba420e32768fd93c60392b3313a8897e3b768d57ac863ff03cd4d7f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads