smsworm | hxxps://freerobux[.]en[.]uptodown[.]com/android

Analysis

max time kernel
60s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
30/01/2025, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://freerobux.en.uptodown.com/android

Score

10^/10

smsworm infostealer spyware trojan

Malware Config

Signatures

Android SMSWorm payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-5.dat	family_smsworm

SMSWorm
SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.
trojan infostealer spyware smsworm
Smsworm family
smsworm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4282

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Download/.pending-1738855328-freerobux-9-8.apk

Filesize
9.2MB

MD5
52b434458db994225d86bc8c0d9c1620

SHA1
4f54b4c9488560152e70274cfa5c8ffab121eed9

SHA256
50ef90d98efa89fe89ec11418bb94f8e0c63b8b5c8b7583dfc9eae62a401d82a

SHA512
2fc51a090ee7335154915c6f0bf8a77f8c0d6c90005e8ddfda4d87360d50ae5c89b16ed89d9eb64a9a57fa27aaef07c1efbe31038b076acd81e3c5f1b5973b79

Download Submit
/storage/emulated/0/Download/.pending-1738855328-freerobux-9-8.apk (deleted)

Filesize
591KB

MD5
7982a95eb75d2aa95f83c44cc0edc8a2

SHA1
a3f1987e05af1c85f8f120c7520fa72bccaa5d18

SHA256
f56eb4af84cd4504800b6f9724ee335663e39862cc17d1be52d83928aa172f78

SHA512
bced1c0f673865479bf6d7d026e39161f6b9cda7a07f1c8b5231f465ac07566736a2ccceae306c5a5ffe06b5596bafc5d18f0e893d72f878bb0841fca4c03078

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads