Analysis

  • max time kernel
    3446528s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    16-05-2022 14:01

General

  • Target

    feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk

  • Size

    973KB

  • MD5

    d2107cc5cb0b0c4ea4a431bad4b69d4d

  • SHA1

    75df3a748c30e7706fbc3871f098cf98347c83e6

  • SHA256

    feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b

  • SHA512

    c93e3d8e88f420a16c0b0bb689540dd3daffa1ac7a4bd044d55d9f241ab1a9fae6c96ee35b5b86ec7142375b0ee53426d422ea08ca25e2534191476f45842b93

Malware Config

Signatures

  • Agent smith

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs

Processes

  • com.youba.flashlight
    1⤵
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data).
    • Listens for changes in the sensor environment (might be used to detect emulation).
    PID:5317
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:5689
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:5774
      • com.youba.flashlight:googleService
        1⤵
          PID:5370

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.youba.flashlight/databases/ua.db
          Filesize

          40KB

          MD5

          0adf12ae98c58cd3372aab47cee555cb

          SHA1

          8fa3c1280c77933aa9752ebebf386e973d9732d8

          SHA256

          7f1954dbad6f73ceca29af126f914c04fb50d5098354c741fd712d4bcaea2a48

          SHA512

          10f52e64fe94bfe551c850f2cad734d7bd35cfb89d7419dfc5f60016d19a19e16ac03b342b0632b8b71197926fa3fe888c8207a76648c14a0a421f51c84f9504

        • /data/data/com.youba.flashlight/databases/ua.db-journal
          Filesize

          524B

          MD5

          a1953574a92b9bf904ad3940b6d17507

          SHA1

          947fc3a5d59943e52058ebcf7583c2ad23c19b0e

          SHA256

          1ffbc578b64c6482aed2ad969c87f523ece12ed9431ffb93a54066fb5455ae63

          SHA512

          b4bd084674e4c80178880cf531d66205e4f709bd6c9859eb3570de369a26556a68081d8ca5a82515aeac8f63dcde7adaa25608680a7d88e33c72f0d8f1f9871e

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-shm
          Filesize

          8B

          MD5

          7dea362b3fac8e00956a4952a3d4f474

          SHA1

          05fe405753166f125559e7c9ac558654f107c7e9

          SHA256

          af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

          SHA512

          1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          Filesize

          12KB

          MD5

          b3dd5cf3bf7d71d37c3f7ef67db0370c

          SHA1

          8e9c8c8cac4cb5777d875614335750fc05daf52a

          SHA256

          a96401a7ed96375e53af9b8f583aa8f37d620ffa5441a908361ac054dc4a6b3b

          SHA512

          f2904fd5a17b984d21c22405ea1cef714ff93e1d39ba54e89fd764498e297fcf2b6a9ece01eb2f96a1c569e462d5165814af1310a43d5612648a6cc2452e0888

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          Filesize

          48KB

          MD5

          367bd4227b48d76aa72d10dbe6a43911

          SHA1

          5767b046b093b5040faef2e10602f488367d4ae8

          SHA256

          bc2e4501a03b5b269b2f91dd98c8bbd44c56de21a98faeb6e426f6eb30b5be22

          SHA512

          b2dcba8ffb4a43e0ddb7cd4bbd967a13dac3d21563f997f5d7783573e95bdc9aba1534de9363a323cb25f928d42a8b56dc22f4957750ca1d8bdaccfbccffa9ae

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          Filesize

          4KB

          MD5

          8b1ab6a377513333e9badeebc0452aec

          SHA1

          deea15098ecd12da42262b99a0a3ec36fc0ec75a

          SHA256

          e2ff268dab919856e018b21dc6a83cc15882956d25537f2a5e87272b16133193

          SHA512

          7349b6be03e2f28a3198c4c2be5ae981d974890a7f6c9644188eede2500f5eb3e877cbfa9363c6bae04016d429601b39f9f321880a1c91d79da0811f1761789f

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          Filesize

          4KB

          MD5

          c1d06ec9614f723bff0dab38cd0910bd

          SHA1

          16fce53ed6663a01ac682501504383fdaa3b00d7

          SHA256

          9383d7936771ad64c5681a7b9a93883644f360c8c1c976c6a5b6eaa77e5265c3

          SHA512

          c50e7830a5ea343b40ae85c76ed7f826d292b6bbb3369c466deaebb64acc73fb057a36941001eadbb9176625d8e084577179711ab6a5d8f6966b74ba9d4edf72

        • /data/data/com.youba.flashlight/databases/ua.db-wal
          Filesize

          8KB

          MD5

          1104f047165beb4e6805f86c34f4b218

          SHA1

          50405d801b66576e08a67b27118f9fd09c78d76d

          SHA256

          3243501261b7a2f319ba6a0872fd1a343424acd1bfe9ee857866eb4459b91e40

          SHA512

          d6fc976b3eaad9755d4770159b6cba0025e51ca3b507ee54e39cb5ed0056691228b1fa3acb2d8fbca9ee3c16ba97706f6366f87d581072e8ea56d0d75bdcd076

        • /data/user/0/com.youba.flashlight/app_p_a/p.l
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        • /data/user/0/com.youba.flashlight/files/.envelope/a==7.5.0&&1.0_1652713890002_envelope.log
          Filesize

          1KB

          MD5

          6b8ebca0f0b762f036fa3440594b4833

          SHA1

          2a3fd3c765ec7e54ecbc7f44299fde975963f028

          SHA256

          fd2bb446bb4181a136810df58f8b4c0c67d60398853c70f3e3ae3990a511beb2

          SHA512

          9d3f07168de4a6c3631fbcc268f22dad89e072c57bea4735cbdd89529ee98012e511bc8d7c6983f9ca48bf486f8365741917ea64e9680b3b052c1ceecccd3f49

        • /data/user/0/com.youba.flashlight/files/.envelope/i==1.2.0&&1.0_1652713908536_envelope.log
          Filesize

          3KB

          MD5

          4bcbb66306cfe00d196b1bbd9630cfeb

          SHA1

          14ec0c8f84c2fd1dafa2651bb9334219aa108d9b

          SHA256

          893a3fb3ac399373897aeee79db82a166dbd22276c444f8ea6eccb56ee9ba33e

          SHA512

          bd43a25b2d296b7185c878ad77912f5316b17a9c1e01c7f25b44c230947d4c2ea4026abbddd5915f247692e6fe2d7d80ff27ff02d79de369a8b65e07fb6e9315

        • /data/user/0/com.youba.flashlight/files/.imprint
          Filesize

          991B

          MD5

          4258179156fc87244cc5d7edb7b8f207

          SHA1

          58d151d81d8efa59dad3ec315565b0da15cb87eb

          SHA256

          8a92c924d04b9afa141d8edce8556ad6bd22a93a21e97ea8d1772e562ea44b1e

          SHA512

          2c6b9d8d9766500498b14e835fa20dba79426ca85aeed02ce319d729b1396b5378a2e0c2cb29755615f3d88c99489f6385772f48a0a51233fb7ed45cbe3c3e2a

        • /data/user/0/com.youba.flashlight/files/.umeng/exchangeIdentity.json
          Filesize

          162B

          MD5

          918f8d003ff3ed5a4927c96c8519e532

          SHA1

          6b722bb3d8435b825e2a4b2f22047b5443d9bde6

          SHA256

          01171e90c0ba79532396d78884168aec0b021a9ed19b7c4cf560756b9c287019

          SHA512

          11eb4c2c450bbf2861e2ec6de1f462520412eee0927212cbeb3ad7b2f5b0076dc762cfad431f0fdb0e35ee573c1e39b54c83ed8c1629f0f530c7a5e0723b5380

        • /data/user/0/com.youba.flashlight/files/exid.dat
          Filesize

          55B

          MD5

          a42e33690b57918fc0a979959d45b75c

          SHA1

          b65041c7890ffa25cecc5df64e5fb5819fe3e304

          SHA256

          3c5c8cee88a3c59d84de221ab5793bcfa974455549649bade7891efbc9f07f81

          SHA512

          f2aecc7f6410e3dbcd158a5809bea9b02d707bdd15a131b47e65297e95f04622dfb6f4cddb850e9bec3e18142c0dcbaa86d09e2558ecd4f14b4ef089702fa505

        • /data/user/0/com.youba.flashlight/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUyNzEzODg4NTI5
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        • /data/user/0/com.youba.flashlight/files/umeng_it.cache
          Filesize

          498B

          MD5

          c99c7f007e59b4dc8f5a28b63437805a

          SHA1

          c960cdae8443ab03bbe9a6f02564e1fe5678ffb8

          SHA256

          647904ca596533399044fc71975dcc4444a2a0cc981e7e085e512693ff82b781

          SHA512

          0ebc6128448565b82be3433b1c3ed4e2106b3e1e3f4861e0f08614ef6735c30a567165b6e50f435562153ec584518a2949caf2a30873b030ba31b10ba5ca178f

        • /storage/emulated/0/.DataStorage/ContextData.xml
          Filesize

          213B

          MD5

          e3382f5c6ed95d15d3fa6bbef8f2318d

          SHA1

          6fb70021070459acfbf14ef2e74e1d865f3f04b5

          SHA256

          4caa1956d619d290f64fd72fa3bc74fbd67e2f1a9917086db422e8233164c270

          SHA512

          270d77aa9eb91803456b039756a1d510ccc29262e45fe881f7ebf71df5d1f6a66ca6e4999840002b15d3db7516fb2b3de167894b2203a461a0f3dcade3b7560d

        • /storage/emulated/0/.DataStorage/ContextData.xml
          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.DataStorage/ContextData.xml
          Filesize

          111B

          MD5

          ecba98e829318d0b6f7130f206715992

          SHA1

          071f8d48fca967e2687ef1e38f600c7f41a93779

          SHA256

          3ef5da87af021b398e47c812302452528e10eaea4d2b430ec4ce9832a0b82826

          SHA512

          c97349405db481429445e0f62a18fca5b366f554b45b5aa3ab7097bb032fa86f71ac09d228795f45943e891514bfcf21f705ef02d987cc88f50201cfba778223

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
          Filesize

          167B

          MD5

          f3f02c0826e75ae1e9b971dfc9316adc

          SHA1

          32498402daca570d14c289e50987f2871888b5fe

          SHA256

          7bf87c052bf21649088389ac35f9a106c2d3f5c9c16e00055c24a94d335783a6

          SHA512

          5d00c939ee50cad24f16289f1debf2fe0ad29ef19ee9dded7acfc6bcd14e0d8f2128a0a0b62501f6b3b69d627c7ee7dcba3ced8a75230c996dda2f10f414a380

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
          Filesize

          65B

          MD5

          9781ca003f10f8d0c9c1945b63fdca7f

          SHA1

          4156cf5dc8d71dbab734d25e5e1598b37a5456f4

          SHA256

          3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

          SHA512

          25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
          Filesize

          111B

          MD5

          d852001cf294a86790faf30b261f7040

          SHA1

          2c9335b8e58c978ed5dd6fe54ff3b70fc658c35c

          SHA256

          74a96b0548a8e6c94fba9bd924f5c04ffa01c71afb584e9e40fb9f42c0794544

          SHA512

          c88027d5fd5e5fbf4d3ce63a1810fa68ed199df0bcf575690aa636f3b43d3a8ff2a010cd07cd2d4efe10427b03a10f96830f4567a64b2c2ed7d87b1a808c2e1e