Analysis
-
max time kernel
2275711s -
max time network
19s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
02-05-2022 23:14
Static task
static1
Behavioral task
behavioral1
Sample
009ee0e2e4badcf3f6955e2ed7499bd2cf135de656a52ab7e1ec65f357ece9d9.apk
Resource
android-x86-arm-20220310-en
General
-
Target
009ee0e2e4badcf3f6955e2ed7499bd2cf135de656a52ab7e1ec65f357ece9d9.apk
-
Size
2.5MB
-
MD5
1bf50f8d7d318244fcda5b3e9dfe2243
-
SHA1
7a1fd089501a6f770280bd8fb1eccd6f436e057e
-
SHA256
009ee0e2e4badcf3f6955e2ed7499bd2cf135de656a52ab7e1ec65f357ece9d9
-
SHA512
f517d49b9ddc3d98bad931a26255b935b9e29916bdc32d44bbebafb911f13407978d44877784a8efc9d73a8ffa330c42b865d3480355d096df7c0a749e3d0aad
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.dfoiej8.ccsdyiadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.dfoiej8.ccsdyiadescription ioc process Framework API call android.hardware.SensorManager.registerListener com.dfoiej8.ccsdyia
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jarFilesize
35KB
MD5e1ab911d4b585a26aae02d8540575013
SHA1ac148f7bdf95edddc97d9224ff51a771f1070520
SHA2568a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca
SHA512983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xmlFilesize
122B
MD576a516ec620e2508e512a673a58347a3
SHA1386e9ee5d38602ebdca74bc24b24d75b1a765e8c
SHA256245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5
SHA512e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xmlFilesize
169B
MD5cd08d25b5df03b3e313e72805f87769c
SHA1786afdafb09071ea4af35aacc67ecac259dffa4f
SHA256a644b2cb2f51a7ca5cf34aadccbc40c83d5080910b76d2564776e1ea9ca8cd41
SHA51230549917a4670f33e6371a09047630e99ab7311649998a3c2d32e2587b6c5bac24174579c70aca97992d92b8ee5c848bf12e9796acf0897d89da59b8968baea2
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
111B
MD5fa1b5e3ee2fab2be5e97a4a480fd1dfa
SHA1ca721776a13ddf15332044608a446e2f7581c0dc
SHA2569e969a23941a9540a09269c747d17ac568cad58621086a7028adc7838b0ad614
SHA512810666f140726367896f9541aaf375f5d2c462cbcc5414816feeab34455afbf1129d39a44add4ff91c6c720b38389642cf3566e95071faac74f45bce8503478d
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
171B
MD5c9d5d459cfe05ae1057477d11a822d55
SHA168fbc3391d01cb6b40de0d587fd20014e51574b6
SHA256db5d11a42a97f0a7cb71142ab582b6a25b284ea7b7ef0f20e6fb9b8fa412c4f1
SHA5120cd8a97a980f1c1b944907b4a4e12c7a7522234b13d1f17ac209ee1e0d8f0b6b718d59a0c6d98fc2fcf56ff2bdf88566a02b9c531cd4fabb515ee68080f6282d
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
236B
MD545f662880352c78f21506cbef38c8cd6
SHA1202017977a7b04d73d4bd5093066dc80cbeceb4b
SHA256a59ff99065fd1b286883eedac63af22de181a6ea720c4659a70e02eab8731689
SHA512a637224e40227a8c8b8909dd9133d99239247d9fd6c6e9ecb3217d779a8829d3d2880b6799cdcf809bde9cb2914a9cd6105ff404863808a461ab8eac424b3c15
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xmlFilesize
390B
MD5324cdd9e86b8fb412defc558b036680e
SHA18f54afa42baf41d538f0f02bcc9c4e8e0106723c
SHA256234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa
SHA5122b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc