Analysis
-
max time kernel
3449247s -
max time network
40s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
16-05-2022 13:57
Static task
static1
Behavioral task
behavioral1
Sample
3b77093893ee4bf1dae481202ad08e881295ac5fb019d0bdd9c901c2e9d02731.apk
Resource
android-x86-arm-20220310-en
General
-
Target
3b77093893ee4bf1dae481202ad08e881295ac5fb019d0bdd9c901c2e9d02731.apk
-
Size
16MB
-
MD5
6921eeda2be0d1ea76228b85fddcfcc1
-
SHA1
2667519d006c57ffc4be03ba065820ab775ef2f2
-
SHA256
3b77093893ee4bf1dae481202ad08e881295ac5fb019d0bdd9c901c2e9d02731
-
SHA512
29de655e38e07a0cc38a15a7ecf9bbf9503911cc74d35033abbbcd334c7698c07fbb67b541ec368857c63c2afb4e47660d2daba94bb78d3e7320c1aec0d79b8d
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.e8game.tlztdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.e8game.tlzt -
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.e8game.tlztdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.e8game.tlzt
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.e8game.tlzt/databases/npth_log.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/user/0/com.e8game.tlzt/databases/npth_log.db-journalFilesize
524B
MD5dc3732e30a3fb397177ecaad3ec5fa0f
SHA19bae1ee9540a8237e2176a509b6e6d21807774ec
SHA2569a28558058542919d18505dd1f065734d87266ba91a8ef67b9416fcf3a86382f
SHA5124da086240e42b0f60c34d1ac9fdd0b9cf30e4d99b8a8495d34703fa03fcda1cfcc474e42993e98828382ccf6f2d3cfc52aa2b83e64072400719e7f818438d20a
-
/data/user/0/com.e8game.tlzt/databases/npth_log.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/user/0/com.e8game.tlzt/databases/npth_log.db-walFilesize
16KB
MD5e6b21574b1b614e1b12fbbf2e9f9020a
SHA1fc18793d98764cf2ae231c442b0f803d86f101f9
SHA256a32a34709deeee9ab03301e351c1483d7b78aca7d1de1abe29944688e36c56ce
SHA5126a677022e4a51d7da26fe569f1dd09904b7ff81c72ad25c5357536a16a1f3a8b677625bbcce7d398ddfaa62ff0223b0756deb3cb0e4ec9c6ddc09e666770c70c
-
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.datFilesize
36B
MD5586c5eca439789b792fb4dad494845b4
SHA13193fd382844cf8f572ddf09c7098c308831f42d
SHA25687d4d7a700151643ca909c5b7713e78825958cca9cdd9deda022b8f2b755da8a
SHA512769fcbd13acbb37e68e1a7c4f88789130b40d8545334472e5280df2b83ea14314a3a5b8aa7cd167707b9f92f61a111a46779a466e563b5fa33cb42f4637d1e79