smsworm | a96d4c2d7ecaaaf99b8c045139555aedae62199d4f595d904c982738774cd8cf | Triage

Sharing

General

Target

A96D4C2D7ECAAAF99B8C045139555AEDAE62199D4F595D904C982738774CD8CF.apk
Size

28.9MB
Sample

250414-t6q3fstzg1
MD5

e647ba625bab420ceb912af32459f039
SHA1

bd09351d20c1058691823226cf4af06675af6530
SHA256

a96d4c2d7ecaaaf99b8c045139555aedae62199d4f595d904c982738774cd8cf
SHA512

7880b8fefb5e19cf6c51e71b40f7407e4c4c8ee21ffce2f02d7e7627f322d1ede13c944781a1e43cba6283c636582ca6c7e6ee8186f89467ab7d8d52aae4977a
SSDEEP

786432:Ug2gvEd8aGYJrmsUsvsPmmgeAIqRvj3lX7tqr3G7E:UgbvSPGWjRvseKXu3lX7tmW7E

Score

10^/10

smsworm android defense_evasion discovery evasion execution impact infostealer persistence spyware trojan

Malware Config

Targets

- Target
  
  A96D4C2D7ECAAAF99B8C045139555AEDAE62199D4F595D904C982738774CD8CF.apk
- Size
  
  28.9MB
- MD5
  
  e647ba625bab420ceb912af32459f039
- SHA1
  
  bd09351d20c1058691823226cf4af06675af6530
- SHA256
  
  a96d4c2d7ecaaaf99b8c045139555aedae62199d4f595d904c982738774cd8cf
- SHA512
  
  7880b8fefb5e19cf6c51e71b40f7407e4c4c8ee21ffce2f02d7e7627f322d1ede13c944781a1e43cba6283c636582ca6c7e6ee8186f89467ab7d8d52aae4977a
- SSDEEP
  
  786432:Ug2gvEd8aGYJrmsUsvsPmmgeAIqRvj3lX7tqr3G7E:UgbvSPGWjRvseKXu3lX7tmW7E
Score

10^/10

smsworm defense_evasion discovery evasion execution impact infostealer persistence spyware trojan
- Android SMSWorm payload
- SMSWorm
  SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.
  trojan infostealer spyware smsworm
- Smsworm family
  smsworm
- Checks if the Android device is rooted.
  defense_evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
- Checks the presence of a debugger
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v16

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

smswormdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencespywaretrojan

behavioral2