Analysis

  • max time kernel
    3400020s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    16-05-2022 02:10

General

  • Target

    1fb7ccadf1a52bc09f8d61c4b8a478d88f12e6eea902372a0344988ed8a7a560.apk

  • Size

    25.3MB

  • MD5

    2d119bad740db61ef10c260548573666

  • SHA1

    8488405a80ca724b71db99cf0ea7408553224c31

  • SHA256

    1fb7ccadf1a52bc09f8d61c4b8a478d88f12e6eea902372a0344988ed8a7a560

  • SHA512

    b3fdabb676a7f1658f6ee74692de720787fd6a500dfa4e758361f372d8a19b19c3ef3e2b16d53b04bf24086e5ebab456c138f48ea4130ae119e632e551c8132f

Malware Config

Signatures

  • Agent smith

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

Processes

  • com.mfkj.qrjh.mi
    1⤵
    • Requests cell location
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.mfkj.qrjh.mi/cache/mubiao/777.txt
    Filesize

    34B

    MD5

    2f75a467e98af765856e350f7f982c70

    SHA1

    04695bc0b5b61062d2d0adb0c38bfd56556564fe

    SHA256

    855eb5c6aa7619a427aacbc9f9b31c11540492b9d5c24a985fca51da5b0d9157

    SHA512

    2ff071bfb598b138dccd28960a2a92caa269af4d722c5e3361a181697d445039bb67eb0e086303b7df32af481b0b73aa9ff0a4ab3efc68a911daf1e64536979e

  • /data/user/0/com.mfkj.qrjh.mi/cache/mubiao/SDK1205_dex.jar
    Filesize

    18KB

    MD5

    038f1991aad0d63312e3e8c06268be45

    SHA1

    0a39cb25b85805e4ebc71d6b0ba400e63de4325b

    SHA256

    427023d5168415315a702f2bf805b8ae55ec65d45303458886bc139638cf3bbe

    SHA512

    f870fe5d3ed5f66af9e3826924bcc483a388be6958b42d11627c9d60428f3e26fef4b51c40616e643189eea90768e73780318914fd805d96ed6afa08737e8356

  • /data/user/0/com.mfkj.qrjh.mi/cache/mubiao/SDK1205_dex.jar.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.mfkj.qrjh.mi/cache/mubiao/oat/x86/SDK1205_dex.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.mfkj.qrjh.mi/cache/mubiao/oat/x86/SDK1205_dex.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.mfkj.qrjh.mi/cache/top.zip
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e