Overview

overview

10

Static

static

7

948cf9fc62...3d.apk

android_x86

10

948cf9fc62...3d.apk

android_x64

7

Analysis

  • max time kernel
    4044785s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    05-11-2021 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    948cf9fc62ae7dc722592a72d4527a36deb3b64060c6e2b77e515d3106eeb63d.apk

  • Size

    17.6MB

  • MD5

    dea3e4e66f6dafec1298e5c2cc1c026f

  • SHA1

    fe59e8d000bb546fd3c8e59c25d6a9904506c994

  • SHA256

    948cf9fc62ae7dc722592a72d4527a36deb3b64060c6e2b77e515d3106eeb63d

  • SHA512

    f5147ac8bcd27c67daa48de3506af92f13362b489775b785e00edbc349bbcd0c6331e4a27fe0f2e8b06c0e0b412a13fb21b95ca6016a4749ac0d55e4b58dc2f4

Score
10/10
agent_smithadwareransomware

Malware Config

Signatures

  • Agent smith

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

    adwareagent_smith
  • Loads dropped Dex/Jar 6 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.quanneng.babyvaccines
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4843
    • com.quanneng.babyvaccines
      2⤵
        PID:4892
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:4892
      • com.quanneng.babyvaccines
        2⤵
          PID:4992
        • getprop
          2⤵
            PID:4992
          • com.quanneng.babyvaccines
            2⤵
              PID:5079
            • getprop
              2⤵
                PID:5079

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.quanneng.babyvaccines/.jiagu/classes.dex
              MD5

              b75f0867f6957a37ffaf94df95d2a5d4

              SHA1

              58217ff3d07d2c689d98a2eba0555b86b2f74fe5

              SHA256

              14719dd6475c5bac99b7ab6fbff138da9b50473de3a5968a2eb61b567fe255a1

              SHA512

              ec496c1a44c5eb777039868b321505d6d75c6af6be302521332d8f0835f42c22b9b351066fa4d46e5071e0a4dffa09c4a6b5ac694fc34de0731a2f887877f7a0

              Download Submit
            • /data/data/com.quanneng.babyvaccines/.jiagu/classes.dex!classes2.dex
              MD5

              15ba02a4d7c7226571a8a8b69ec456cd

              SHA1

              8b62ea87539407e0d6b4dd9f6818bf3be5c7da29

              SHA256

              ddd15e4456ce5bf0818633ad948f8bd0f9cb70c97f080ca83f8129b000f42d38

              SHA512

              e9a1c788c38ca64aff80eca5c587a014a5e0b29a70d3666a913cd78928d50f1886cc7071de1e3e85d422e51d48b98bb5166e4279351966fa9804b3ffb0cf326b

              Download Submit
            • /data/data/com.quanneng.babyvaccines/.jiagu/classes.dex!classes3.dex
              MD5

              2261b95a8caad0ac04a6f626dd28d2bc

              SHA1

              de3aec21246c061e38b377d89d331f09dc22f140

              SHA256

              ec9c034c36f51bed4e03aac4bf5f8720fae0706d7f4bc1a1c258f76bcafd2cf7

              SHA512

              d40b3a90df674201f81d759a3cfb386b9bf538eeb413bb700ff92f024087d847655a29baddc41fe4eb87eaed602a1a015a27c1123d8b0d98df81d031989e9773

              Download Submit
            • /data/data/com.quanneng.babyvaccines/.jiagu/tmp.dex
              MD5

              f1771b68f5f9b168b79ff59ae2daabe4

              SHA1

              0df6a835559f5c99670214a12700e7d8c28e5a42

              SHA256

              9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

              SHA512

              dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

              Download Submit
            • /data/data/com.quanneng.babyvaccines/.jiagu/tmp.dex
              MD5

              f1771b68f5f9b168b79ff59ae2daabe4

              SHA1

              0df6a835559f5c99670214a12700e7d8c28e5a42

              SHA256

              9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

              SHA512

              dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

              Download Submit
            • /data/data/com.quanneng.babyvaccines/.jiagu/tmp.dex
              MD5

              f1771b68f5f9b168b79ff59ae2daabe4

              SHA1

              0df6a835559f5c99670214a12700e7d8c28e5a42

              SHA256

              9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

              SHA512

              dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

              Download Submit