agent_smith | 44710fe018450f47310c7ab69654201de8a72253ee564ab11f12e733a88bea7f

Analysis

max time kernel
3384146s
max time network
143s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
15-05-2022 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44710fe018450f47310c7ab69654201de8a72253ee564ab11f12e733a88bea7f.apk
Size

2.5MB
MD5

69aea2e544b21e5650d6063afbf24d11
SHA1

3a7fc7497f0a3551368b46a3a279a4df8db551ec
SHA256

44710fe018450f47310c7ab69654201de8a72253ee564ab11f12e733a88bea7f
SHA512

610d4c420879dba20d31ae130cf2cbafbdf9cdbeddf1699700a4ec81c67acffcef48231b87b9d982c1d6773465d4bf2b9e8cda80d65a41579ac9137025c1dc6e

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dfoiej8.ccsdyia
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.dfoiej8.ccsdyia

ioc pid process

/data/user/0/com.dfoiej8.ccsdyia/files/one.dex 5102 com.dfoiej8.ccsdyia
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.dfoiej8.ccsdyia

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dfoiej8.ccsdyia

ioc	pid	process
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex	5102	com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.dfoiej8.ccsdyia

com.dfoiej8.ccsdyia
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5102

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journal
Filesize
1KB

MD5
33d378a60025b1e378fc50bd6b47457c

SHA1
6ff9a705ca7d8ce8a9e9edff0a22e0022d00761a

SHA256
d6b710b92c4e86ce727b8d4c15d9a88f672fd2cfa85d999dc3605014cfc74c37

SHA512
c49ef4aedbf33827920dfbfd80b99abe171085d1fdad4dcde0e38d9d67463defa2c7a1d104449e42fb77dca4338b145b608fb1281ef5dccd4f4dfba8a32b314d

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
Filesize
36B

MD5
d86fb658c301ee6ce6dd6a83f70ace7d

SHA1
30793f5d6622eaf1cb7226d99e7c1a74784e5493

SHA256
6e5d864ee9c6b65a2ee1244383f86f36352ea2821aee294e7d4e9f2346437d84

SHA512
2c6c51c7e41903adf3c042c0740dfbeab0345820dab774b2219fe3fcb80deef67f86edc2e98e3fba9e818631036c30773d4473a3b3e8ce8fe1502b3861f030cb

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/jiepayplugin.apk
Filesize
25KB

MD5
6db878fe9353394cb856665bd6e35818

SHA1
44471eb02fd24e523de5d2debe6e1c4e869f73d9

SHA256
0000e341fe943663d8065c3a9b538995a36ee8873bb2a5d8c18c4dba8e8447d3

SHA512
79d0b2978a3f64ab2e042660934683c9e245c4542c194763f45ef381a562b51a82c0dde2dc9f8707a3bf78755f4dced9b12d749814f634eb0ea3eac0498f3664

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex
Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex
Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk
Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
111B

MD5
ebd64be7aba913683bac2337a3e70b4c

SHA1
989a581ced30aad3089526cb575d15352eab9bc9

SHA256
97dc8aad8a6b0a3f664c9b3a65ff6a498314f8b22fa71393c42e6fb5bd59e014

SHA512
acc1bf92cd21eaf5698f7cab43615feabda2cad12391532d6afb5c3d419a0b91d961966662087ce9b51a9eae1e919197c03cdba1ae7813db0a9cca8cde7fa54e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
171B

MD5
229a39ab374ea432b463908d496f72ee

SHA1
c5ca8d49be4597c85c4399b2827d17b3a40b8b34

SHA256
6394d2f32b264464a28dfa64b50e5694478f326f3121dabf640deee9f339743d

SHA512
36eddc9df346c28840a6a2a87a97b5fa325fecad5bca05f07cb8dd93865dcdefda4d354835a41da179769802fcf57fd6b6cbe4940d93f7c053fa63f0e67b236e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
236B

MD5
de93c4a1fcf5a7002082a4e9b0df7ab3

SHA1
67cd07d26fe5ae530ddcaf34d0fa345f829bcc55

SHA256
a74efcd40e474daeb2db4ad397ee38f6a2bd86d4434c9eb6822002ea8ed84e04

SHA512
a7e846edae996565644260674eaac27ace9942722aa924e2605d092160640f8338adcac2d49c020b6d9dd1c9769e4c67bb4008090262dcfd9d362f8f300eea3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
324cdd9e86b8fb412defc558b036680e

SHA1
8f54afa42baf41d538f0f02bcc9c4e8e0106723c

SHA256
234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

SHA512
2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
0f2ea23965576f3b8b258b89f9d8e052

SHA1
df4bd824ffddc4222bbad2ffc8e5e52eefb89835

SHA256
91ed02cf99d89cd47321155d9feb43a34cafc01f43feb1b3f01793d01f34edea

SHA512
96795bef4132bf211c006151d69a5c22fd562b32126442d597e95177d9ab6be784453962c7286aff79ca5170c6044c1514d3782dce096c0c952f2edb6def44c8

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
fd530f6d394b1b72740283ce0c406290

SHA1
b6d4101eb7efe91828f84ca5bb13ad442ac408da

SHA256
c9e4cac1ecb4598dbbb0dfba7cdca84438ce297f67184800f92da04bb0d79450

SHA512
e91e862292cc82f2b06c2eb2a781d69ab069d880b74488a53906c99332ff916d1f533c8da45d7e5a9c7e145d59bc2636bff188ead2ced670b1da0778f8d3d4c5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
d31776f99b634d1f0442f22e084afa1b

SHA1
5941fcea5643f44103a14637fb067d775eb4397d

SHA256
44aab0d774229fcfe5dd6ebd5e4391c43dca9d171a850aff62ddae60c1640185

SHA512
2710dbb1f76cf0ca8439e26f7b4a707b640a035f644cd93191774b6634751dd82da53c2a7f264653c43191a965bab38fb29fbb6a53910da2bfbd54370c6d3dfe

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
5a9272f1bed308bb3e03befca55e0e89

SHA1
50fa78719d41a0482feca830ac327984a936b1da

SHA256
c11516a5d16a1c29281aaf55de1de6b6c5e3c89720e1b2097fa72ab5397d0abf

SHA512
bb0d26b74a36726bc9b55bb8715e7ad092eb5baaef9f2bd02d7e1322d52afa3df77ba842f3bda86c32fad6858d7c1024f6649178ff9c93f12f684f9077819a53

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads