Analysis
-
max time kernel
3399237s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
16-05-2022 01:54
Static task
static1
Behavioral task
behavioral1
Sample
8cdd6e72f3b86b583780af78d129d60846c66fe41bd3fe67a4ed2f8c840b2a07.apk
Resource
android-x86-arm-20220310-en
General
-
Target
8cdd6e72f3b86b583780af78d129d60846c66fe41bd3fe67a4ed2f8c840b2a07.apk
-
Size
2.5MB
-
MD5
19a426de1f4e93ec51437bad0095f54d
-
SHA1
fd3c7476c456d3f218825a64eee21f43a19bf0f4
-
SHA256
8cdd6e72f3b86b583780af78d129d60846c66fe41bd3fe67a4ed2f8c840b2a07
-
SHA512
e56d37e3561669cf4df94d7290632bdeac3cfddad6da9406cb5e94d42a2bcb71021106d147808243f103d7353a81e39254b7cbebbfab15c433d1f3c3d030cdaa
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.dfoiej8.ccsdyiaioc pid process /data/user/0/com.dfoiej8.ccsdyia/files/one.dex 5092 com.dfoiej8.ccsdyia -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.dfoiej8.ccsdyiadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jarFilesize
35KB
MD5e1ab911d4b585a26aae02d8540575013
SHA1ac148f7bdf95edddc97d9224ff51a771f1070520
SHA2568a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca
SHA512983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web DataFilesize
104KB
MD5dc79f9ce5f3ab5270b33e61119dfc959
SHA11844bf222a5144b513dcf2fb50a18c011701c647
SHA25647e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA51218b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journalFilesize
1KB
MD518f5d17f872e656131d2d447574e323d
SHA18e77e59bbfa81295fb4e2fd0fa72064a38fb5541
SHA256e8b2f623b76bb27b1f6374ef8102562f4d5b8227812d098c1321359e687d9a18
SHA512da3b2a71d7c477adbf61d18551f81b171f11b3f3341da139af4e57d72dd4f10ae6a867962741fe336b2cf9df4a3383995d0cab78bd1be3ab99647a14dda42eea
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guidMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guidFilesize
36B
MD5cb81cfc0e3911ea8133a1311fcac23b7
SHA18910467c28faca533709cd31fac05a96f977cd65
SHA256e6c8350b4473f3aa4cf9ea36c666c3158fc5ecd76687b20f7087e6380551dad2
SHA5121d0c6b080c7d3aefabbc9951a063f37800b02705c3ddbaf819833333c5242f80f4c1d0484ea1f2e6d902033f905d9d0ebe18cb40996acd2b10f40601e4ad179f
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_newMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stampMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/one.dexFilesize
59KB
MD51b5c4ae7e385db4551ced8c19386abe0
SHA112d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4
SHA2568211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70
SHA512f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b
-
/data/user/0/com.dfoiej8.ccsdyia/files/one.dexFilesize
59KB
MD51b5c4ae7e385db4551ced8c19386abe0
SHA112d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4
SHA2568211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70
SHA512f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b
-
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xmlFilesize
127B
MD521223e9184445fe043476484cd8cb1f9
SHA12b4813f849121d60ba35eb0889080668bb62c778
SHA256bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF.xmlFilesize
125B
MD5237ae82ee89a2accf57cc2d78879094a
SHA10c2efe5d38dbb74625568265c72e3b624091bd57
SHA2567c593841a5a94cb2e7e8b6b991eb936fbbb90cd68b02fb38795c1c24779dfff4
SHA512414228ca69a9556e7ea86e3f0d9d1026479b72aa3ae9a3977f20dcdf489a1c25e61b4fc510eb54e0a7472985a309b472744190ee86b730cc08cd00e1ebb0ff08
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xmlFilesize
122B
MD576a516ec620e2508e512a673a58347a3
SHA1386e9ee5d38602ebdca74bc24b24d75b1a765e8c
SHA256245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5
SHA512e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xmlFilesize
170B
MD5bdc445489433dd064533904bf424e861
SHA185667e08f1cfe6131b9c0c91025c2d074db1638f
SHA256aa081a19f794a48b3e03dd8196349c5d2f23d90d6d576d61ff83bf57eff4ca41
SHA51264adaaa7ed68f433d0b8c81e2499977f1b31cbb4ef91be8dee9321dfbfa5e890f18cb6685429fd679202c5cf40cd5c975680dbfc97797cf1514c4d0328cdc53e
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xmlFilesize
209B
MD54518555491adef6e6bf6cf18cb889765
SHA16c7c614fb2465290c9a01b90f70632780cc375fa
SHA256b2f0fe3077ea807d83d2e06b948bb3bd59639f0adcb2fef562bfc8608b99cfca
SHA512d285b1bf0392ab204a33eb722de1db45d78ec6be93d6c34cd0f61f3f8f0c83439c8a1a68dfaddc8633885c6fb3ad99449dc50d6483602361b4877e0987ba8182
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/info.xmlFilesize
460B
MD5523891535dab7e8861ff6cab89aa229c
SHA1cee95665c59a15abdef383cc3b683ba4cd86c9c8
SHA2565ebb959184d1015c87ec62b90104221a491fa3344f17fb60d5bb76941fad5e63
SHA51262186ad799bf7cf82867a3571ef98e17d9268979dd2d66f1169f3b08965b3d446d19e1b70ce9496fc471ddf27141cbbe90a2b72204b21fc2ebff1cfca7a1fe59
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
112B
MD5ff9360323903b890bb82f59d17a6f482
SHA1cdde2d8b3de445d892fa25e574edf2b498ded042
SHA256d376dc32facfce9a6e45f7b1bfa5bebebcd6b39feef6fc3b56be38b4ec2d92b8
SHA5123df2fb109f38570fc5fab6cc212aec1519003d743f7e8169b02cc8e26b40773bf674f1a002d1ba94c76eb14691fb1ed2431054eaf5f965ede69d8570cc38d26c
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
172B
MD5a7d5d6c1490df3451a7fce26bb10a2fb
SHA17730998fb809eb39ec966addb768f4ec9f9465d2
SHA25671610c4696c082dccbca29115c958e74550ab2dc76af1c49d8e7ae0440f7d855
SHA512bbdc4d106c07e9d96096a9b5f8129f8c9e11231e8a8ca09c57a0269e81ecd5f5ad94cece24a402d473011baed2bdbaaabe370473b3259dc283f9736396bc7182
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
237B
MD57ab9a058b69ad4659d976a5469e977d2
SHA1ddfb36bd20ed72cf58d9406cf2cca8801317cac6
SHA256e607326a91d2e7d645428cc825b53a103f809a4891fe26a9a07f00c57b1c96f7
SHA5121ce43b1095cf8ddf0cf80c327421dae28a3d87b0e01a2b17d9ab500318f3eb3ca8be94ca3174e19dac2e94a7a30a832e76192b60aa7e7b30b1b2abb163011d92
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xmlFilesize
390B
MD5324cdd9e86b8fb412defc558b036680e
SHA18f54afa42baf41d538f0f02bcc9c4e8e0106723c
SHA256234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa
SHA5122b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc