smsfactory | de032609bda6ab2da5ccf34923eccf0024f2342795a220f5e7ce8c14ebc87e34

Analysis

max time kernel
145s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/01/2025, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_7185ff85ec43f1a42fe89725720975fb.apk
Size

5.0MB
MD5

7185ff85ec43f1a42fe89725720975fb
SHA1

3f916ea5c07abb2308bb4e2f5391ac979998b4be
SHA256

de032609bda6ab2da5ccf34923eccf0024f2342795a220f5e7ce8c14ebc87e34
SHA512

fd184eedb6778943924b09f1f3e44fe8fd04ec15d9170144a0ae58066afbc8a075f0ff91c13e1bed1eb31aea407b20afa27cc1e543c0301b520f0cec88db34d1
SSDEEP

98304:9cOAB+dOZB9G1MDBBmWqMQhNgWavgu33hiUlnpxF1BonsAOAZBoeSNUSqf8SbZfz:ypB+dOZB9BDBBmWXcQ933hiq3TonsAO0

Score

10^/10

smsfactory discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

SMSFactory
SMSFactory is an Android SMS trojan malware first seen in Jun 2022.
trojan infostealer smsfactory
Smsfactory family
smsfactory

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.halfbrick.fruitninjafree.hack
/system/app/Superuser.apk	com.halfbrick.fruitninjafree.hack:Metrica
/sbin/su	com.halfbrick.fruitninjafree.hack:Metrica

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.halfbrick.fruitninjafree.hack
Framework service call	android.os.IPowerManager.acquireWakeLock	com.halfbrick.fruitninjafree.hack:Metrica

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.halfbrick.fruitninjafree.hack
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.halfbrick.fruitninjafree.hack:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.halfbrick.fruitninjafree.hack:Metrica

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.halfbrick.fruitninjafree.hack
Framework service call	android.app.IActivityManager.registerReceiver	com.halfbrick.fruitninjafree.hack:Metrica

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.halfbrick.fruitninjafree.hack
Framework service call	android.app.job.IJobScheduler.schedule	com.halfbrick.fruitninjafree.hack:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.halfbrick.fruitninjafree.hack:Metrica

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.halfbrick.fruitninjafree.hack

com.halfbrick.fruitninjafree.hack
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks memory information
PID:4266

com.halfbrick.fruitninjafree.hack:Metrica
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.halfbrick.fruitninjafree.hack/databases/OneSignal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/databases/OneSignal.db-journal

Filesize
20KB

MD5
0cecf09f18df057dbaad5d71336bbe5c

SHA1
9332139747c382b78c92fc363fee1e578c19174d

SHA256
ec06b59597b28a44cef2ab7910728150edad03bf1524c1a2087cf2647da8ffb8

SHA512
c15356bd05e91412024a648a5fe178d4097aedcb68a0309d01e4127119db7f390d84bc82b61e4f120183cb09b797f038060c75839784af5e43dcbf6c4b29f899

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/databases/OneSignal.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/databases/OneSignal.db-wal

Filesize
64KB

MD5
a49ddc05026021f70420e4d65bf213fd

SHA1
ac6e34b471fc57fcb1608e7e8fab36d86e5f294d

SHA256
34c3b50fc1300cafa4bbefcb08ade16ea1441a9479641463802d83f0f072a86f

SHA512
604e9e19f9dbb5f6eae675b40e0a58bce450a2dd4acac85a1600cc332c70898a277e341e5948bda3bb5d0da2105c960b7a0833b4543b3220027af0d2c3cecc1d

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/files/credentials.dat

Filesize
226B

MD5
4335813629a257d8cf78823ad802d28d

SHA1
8cdf457ce9446101bcf08676843337c9769cda84

SHA256
2ef19a4908b7a478db50b13d0bd88c9d6c200c5c2d84f7c0812d1f68d1f488ca

SHA512
4c9d37148600ebeab7553335cb3bcfda652261db18cb0038f73fe54e8683753316fc05ca9e02ff019d69ec14f9b8b6512f6c8220b92945da847b6cda3dfaa4df

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb

Filesize
44KB

MD5
378b68024a21f38832adeb393c951f42

SHA1
d79883486dc4a10493f7ec4ec1445d4efd974712

SHA256
a6620b1368bb825dd104e84e54eed395ab62feb8176dda7f72b01608d4acdfbb

SHA512
bf7030ef689c17223d4db7e1e8551a395629ba144065600a4e511a21e4d6afc0c478fc12d7aa56c11f4015dda141de561d589c264624cf0fc053eff64a89a0eb

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb-journal

Filesize
406KB

MD5
7f406b7d12ccd267e1ef2bc3ae6cca3c

SHA1
18650a21804e029f3d1cfbfd96b01b692e9d0f85

SHA256
1cf89618714e36b391ea62b799713a2fd64e0d6df4bf597a2345d20e5f5513ca

SHA512
ded0f2395a95b728e2db5d94cf2c5570253e6e9f10336675e1701e94d780de4ded1d6f8520cd6863391e9407a05de9aea6954443df90410c617266eb2296ef17

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb-shm

Filesize
36KB

MD5
405c24e17ecdc96c7feb55818dd46e48

SHA1
9b6e7da0c5dedde1c401be8f541560122e9febde

SHA256
31e9d579950bd14ef4d6d0a17b24f5dc948db736d9768f9d7dfc1ef30e6eacbe

SHA512
42cd77d6bd624f6aafdb07dc35dabc879ab5109d049d49cf1d2643fa9fb76c6ffe93a60801c6b0dff1a5fc71b704e2cb91e16aa776d650e3eff0a76b9847a350

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb-wal

Filesize
32KB

MD5
f7e3e588e8c54e6e99c205839fcf5740

SHA1
4bc89cbb7d853ed30343443d93652faaef508565

SHA256
db5609a7a33deaa77822663f9a67faf0376f106770eba7b156143bb4b4421895

SHA512
88a6758ca7805737ff9ddd4f1133e030320086a72725d40d331e9ad3f7f208415210e8f19f88f7dd083052d4b0b67b99dee04eb87f4f0df81ff809c96ebcb8e2

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
884bc04730ee4148ff67d5a340ca8df6

SHA1
e865812b03d91c93ee1cc37d2040c84654db3dfb

SHA256
841e7518930898a8931063e17bb75ce2c037f2ffa1ca14d60695101b5d9af122

SHA512
54dfd93613946e4bcc6a7e0acb8bcf5314b3260eda9182affc0b7f1b679ae84ef639affc04570ca882066eda1d8bc3de7671837e7ddaf06af9e88e16e28b5d15

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
21f53c78b0c08178e833535a05acbe35

SHA1
c23858a1b0182ed0e57b5ba3c12f9cc4e5d6f785

SHA256
5e76217d8d0d6709b844331aa33ac6fd87c0fd1214bba3662cc2710505ecfcfe

SHA512
7b5e5327cebd939562932bdd2c110cd1437ab60ea52641931fbe98d897c7cd0af6b79692928f2c7b57bc49725b21314bee42cc49d8b759af9360004322f7d39b

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/androidx.work.workdb-wal

Filesize
281KB

MD5
2c56c1a7038aaf20bc912d7227b3a0f4

SHA1
a4de002973dd64e527a564c2c192a19d8a208aaa

SHA256
ff2aaf09743dc3720c2b0e2970ca1f25ad9bd5f0e645306a8a16606a5a99c66c

SHA512
7eb3f7eb4779f9885ec5d69b50fd6e3d723a2655e855b30435730319d367ca7123600d1d65f99341ea34fd4fb41d7d8e1805dfa6650afea8ad3c5fb56285e31d

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/credentials.dat

Filesize
20KB

MD5
777c344d7f682c644f5a2833db5d00f3

SHA1
a1facdffe2146ab41ffacaff1887f0d90cd30a16

SHA256
eaa8af469489fae37f7e50e4eb7403263ee57084fd468128f6d5df09c2a1449e

SHA512
2d9fa9150142caf1ed32362acb7d6be0b3d437c6d662856de59e19aa0f83c3838df61f8598ce746b2c0347b6da483aa7a9612795027d149543147ff000e7c627

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/db_metrica_com.halfbrick.fruitninjafree.hack-wal

Filesize
406KB

MD5
a5cca36d7001fba71f8a0574c1e19eed

SHA1
bafba708a2c2fec8b57a635fa071545c27bd37d5

SHA256
19ca56ed17c876691cc13e8383d518feed139ac155345a7d0a0d9deb8960688d

SHA512
d35c02bc0600a34fc4733c37e9eb07a7c6bb50b443e94252ad5c4aa7f3e29af15f8d55817ec37023f0e3593c124d18c5fe8987f6656a937a27eb0e244a7bd2e4

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/db_metrica_com.halfbrick.fruitninjafree.hack_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
4KB

MD5
72605a010d57a053532b983b72380359

SHA1
f535872dfa9b2572c6374214e3a22acb95be364b

SHA256
2fda577fee9d2ae9f6778e2500099f30acb68cd583a7d3b7c4f0a894b4f8b977

SHA512
6700ccd5f662cd8a0394ccb83a4e6e950f8ce43b5a35273460a2cd8a629513ea88302ff679e11bba61c742a17de6d658691b04581465fe998c97a4699923dee6

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/db_metrica_com.halfbrick.fruitninjafree.hack_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
5b659487aabb9be54e9be3acc2e700d1

SHA1
28293320ef84b697438d15142824e5bb5d65e265

SHA256
089c3aaa59258222e1ca895143b51a5e7210e4485ef6d94dd54266df2c53d9bc

SHA512
b46cc624ab2e2dd2de69666bb9430c3eaeb01942ed5964283b9f25b6139668c43a8c7e286396fb7eb351d526ff0f01bd5d4f6e5a3ec8a6c75636148b441e8e63

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/db_metrica_com.halfbrick.fruitninjafree.hack_20799a27-fa80-4b36-b2db-0f8141f24180-shm

Filesize
32KB

MD5
e048975b3b8146b74ea51a3ed3e1ac86

SHA1
761c78fda53fd4c8d2a0b66996178507b0574426

SHA256
557e968a4c4e394b21cbaf79799bb33dd8ddeb26f154c966a05d2c171d0f33d4

SHA512
dc05ee866203eb2da9e1252fcc4ba7a12c63022512253d59098460f1db097ca7126bc3c8f43ed907ed1da8669935383a330b52002053fcc1a00df0fd2cbc1412

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/db_metrica_com.halfbrick.fruitninjafree.hack_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
269KB

MD5
55adcd273328e2eb1cc9243ef933a48b

SHA1
32916905ee17ac3b7d45dd9c328f0a4658fdbc9b

SHA256
76808e14c3093353b425904e7206599b9c05a49ddb62be4d5584461686a78e95

SHA512
4b8fac718af486dbbc4d762d1c4239024be35ef5afd21e1e39eb621b8ed4baee5ef250c11336fc568afb1bfccfb13aea4308bbfabaa84e7468d3408adf69c843

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
73b5217dd04786c153216a658477a100

SHA1
9f31bea37f6b15f9ee13e39446f2293403bb3e11

SHA256
ea1180b2cc2154972771744cc71a5284325326d0b3ca0fd7e505b51b0209f11c

SHA512
b387df707cfefa42b2530e7035725203bd623e03352ff11a9075d0b868c79811e42bc7c4ae0191e827a0d188f892547353ddc2e50f9cb67ad581cfc5f1c74eff

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ac26a375d5d673c2a7b39bbe42efacaa

SHA1
a7384db83f153cce2cdd67a97a20df068f6ecd67

SHA256
001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

SHA512
45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
08bc87b6da82e16524fa3eb169c0ad8c

SHA1
daa42e4d0bbe148f38b2c84a0ed2c7987d07b3f5

SHA256
4c3c4842ac55ba72334fd93536cf1732ee508e91ae8abf1a1c39a56696897896

SHA512
9056d722096d0334f28edca5f8263de79d7356bfff1e0b8682e270c8a7fa43b082de4b8b5e4af52dadd7db2e092668db521584cb7ea25113a7fbdf9da29f9fb0

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
20b115d6e96a7360c219af48f7d9d52d

SHA1
eb918eaf51fec75611a7b5880ef77ad547b8f2b2

SHA256
ee40b6268c0c9925642378be431e211f39a3daa6cc5d63a1d97f442e74e2d192

SHA512
ce81b2a76b1adee9a5d8e90b971f393dd5a478a136c6aebc450b34caadf0d58c3f6764cb8803d7988f22f6a4ea4d6c5fd4325039ead9f6128023b185024e3e99

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5ae1dae9eb36649faeb07a94ca96e7f8

SHA1
9056cb35b999726d6576ef6ced55ca9228cb97c3

SHA256
62eafa0fe191047857cbfdbd6909930487f2216d260b4be27fd52e3cff6086d3

SHA512
e33d2cec8122673da3c8ffc788bf2984eac878f7dada265485d960a886ebfb00e17b12a30b546c959bc04c62a31d5646fda748df693e0bdafbb974abbbe77c1a

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
37d78241cbb43e9d89cff2f4559b9ec0

SHA1
dfdaf5cf2df9262114cff31c068417feaa45bf97

SHA256
a2da650c6539c8e3f47acaf4000c5e1b64ef4dda9c79bd8356670eeca5a316c2

SHA512
4bc9a196e6d01be3c207b04556b125c59a0c697eacbc1e1e4ce0a3bab79a5cbd9701d7214f5dbbc1ee8d0072a63d56c48c3d19ea524cfa591275cee1ecb2a343

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
68e8db4efb5ae0176f27c053cad57c4a

SHA1
5f946f854bf880e7b90f9e1796e6d1493cdad671

SHA256
58d01d7600a4e2ee56a8c5655db48f201c6bd4d8541e5de64d0e55ce540e4cae

SHA512
7aa83a1c93a6a8ceda5f5cf273f1d92d1ff96c74cbb162d00159c75a3e2cd55728ca864b6b2c758dcf64264691afb748ae7da4dc36f0e3c9e5add803366c36ab

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
f11ffc23ae2fbfe2b29a9a6a60b933ee

SHA1
bfb017f4f4f4504b6e640f628697fd1f35fcd632

SHA256
9881731298a181de79086f37b606ae03b05a6281b1ee6ece66491ca1d050198d

SHA512
ab428113683d6565e8fcbacfe297a174e2a66b9f8335a2bbc82950b910417c6853f80a616ec6936fbf81ccc63f42867f9ac1d46510983f6148c9750a2b24c2a0

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
b541220228ed3cc9221c33c98a05d78f

SHA1
807bc46e8a0597c30898acc67369a0e798749441

SHA256
ac1452357e9c7371c2f45c46ad066b66ce3c727a00cd9abc33d663be88dd5169

SHA512
68ac7e8fd9092f3de0ee9ee29965e7d70c195318aa9f7916fe480c9cc8e85e4c529e6a5d616ddd1d1efa57df8be049edf0bfe31f8ad003332505ec6280cc648a

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
e095a43ad420bf79e4d3959fd283de55

SHA1
6a4d019e870ad92e025bcc127725c97a70d19890

SHA256
ef7b264ff421273fb7e8a123da7e342acf43497e15243100631a3f4fade9ec65

SHA512
7af5c448f3bd06c451d019e24653883342d526952d1000d0a81bfb7579db09289024f6217718e3209afda18ed439e4fc4b3b0a3a0834601e1a8abaecf8516707

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
ab70708c2d816ad2a5498f04e8e79018

SHA1
dfbe99e6e5c7c52ed27aafdbe44bf9c4a5f1b3e4

SHA256
63ce79944967ffa503e27e35ae6fd55a18bea29165e5d766be56cb4b88908e65

SHA512
e744dced3597e609d9425cb9170737224e16fafd4c1c3dc6fab7d46e232c12eda01675c2b7933caa7b6120fc06c42417e88000a8f5d200e5ce89677698a36b3d

Download Submit
/data/data/com.halfbrick.fruitninjafree.hack/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
0cccfca17e9c3373f24240d23b08960b

SHA1
8f50dd38534ea5655723cfcff806fe84a1b22572

SHA256
04e1c47b1328a14fd80ae39345d10f483722fb79f6b9fcb40ea87ee0de32d541

SHA512
92855eef9c729bad3aab73de86a0ba8ad2b0bcff827dcbb35206fe714ffc6b0f34825aba8ea11f3418a1fdb056a508317530b756ecfbc47c59f19972793c746e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads