Analysis

  • max time kernel
    3449247s
  • max time network
    40s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    16-05-2022 13:57

General

  • Target

    3b77093893ee4bf1dae481202ad08e881295ac5fb019d0bdd9c901c2e9d02731.apk

  • Size

    16MB

  • MD5

    6921eeda2be0d1ea76228b85fddcfcc1

  • SHA1

    2667519d006c57ffc4be03ba065820ab775ef2f2

  • SHA256

    3b77093893ee4bf1dae481202ad08e881295ac5fb019d0bdd9c901c2e9d02731

  • SHA512

    29de655e38e07a0cc38a15a7ecf9bbf9503911cc74d35033abbbcd334c7698c07fbb67b541ec368857c63c2afb4e47660d2daba94bb78d3e7320c1aec0d79b8d

Malware Config

Signatures

  • Agent smith

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

Processes

  • com.e8game.tlzt
    1⤵
    • Requests cell location
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5078
    • ls /sys/class/thermal
      2⤵
        PID:5134

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.e8game.tlzt/databases/npth_log.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/user/0/com.e8game.tlzt/databases/npth_log.db-journal
      Filesize

      524B

      MD5

      dc3732e30a3fb397177ecaad3ec5fa0f

      SHA1

      9bae1ee9540a8237e2176a509b6e6d21807774ec

      SHA256

      9a28558058542919d18505dd1f065734d87266ba91a8ef67b9416fcf3a86382f

      SHA512

      4da086240e42b0f60c34d1ac9fdd0b9cf30e4d99b8a8495d34703fa03fcda1cfcc474e42993e98828382ccf6f2d3cfc52aa2b83e64072400719e7f818438d20a

    • /data/user/0/com.e8game.tlzt/databases/npth_log.db-shm
      Filesize

      8B

      MD5

      7dea362b3fac8e00956a4952a3d4f474

      SHA1

      05fe405753166f125559e7c9ac558654f107c7e9

      SHA256

      af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

      SHA512

      1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

    • /data/user/0/com.e8game.tlzt/databases/npth_log.db-wal
      Filesize

      16KB

      MD5

      e6b21574b1b614e1b12fbbf2e9f9020a

      SHA1

      fc18793d98764cf2ae231c442b0f803d86f101f9

      SHA256

      a32a34709deeee9ab03301e351c1483d7b78aca7d1de1abe29944688e36c56ce

      SHA512

      6a677022e4a51d7da26fe569f1dd09904b7ff81c72ad25c5357536a16a1f3a8b677625bbcce7d398ddfaa62ff0223b0756deb3cb0e4ec9c6ddc09e666770c70c

    • /storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat
      Filesize

      36B

      MD5

      586c5eca439789b792fb4dad494845b4

      SHA1

      3193fd382844cf8f572ddf09c7098c308831f42d

      SHA256

      87d4d7a700151643ca909c5b7713e78825958cca9cdd9deda022b8f2b755da8a

      SHA512

      769fcbd13acbb37e68e1a7c4f88789130b40d8545334472e5280df2b83ea14314a3a5b8aa7cd167707b9f92f61a111a46779a466e563b5fa33cb42f4637d1e79