agent_smith | 23b601a25a5fcc28f56f9d72145973fe8f830355c26f354094759eb010b40a42

Analysis

max time kernel
2243524s
max time network
20s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
02-05-2022 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23b601a25a5fcc28f56f9d72145973fe8f830355c26f354094759eb010b40a42.apk
Size

2.4MB
MD5

22925ae7ba90c2c0406abfb0ea7149c3
SHA1

daa9553302aa53d54dfdaa5dada8fcb1f8f04a73
SHA256

23b601a25a5fcc28f56f9d72145973fe8f830355c26f354094759eb010b40a42
SHA512

21a0a4b985e6f8ba8a520cd6327e59ea241688abc041a5a8c0b4a5606041a2402d4734fe6980cc65b4e833c7b748c26a0bdaf113ecc422376a42502485656140

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.yumer11.ausdiue

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yumer11.ausdiue

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yumer11.ausdiue

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar --output-vdex-fd=119 --oat-fd=120 --oat-location=/data/user/0/com.yumer11.ausdiue/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar	5526	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar --output-vdex-fd=119 --oat-fd=120 --oat-location=/data/user/0/com.yumer11.ausdiue/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.yumer11.ausdiue

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yumer11.ausdiue
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.yumer11.ausdiue

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yumer11.ausdiue

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yumer11.ausdiue

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yumer11.ausdiue

com.yumer11.ausdiue
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5309

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar --output-vdex-fd=119 --oat-fd=120 --oat-location=/data/user/0/com.yumer11.ausdiue/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5526

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar
Filesize
69KB

MD5
61503c78bfaed115dc65f007a7461ed1

SHA1
e989f0a0abe36a164feb51d6419eb1d10db3fcc0

SHA256
f9eede33f737a4287b1412412c47a8eafbfb732f764fe18cce955c4a28d3d2e4

SHA512
3c59c6deaf0c0d0aa559beec62fea04a8021d471ba92af656983f6ad72f1a07af25a3d886b1c2783cecd802bf865c6100c459eee83e963cee95d834e643d2014

Download Submit
/data/user/0/com.yumer11.ausdiue/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/Web Data-journal
Filesize
1KB

MD5
5dc0d74a0b593cce9e19f4416b7f6360

SHA1
4dbd6e3c1c76e595656d8b10776c20342cc57553

SHA256
6a26130b39dde507ce0d32fe1e2dcd85341ad2942d5048305ba24f87c8b06f9d

SHA512
0fe1084cdbc10bebbea31646343047b3e6651c7393d46613ea2c0638f51cae50b4dbe75c9bade3c3efecef838f25c6328a68646cbd3586a9426d186de9ec26ae

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/metrics_guid
Filesize
36B

MD5
bee0317803b56f05f00531bfad13bb67

SHA1
63d9c6360e7b9011746eb028b0bf9a3e9981028a

SHA256
7bad5f5ece9a3bcb5c4fa8e0b8b9749f28135543043fe6df2bfc4ee85198a2fc

SHA512
036014c0fbd4cc56f8f6695c3360309fe8cd8bec15f59553b5629bfa790c2c34d62268647fdc27863b2ed6bc4493a23190417b468c8a87242c7c3797fa124e92

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/files/jiepayplugin.apk
Filesize
45KB

MD5
c83e81f064fbbff6870210fcc9abcf6c

SHA1
65f94be4a62160065ff192b9baac02da3a293031

SHA256
fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9

SHA512
100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164

Download Submit
/data/user/0/com.yumer11.ausdiue/files/oat/x86/yywda.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/files/oat/x86/yywda.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/files/yywda.apk
Filesize
35KB

MD5
e7f60d676d27306924ed35124698dbf2

SHA1
3aec5caf42c0cd6b262e7a9b5fe3da29ecd1f958

SHA256
82491bacfcc1fba3c0c425b37b1152e2e428255df1321ba1714b1403bd08563b

SHA512
e6d49fc8c233068756782e1c11b28b4a8b6a5717c65e6d3caad6a0967ff999cdce9298f090ab5d6f1098d591382ca24eb80baf0f4f0dbe37464ac46df152f401

Download Submit
/data/user/0/com.yumer11.ausdiue/files/yywda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
2eaf1b50441f9c8cb4b7b89476e754f0

SHA1
cf4af930a6762f5b606138af8cee22c01cf76424

SHA256
5e82b2bda3fd21a2ee833995d374723860020141440c16932925c34d1d953fef

SHA512
25ec7040480a2cceb9421897d10a95a635bd1afd105ccd0a3c1de807b6b61cdcd31840186d1750964a8d9026c16c7f0b9d2273951f9274d712a9860ebe0a5d43

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/com.yumer11.ausdiue_preferences.xml
Filesize
143B

MD5
4641b3d164ee1c8c533b47c701273eac

SHA1
5f99411fb55f25163bb1c747857fd9fbe253ea6d

SHA256
1c346eae1de32b19a4bec7f7221fd4be987ed5b59f3c9ff58aa03c7f52bd29bb

SHA512
bb9d14a44f63e61b13906814c49d0623abe344214c37dcd9eeba82b09303f37a1eafcd16f2f6172b32d32e79a3c0be36bf78c3709959059ff8d86f380c4cb51f

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/com.yumer11.ausdiue_preferences.xml
Filesize
200B

MD5
0685e79c0ad552f0ee45bbfb235a260f

SHA1
9876560616f22232762f4274ed850bcd2e1a5b9c

SHA256
822dbfbcfdf565f08ede6f8c622e1b29dedecffa1cea2ddf6223246540335823

SHA512
dd8edcbd5951bb20e04f8869954c206a9a6cd3807e99f34921234ba28bfa31b0f6fcd31ae6e4d945892e1e144fae2b2a0cb438ff67bc8651bdae66f3dfe814ef

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/umeng_common_config.xml
Filesize
111B

MD5
6daffb96ad9332cc8c37a07384e37b31

SHA1
32e3562f2766a8fd32118ff0adb89562b4ce2ae5

SHA256
8044f5b88f689302118820d468539f830b74a12340a49f0da4a2d7c652f05d66

SHA512
cde2b7c4e2a4fe663304c399251b9ca6da2c2d61baace828d6795b6d72388b53379ba1a3f7f852da6cf8b9a972aa8f40a6410cc1dec672b4bf35dc674e4a0ef2

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/umeng_common_config.xml
Filesize
171B

MD5
a1ec7c417fe3cf9c1eba8a03d0e4d6e0

SHA1
3028712585689942f4c81bb3a7102327b0622fed

SHA256
660ec6a292a9c84466824b9e894f53fd2165838ac4a6e93ab98aec2c126ca2cf

SHA512
1ac044247d9120371651cf9ae1ca454836db09558e4d9247ca5ccd9dba8e896192e38224710869fa22c1d5eb9a54f3e41155e7376e527c618ff0f41e339b9305

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/umeng_common_config.xml
Filesize
236B

MD5
7f450cfbfb78e926fc06a2f038acfa99

SHA1
176abdc2c9f2409b0b88677b8a71c0a5f9c43849

SHA256
197f9880b817f0acfd5372fbd0b3da896d5db8c43130899ef26e85b6facdf985

SHA512
bd4894427f4377082fbddd0799fed7ff276a5277fa16d68e53ff2898d1122be458a58c2eb686677a98b3f5c83d5c5dd84c77e55c02a8cc418bffb864ebd2b2cd

Download Submit
/data/user/0/com.yumer11.ausdiue/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
324cdd9e86b8fb412defc558b036680e

SHA1
8f54afa42baf41d538f0f02bcc9c4e8e0106723c

SHA256
234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

SHA512
2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc

Download Submit