agent_smith | 613088915b8b337aa174d6af47f1621e56ba47d2b065da4aaef4686ea5301c16

Analysis

max time kernel
3727355s
max time network
122s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
29-03-2022 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

613088915b8b337aa174d6af47f1621e56ba47d2b065da4aaef4686ea5301c16.apk
Size

2.6MB
MD5

1b82820b013c32fa276801fa6ca7d868
SHA1

10e7ea703208eeb56f33fb8f2fcf1ec2af2267a0
SHA256

613088915b8b337aa174d6af47f1621e56ba47d2b065da4aaef4686ea5301c16
SHA512

093609a94021809d323c09ade58a7176bfc9b0218d37b3efbf6452427b21475a640d324a5f3e6d420776e9e34b3ab23b77ca0573dee70488194b437ee27521c9

Score

10^/10

agent_smith adware ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.qqxxzzv.jsldfuop

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.qqxxzzv.jsldfuop
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.qqxxzzv.jsldfuop

ioc pid process

/data/user/0/com.qqxxzzv.jsldfuop/files/one.dex 5118 com.qqxxzzv.jsldfuop

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qqxxzzv.jsldfuop

ioc	pid	process
/data/user/0/com.qqxxzzv.jsldfuop/files/one.dex	5118	com.qqxxzzv.jsldfuop

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.qqxxzzv.jsldfuop

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.qqxxzzv.jsldfuop

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qqxxzzv.jsldfuop

com.qqxxzzv.jsldfuop
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5118

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qqxxzzv.jsldfuop/app_jar/lpdf.jar

Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_jar/lpdf.jar.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_jar/oat/x86/lpdf.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_jar/oat/x86/lpdf.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/Web Data-journal

Filesize
1KB

MD5
7d9652ad0b8d203b5afd18e3483e290a

SHA1
feed296d1daf1ee4a99ea6a883ab66c47655aea8

SHA256
c0c9d6b341b3ad5d58116c377c36e755e569593fcd058498b74d73c15be28284

SHA512
b10b0c80760fcf4204dd2d1fcf1b9d651db67cb084646616562d1c37a456c8db2c6526a7ffcc45d44adeb47649c5031e4348c2988ff69dfc760eb422925e87f9

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/metrics_guid

Filesize
36B

MD5
0ce3720b4a6edb185605e996b2068ccb

SHA1
0ef8c39a16b9bf946ef6799d4ff65540ecdd38bf

SHA256
8209ae33d303867fff85689a4e123d347d719f35b9baa8afc0191b07c57854c2

SHA512
78b3658ca055d0bb8020eb11622e7f3f40cf1dcf95872e5def28dce702852f94d5a3c7a60fecad8623ad87c1c4c30fb604996210f7645512aeca0f0220afb094

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/jiepayplugin.apk

Filesize
45KB

MD5
c83e81f064fbbff6870210fcc9abcf6c

SHA1
65f94be4a62160065ff192b9baac02da3a293031

SHA256
fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9

SHA512
100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/jiepayplugin.apk.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/oat/x86/jiepayplugin.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/oat/x86/jiepayplugin.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/oat/x86/one.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/oat/x86/one.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/one.dex

Filesize
84KB

MD5
3253d9a3e924311215ed5fc1d4f819ba

SHA1
77cdb93e01b6098d3abb1ce58b57e07cab89b0ee

SHA256
ea59f7861ac9d24eefe391ce9896160c31f6817ae3fcfeb42a503cd1e5640644

SHA512
63a2f3d0af447f20631e7c031f8bb6a167bc2595c50d3c835d0eff05a4a281a2b45bb10198e5339f39d739c16b2ee9e5fbba9e763ee8cd2799f958ceae6b2abf

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/one.dex

Filesize
84KB

MD5
3253d9a3e924311215ed5fc1d4f819ba

SHA1
77cdb93e01b6098d3abb1ce58b57e07cab89b0ee

SHA256
ea59f7861ac9d24eefe391ce9896160c31f6817ae3fcfeb42a503cd1e5640644

SHA512
63a2f3d0af447f20631e7c031f8bb6a167bc2595c50d3c835d0eff05a4a281a2b45bb10198e5339f39d739c16b2ee9e5fbba9e763ee8cd2799f958ceae6b2abf

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/one.dex.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/files/yypyda.apk

Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/shared_prefs/info.xml

Filesize
460B

MD5
0c2d9f0dbf491a0d4c1eebded21e8c3a

SHA1
1ef52b44f381944ac05f01af208333a02604baec

SHA256
b43ddb6cc4c9659d011963a07bb2be5d13d29500ff7d5b6a4fe64c7effdba0a1

SHA512
169e21c13960bc39047e4387aaf95cf5b2177f13f1350c7fdda564169118e970df270d42871c869c995e542dbb6a6f6e1ea541c6d4808d190147a7b6ccfd9844

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/shared_prefs/umeng_common_config.xml

Filesize
111B

MD5
b14bb40ccc9e5f9f83cd3b230ed5b512

SHA1
b84fcbc09d4a3fb6428aa551d9f628b5af666369

SHA256
ab6b36acc58c7691eb799350c18517270e7c05ab18356d91258eeda2f7ae8d6f

SHA512
6fbd134b5306c9958d9a9d48025be2c4436d5a9941244b2d5cc5a0af2bd1c3c858c00961e6a5548ed6cf8f6e19f739a01b48375a71bf2b28b533a20c325cf1cb

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/shared_prefs/umeng_common_config.xml

Filesize
171B

MD5
44e89dbb009a85117af30548cfd30487

SHA1
7a8fe4d09b36468bc8b38ce57eeaed0aa056fab9

SHA256
4fc20f9f168488ed4de0b64950280f52d602f82f145fac01ac8106e0887cbd04

SHA512
08aacb6e86a73659d3eb5c29c308e3e41852104e854bf949287a550f1bdf1e7c8fbfad5443ec8a54d70bbb6c828e04b80bfdcd0dbf20b7abbe51f832002e2d5b

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/shared_prefs/umeng_common_config.xml

Filesize
236B

MD5
ceb395048ed00c48de20ac18efd1675b

SHA1
ec41b799eaa5d45c6191161c362934845df57bab

SHA256
ca6296c8f294d7407c7b37e16ef1875721e2d22d845f87fa2836c8e5ae0cb022

SHA512
3e39a9b559a7314f6433e583ca1a18bd4e90e463bef2dca39b29a8bd28c58a6fd81403206adf1b2ef952430a7d9fe542547d9f4efd68805a66bc9817d0ce4615

Download Submit
/data/user/0/com.qqxxzzv.jsldfuop/shared_prefs/umeng_common_location.xml

Filesize
390B

MD5
324cdd9e86b8fb412defc558b036680e

SHA1
8f54afa42baf41d538f0f02bcc9c4e8e0106723c

SHA256
234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

SHA512
2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
6fafe2abdad6c70195b802a38d9b1453

SHA1
96aecdd96dece3928b1d779c9a9390aaa6130b0b

SHA256
7f6f6d0bf8f785f9926fec49ee46acd276357e3e66782d5c53d45dd143610537

SHA512
70f7467827099714a51c1e87b7e3a782e7e091c07f904fd7b4eb55f9a993957d723617d6ad85db8b551f58712b278c6fffb6ccb89dff5fedca3b85f0060bc0b4

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
2add830fc14d132732ca871a35d4de8a

SHA1
67f2560c6cb2917fbf8a76eb8280642f94727cf9

SHA256
ba93faa00aaadad68f139fc69a264b5842ca10da6c9fc989774ff3cba15361d5

SHA512
12ca0ffe4df138101bd0b1c4767704e4895e523c9d3ad2929d44fdbc9c3b588f634daeac2d551ed3d7cc2ef77d383cb70ac61b3ea5394a162bc117392e578fd5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
4d4cf8068031d2e339e44d2903b1875e

SHA1
90aed389f90963abfcff635bdb851f1466311bec

SHA256
2c69e5367d12fa25ab9a5ef0fd4c9ad2fa7bef5f5f8c96d33137f405b555adca

SHA512
87dd7653db666530642ce99eed58cf98022320d785641b0a832ea8177c3e71a27523819b6546857a87d8080d5e2417038914378e87ef749d6c9ac3debb82d140

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
f2d70a2de2735d26b1e8be4f2821019c

SHA1
5b8201d91d68e851c59154ca3a19f5332f3cb4a0

SHA256
c4f047e6c6348666780aa803f0f091a33b26fd8639348514a26262104f8bfcb5

SHA512
09c9b489f70e9e730363e1f5f98d34c6222553630ed746640b6eb12e721731df7b16d3d531470798d46422e54f690e743c0a311ed22ec06e18a73ce483baf562

Download Submit