Analysis
-
max time kernel
3400020s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
16-05-2022 02:10
Static task
static1
Behavioral task
behavioral1
Sample
1fb7ccadf1a52bc09f8d61c4b8a478d88f12e6eea902372a0344988ed8a7a560.apk
Resource
android-x86-arm-20220310-en
General
-
Target
1fb7ccadf1a52bc09f8d61c4b8a478d88f12e6eea902372a0344988ed8a7a560.apk
-
Size
25.3MB
-
MD5
2d119bad740db61ef10c260548573666
-
SHA1
8488405a80ca724b71db99cf0ea7408553224c31
-
SHA256
1fb7ccadf1a52bc09f8d61c4b8a478d88f12e6eea902372a0344988ed8a7a560
-
SHA512
b3fdabb676a7f1658f6ee74692de720787fd6a500dfa4e758361f372d8a19b19c3ef3e2b16d53b04bf24086e5ebab456c138f48ea4130ae119e632e551c8132f
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.mfkj.qrjh.midescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mfkj.qrjh.mi -
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.mfkj.qrjh.midescription ioc process Framework API call android.hardware.SensorManager.registerListener com.mfkj.qrjh.mi
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.mfkj.qrjh.mi/cache/mubiao/777.txtFilesize
34B
MD52f75a467e98af765856e350f7f982c70
SHA104695bc0b5b61062d2d0adb0c38bfd56556564fe
SHA256855eb5c6aa7619a427aacbc9f9b31c11540492b9d5c24a985fca51da5b0d9157
SHA5122ff071bfb598b138dccd28960a2a92caa269af4d722c5e3361a181697d445039bb67eb0e086303b7df32af481b0b73aa9ff0a4ab3efc68a911daf1e64536979e
-
/data/user/0/com.mfkj.qrjh.mi/cache/mubiao/SDK1205_dex.jarFilesize
18KB
MD5038f1991aad0d63312e3e8c06268be45
SHA10a39cb25b85805e4ebc71d6b0ba400e63de4325b
SHA256427023d5168415315a702f2bf805b8ae55ec65d45303458886bc139638cf3bbe
SHA512f870fe5d3ed5f66af9e3826924bcc483a388be6958b42d11627c9d60428f3e26fef4b51c40616e643189eea90768e73780318914fd805d96ed6afa08737e8356
-
/data/user/0/com.mfkj.qrjh.mi/cache/mubiao/SDK1205_dex.jar.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.mfkj.qrjh.mi/cache/mubiao/oat/x86/SDK1205_dex.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.mfkj.qrjh.mi/cache/mubiao/oat/x86/SDK1205_dex.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.mfkj.qrjh.mi/cache/top.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e