Analysis

  • max time kernel
    3399237s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    16-05-2022 01:54

General

  • Target

    8cdd6e72f3b86b583780af78d129d60846c66fe41bd3fe67a4ed2f8c840b2a07.apk

  • Size

    2.5MB

  • MD5

    19a426de1f4e93ec51437bad0095f54d

  • SHA1

    fd3c7476c456d3f218825a64eee21f43a19bf0f4

  • SHA256

    8cdd6e72f3b86b583780af78d129d60846c66fe41bd3fe67a4ed2f8c840b2a07

  • SHA512

    e56d37e3561669cf4df94d7290632bdeac3cfddad6da9406cb5e94d42a2bcb71021106d147808243f103d7353a81e39254b7cbebbfab15c433d1f3c3d030cdaa

Malware Config

Signatures

  • Agent smith

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • com.dfoiej8.ccsdyia
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar
    Filesize

    35KB

    MD5

    e1ab911d4b585a26aae02d8540575013

    SHA1

    ac148f7bdf95edddc97d9224ff51a771f1070520

    SHA256

    8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

    SHA512

    983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

  • /data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data
    Filesize

    104KB

    MD5

    dc79f9ce5f3ab5270b33e61119dfc959

    SHA1

    1844bf222a5144b513dcf2fb50a18c011701c647

    SHA256

    47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

    SHA512

    18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    18f5d17f872e656131d2d447574e323d

    SHA1

    8e77e59bbfa81295fb4e2fd0fa72064a38fb5541

    SHA256

    e8b2f623b76bb27b1f6374ef8102562f4d5b8227812d098c1321359e687d9a18

    SHA512

    da3b2a71d7c477adbf61d18551f81b171f11b3f3341da139af4e57d72dd4f10ae6a867962741fe336b2cf9df4a3383995d0cab78bd1be3ab99647a14dda42eea

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
    Filesize

    36B

    MD5

    cb81cfc0e3911ea8133a1311fcac23b7

    SHA1

    8910467c28faca533709cd31fac05a96f977cd65

    SHA256

    e6c8350b4473f3aa4cf9ea36c666c3158fc5ecd76687b20f7087e6380551dad2

    SHA512

    1d0c6b080c7d3aefabbc9951a063f37800b02705c3ddbaf819833333c5242f80f4c1d0484ea1f2e6d902033f905d9d0ebe18cb40996acd2b10f40601e4ad179f

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_new
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stamp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/files/one.dex
    Filesize

    59KB

    MD5

    1b5c4ae7e385db4551ced8c19386abe0

    SHA1

    12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

    SHA256

    8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

    SHA512

    f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

  • /data/user/0/com.dfoiej8.ccsdyia/files/one.dex
    Filesize

    59KB

    MD5

    1b5c4ae7e385db4551ced8c19386abe0

    SHA1

    12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

    SHA256

    8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

    SHA512

    f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

  • /data/user/0/com.dfoiej8.ccsdyia/files/one.dex.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    21223e9184445fe043476484cd8cb1f9

    SHA1

    2b4813f849121d60ba35eb0889080668bb62c778

    SHA256

    bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

    SHA512

    be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF.xml
    Filesize

    125B

    MD5

    237ae82ee89a2accf57cc2d78879094a

    SHA1

    0c2efe5d38dbb74625568265c72e3b624091bd57

    SHA256

    7c593841a5a94cb2e7e8b6b991eb936fbbb90cd68b02fb38795c1c24779dfff4

    SHA512

    414228ca69a9556e7ea86e3f0d9d1026479b72aa3ae9a3977f20dcdf489a1c25e61b4fc510eb54e0a7472985a309b472744190ee86b730cc08cd00e1ebb0ff08

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
    Filesize

    122B

    MD5

    76a516ec620e2508e512a673a58347a3

    SHA1

    386e9ee5d38602ebdca74bc24b24d75b1a765e8c

    SHA256

    245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

    SHA512

    e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
    Filesize

    170B

    MD5

    bdc445489433dd064533904bf424e861

    SHA1

    85667e08f1cfe6131b9c0c91025c2d074db1638f

    SHA256

    aa081a19f794a48b3e03dd8196349c5d2f23d90d6d576d61ff83bf57eff4ca41

    SHA512

    64adaaa7ed68f433d0b8c81e2499977f1b31cbb4ef91be8dee9321dfbfa5e890f18cb6685429fd679202c5cf40cd5c975680dbfc97797cf1514c4d0328cdc53e

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
    Filesize

    209B

    MD5

    4518555491adef6e6bf6cf18cb889765

    SHA1

    6c7c614fb2465290c9a01b90f70632780cc375fa

    SHA256

    b2f0fe3077ea807d83d2e06b948bb3bd59639f0adcb2fef562bfc8608b99cfca

    SHA512

    d285b1bf0392ab204a33eb722de1db45d78ec6be93d6c34cd0f61f3f8f0c83439c8a1a68dfaddc8633885c6fb3ad99449dc50d6483602361b4877e0987ba8182

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/info.xml
    Filesize

    460B

    MD5

    523891535dab7e8861ff6cab89aa229c

    SHA1

    cee95665c59a15abdef383cc3b683ba4cd86c9c8

    SHA256

    5ebb959184d1015c87ec62b90104221a491fa3344f17fb60d5bb76941fad5e63

    SHA512

    62186ad799bf7cf82867a3571ef98e17d9268979dd2d66f1169f3b08965b3d446d19e1b70ce9496fc471ddf27141cbbe90a2b72204b21fc2ebff1cfca7a1fe59

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
    Filesize

    112B

    MD5

    ff9360323903b890bb82f59d17a6f482

    SHA1

    cdde2d8b3de445d892fa25e574edf2b498ded042

    SHA256

    d376dc32facfce9a6e45f7b1bfa5bebebcd6b39feef6fc3b56be38b4ec2d92b8

    SHA512

    3df2fb109f38570fc5fab6cc212aec1519003d743f7e8169b02cc8e26b40773bf674f1a002d1ba94c76eb14691fb1ed2431054eaf5f965ede69d8570cc38d26c

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
    Filesize

    172B

    MD5

    a7d5d6c1490df3451a7fce26bb10a2fb

    SHA1

    7730998fb809eb39ec966addb768f4ec9f9465d2

    SHA256

    71610c4696c082dccbca29115c958e74550ab2dc76af1c49d8e7ae0440f7d855

    SHA512

    bbdc4d106c07e9d96096a9b5f8129f8c9e11231e8a8ca09c57a0269e81ecd5f5ad94cece24a402d473011baed2bdbaaabe370473b3259dc283f9736396bc7182

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
    Filesize

    237B

    MD5

    7ab9a058b69ad4659d976a5469e977d2

    SHA1

    ddfb36bd20ed72cf58d9406cf2cca8801317cac6

    SHA256

    e607326a91d2e7d645428cc825b53a103f809a4891fe26a9a07f00c57b1c96f7

    SHA512

    1ce43b1095cf8ddf0cf80c327421dae28a3d87b0e01a2b17d9ab500318f3eb3ca8be94ca3174e19dac2e94a7a30a832e76192b60aa7e7b30b1b2abb163011d92

  • /data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xml
    Filesize

    390B

    MD5

    324cdd9e86b8fb412defc558b036680e

    SHA1

    8f54afa42baf41d538f0f02bcc9c4e8e0106723c

    SHA256

    234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

    SHA512

    2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc