General
Target

feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk

Filesize

973KB

Completed

16-05-2022 15:13

Task

behavioral1

Score
10/10
MD5

d2107cc5cb0b0c4ea4a431bad4b69d4d

SHA1

75df3a748c30e7706fbc3871f098cf98347c83e6

SHA256

feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b

SHA512

c93e3d8e88f420a16c0b0bb689540dd3daffa1ac7a4bd044d55d9f241ab1a9fae6c96ee35b5b86ec7142375b0ee53426d422ea08ca25e2534191476f45842b93

Malware Config
Signatures 5

Filter: none

  • Agent smith

    Description

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

  • Requests cell location
    com.youba.flashlight

    Description

    Uses Android APIs to to get current cell location.

    Reported IOCs

    descriptioniocprocess
    Framework service callcom.android.internal.telephony.ITelephony.getCellLocationcom.youba.flashlight
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data).
    com.youba.flashlight

    Tags

    Reported IOCs

    descriptioniocprocess
    Framework API calljavax.crypto.Cipher.doFinalcom.youba.flashlight
  • Listens for changes in the sensor environment (might be used to detect emulation).
    com.youba.flashlight

    Tags

    Reported IOCs

    descriptioniocprocess
    Framework API callandroid.hardware.SensorManager.registerListenercom.youba.flashlight
Processes 4
  • com.youba.flashlight
    Requests cell location
    Uses Crypto APIs (Might try to encrypt user data).
    Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5317
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      PID:5689
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
      PID:5774
  • com.youba.flashlight:googleService
    PID:5370
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • /data/data/com.youba.flashlight/databases/ua.db

                            MD5

                            0adf12ae98c58cd3372aab47cee555cb

                            SHA1

                            8fa3c1280c77933aa9752ebebf386e973d9732d8

                            SHA256

                            7f1954dbad6f73ceca29af126f914c04fb50d5098354c741fd712d4bcaea2a48

                            SHA512

                            10f52e64fe94bfe551c850f2cad734d7bd35cfb89d7419dfc5f60016d19a19e16ac03b342b0632b8b71197926fa3fe888c8207a76648c14a0a421f51c84f9504

                          • /data/data/com.youba.flashlight/databases/ua.db-journal

                            MD5

                            a1953574a92b9bf904ad3940b6d17507

                            SHA1

                            947fc3a5d59943e52058ebcf7583c2ad23c19b0e

                            SHA256

                            1ffbc578b64c6482aed2ad969c87f523ece12ed9431ffb93a54066fb5455ae63

                            SHA512

                            b4bd084674e4c80178880cf531d66205e4f709bd6c9859eb3570de369a26556a68081d8ca5a82515aeac8f63dcde7adaa25608680a7d88e33c72f0d8f1f9871e

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-shm

                            MD5

                            7dea362b3fac8e00956a4952a3d4f474

                            SHA1

                            05fe405753166f125559e7c9ac558654f107c7e9

                            SHA256

                            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                            SHA512

                            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            b3dd5cf3bf7d71d37c3f7ef67db0370c

                            SHA1

                            8e9c8c8cac4cb5777d875614335750fc05daf52a

                            SHA256

                            a96401a7ed96375e53af9b8f583aa8f37d620ffa5441a908361ac054dc4a6b3b

                            SHA512

                            f2904fd5a17b984d21c22405ea1cef714ff93e1d39ba54e89fd764498e297fcf2b6a9ece01eb2f96a1c569e462d5165814af1310a43d5612648a6cc2452e0888

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            367bd4227b48d76aa72d10dbe6a43911

                            SHA1

                            5767b046b093b5040faef2e10602f488367d4ae8

                            SHA256

                            bc2e4501a03b5b269b2f91dd98c8bbd44c56de21a98faeb6e426f6eb30b5be22

                            SHA512

                            b2dcba8ffb4a43e0ddb7cd4bbd967a13dac3d21563f997f5d7783573e95bdc9aba1534de9363a323cb25f928d42a8b56dc22f4957750ca1d8bdaccfbccffa9ae

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            8b1ab6a377513333e9badeebc0452aec

                            SHA1

                            deea15098ecd12da42262b99a0a3ec36fc0ec75a

                            SHA256

                            e2ff268dab919856e018b21dc6a83cc15882956d25537f2a5e87272b16133193

                            SHA512

                            7349b6be03e2f28a3198c4c2be5ae981d974890a7f6c9644188eede2500f5eb3e877cbfa9363c6bae04016d429601b39f9f321880a1c91d79da0811f1761789f

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            c1d06ec9614f723bff0dab38cd0910bd

                            SHA1

                            16fce53ed6663a01ac682501504383fdaa3b00d7

                            SHA256

                            9383d7936771ad64c5681a7b9a93883644f360c8c1c976c6a5b6eaa77e5265c3

                            SHA512

                            c50e7830a5ea343b40ae85c76ed7f826d292b6bbb3369c466deaebb64acc73fb057a36941001eadbb9176625d8e084577179711ab6a5d8f6966b74ba9d4edf72

                          • /data/data/com.youba.flashlight/databases/ua.db-wal

                            MD5

                            1104f047165beb4e6805f86c34f4b218

                            SHA1

                            50405d801b66576e08a67b27118f9fd09c78d76d

                            SHA256

                            3243501261b7a2f319ba6a0872fd1a343424acd1bfe9ee857866eb4459b91e40

                            SHA512

                            d6fc976b3eaad9755d4770159b6cba0025e51ca3b507ee54e39cb5ed0056691228b1fa3acb2d8fbca9ee3c16ba97706f6366f87d581072e8ea56d0d75bdcd076

                          • /data/user/0/com.youba.flashlight/app_p_a/p.l

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /data/user/0/com.youba.flashlight/files/.envelope/a==7.5.0&&1.0_1652713890002_envelope.log

                            MD5

                            6b8ebca0f0b762f036fa3440594b4833

                            SHA1

                            2a3fd3c765ec7e54ecbc7f44299fde975963f028

                            SHA256

                            fd2bb446bb4181a136810df58f8b4c0c67d60398853c70f3e3ae3990a511beb2

                            SHA512

                            9d3f07168de4a6c3631fbcc268f22dad89e072c57bea4735cbdd89529ee98012e511bc8d7c6983f9ca48bf486f8365741917ea64e9680b3b052c1ceecccd3f49

                          • /data/user/0/com.youba.flashlight/files/.envelope/i==1.2.0&&1.0_1652713908536_envelope.log

                            MD5

                            4bcbb66306cfe00d196b1bbd9630cfeb

                            SHA1

                            14ec0c8f84c2fd1dafa2651bb9334219aa108d9b

                            SHA256

                            893a3fb3ac399373897aeee79db82a166dbd22276c444f8ea6eccb56ee9ba33e

                            SHA512

                            bd43a25b2d296b7185c878ad77912f5316b17a9c1e01c7f25b44c230947d4c2ea4026abbddd5915f247692e6fe2d7d80ff27ff02d79de369a8b65e07fb6e9315

                          • /data/user/0/com.youba.flashlight/files/.imprint

                            MD5

                            4258179156fc87244cc5d7edb7b8f207

                            SHA1

                            58d151d81d8efa59dad3ec315565b0da15cb87eb

                            SHA256

                            8a92c924d04b9afa141d8edce8556ad6bd22a93a21e97ea8d1772e562ea44b1e

                            SHA512

                            2c6b9d8d9766500498b14e835fa20dba79426ca85aeed02ce319d729b1396b5378a2e0c2cb29755615f3d88c99489f6385772f48a0a51233fb7ed45cbe3c3e2a

                          • /data/user/0/com.youba.flashlight/files/.umeng/exchangeIdentity.json

                            MD5

                            918f8d003ff3ed5a4927c96c8519e532

                            SHA1

                            6b722bb3d8435b825e2a4b2f22047b5443d9bde6

                            SHA256

                            01171e90c0ba79532396d78884168aec0b021a9ed19b7c4cf560756b9c287019

                            SHA512

                            11eb4c2c450bbf2861e2ec6de1f462520412eee0927212cbeb3ad7b2f5b0076dc762cfad431f0fdb0e35ee573c1e39b54c83ed8c1629f0f530c7a5e0723b5380

                          • /data/user/0/com.youba.flashlight/files/exid.dat

                            MD5

                            a42e33690b57918fc0a979959d45b75c

                            SHA1

                            b65041c7890ffa25cecc5df64e5fb5819fe3e304

                            SHA256

                            3c5c8cee88a3c59d84de221ab5793bcfa974455549649bade7891efbc9f07f81

                            SHA512

                            f2aecc7f6410e3dbcd158a5809bea9b02d707bdd15a131b47e65297e95f04622dfb6f4cddb850e9bec3e18142c0dcbaa86d09e2558ecd4f14b4ef089702fa505

                          • /data/user/0/com.youba.flashlight/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUyNzEzODg4NTI5

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          • /data/user/0/com.youba.flashlight/files/umeng_it.cache

                            MD5

                            c99c7f007e59b4dc8f5a28b63437805a

                            SHA1

                            c960cdae8443ab03bbe9a6f02564e1fe5678ffb8

                            SHA256

                            647904ca596533399044fc71975dcc4444a2a0cc981e7e085e512693ff82b781

                            SHA512

                            0ebc6128448565b82be3433b1c3ed4e2106b3e1e3f4861e0f08614ef6735c30a567165b6e50f435562153ec584518a2949caf2a30873b030ba31b10ba5ca178f

                          • /storage/emulated/0/.DataStorage/ContextData.xml

                            MD5

                            e3382f5c6ed95d15d3fa6bbef8f2318d

                            SHA1

                            6fb70021070459acfbf14ef2e74e1d865f3f04b5

                            SHA256

                            4caa1956d619d290f64fd72fa3bc74fbd67e2f1a9917086db422e8233164c270

                            SHA512

                            270d77aa9eb91803456b039756a1d510ccc29262e45fe881f7ebf71df5d1f6a66ca6e4999840002b15d3db7516fb2b3de167894b2203a461a0f3dcade3b7560d

                          • /storage/emulated/0/.DataStorage/ContextData.xml

                            MD5

                            9781ca003f10f8d0c9c1945b63fdca7f

                            SHA1

                            4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                            SHA256

                            3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                            SHA512

                            25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                          • /storage/emulated/0/.DataStorage/ContextData.xml

                            MD5

                            ecba98e829318d0b6f7130f206715992

                            SHA1

                            071f8d48fca967e2687ef1e38f600c7f41a93779

                            SHA256

                            3ef5da87af021b398e47c812302452528e10eaea4d2b430ec4ce9832a0b82826

                            SHA512

                            c97349405db481429445e0f62a18fca5b366f554b45b5aa3ab7097bb032fa86f71ac09d228795f45943e891514bfcf21f705ef02d987cc88f50201cfba778223

                          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                            MD5

                            f3f02c0826e75ae1e9b971dfc9316adc

                            SHA1

                            32498402daca570d14c289e50987f2871888b5fe

                            SHA256

                            7bf87c052bf21649088389ac35f9a106c2d3f5c9c16e00055c24a94d335783a6

                            SHA512

                            5d00c939ee50cad24f16289f1debf2fe0ad29ef19ee9dded7acfc6bcd14e0d8f2128a0a0b62501f6b3b69d627c7ee7dcba3ced8a75230c996dda2f10f414a380

                          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                            MD5

                            9781ca003f10f8d0c9c1945b63fdca7f

                            SHA1

                            4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                            SHA256

                            3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                            SHA512

                            25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                            MD5

                            d852001cf294a86790faf30b261f7040

                            SHA1

                            2c9335b8e58c978ed5dd6fe54ff3b70fc658c35c

                            SHA256

                            74a96b0548a8e6c94fba9bd924f5c04ffa01c71afb584e9e40fb9f42c0794544

                            SHA512

                            c88027d5fd5e5fbf4d3ce63a1810fa68ed199df0bcf575690aa636f3b43d3a8ff2a010cd07cd2d4efe10427b03a10f96830f4567a64b2c2ed7d87b1a808c2e1e