Analysis
-
max time kernel
3446528s -
max time network
144s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
16-05-2022 14:01
Static task
static1
Behavioral task
behavioral1
Sample
feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk
Resource
android-x64-arm64-20220310-en
General
-
Target
feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk
-
Size
973KB
-
MD5
d2107cc5cb0b0c4ea4a431bad4b69d4d
-
SHA1
75df3a748c30e7706fbc3871f098cf98347c83e6
-
SHA256
feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b
-
SHA512
c93e3d8e88f420a16c0b0bb689540dd3daffa1ac7a4bd044d55d9f241ab1a9fae6c96ee35b5b86ec7142375b0ee53426d422ea08ca25e2534191476f45842b93
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.youba.flashlightdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.youba.flashlight -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.youba.flashlightdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.youba.flashlight -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.youba.flashlightdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.youba.flashlight
Processes
-
com.youba.flashlight1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq2⤵
-
com.youba.flashlight:googleService1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.youba.flashlight/databases/ua.dbFilesize
40KB
MD50adf12ae98c58cd3372aab47cee555cb
SHA18fa3c1280c77933aa9752ebebf386e973d9732d8
SHA2567f1954dbad6f73ceca29af126f914c04fb50d5098354c741fd712d4bcaea2a48
SHA51210f52e64fe94bfe551c850f2cad734d7bd35cfb89d7419dfc5f60016d19a19e16ac03b342b0632b8b71197926fa3fe888c8207a76648c14a0a421f51c84f9504
-
/data/data/com.youba.flashlight/databases/ua.db-journalFilesize
524B
MD5a1953574a92b9bf904ad3940b6d17507
SHA1947fc3a5d59943e52058ebcf7583c2ad23c19b0e
SHA2561ffbc578b64c6482aed2ad969c87f523ece12ed9431ffb93a54066fb5455ae63
SHA512b4bd084674e4c80178880cf531d66205e4f709bd6c9859eb3570de369a26556a68081d8ca5a82515aeac8f63dcde7adaa25608680a7d88e33c72f0d8f1f9871e
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/data/com.youba.flashlight/databases/ua.db-walFilesize
12KB
MD5b3dd5cf3bf7d71d37c3f7ef67db0370c
SHA18e9c8c8cac4cb5777d875614335750fc05daf52a
SHA256a96401a7ed96375e53af9b8f583aa8f37d620ffa5441a908361ac054dc4a6b3b
SHA512f2904fd5a17b984d21c22405ea1cef714ff93e1d39ba54e89fd764498e297fcf2b6a9ece01eb2f96a1c569e462d5165814af1310a43d5612648a6cc2452e0888
-
/data/data/com.youba.flashlight/databases/ua.db-walMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/data/com.youba.flashlight/databases/ua.db-walMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/data/com.youba.flashlight/databases/ua.db-walFilesize
48KB
MD5367bd4227b48d76aa72d10dbe6a43911
SHA15767b046b093b5040faef2e10602f488367d4ae8
SHA256bc2e4501a03b5b269b2f91dd98c8bbd44c56de21a98faeb6e426f6eb30b5be22
SHA512b2dcba8ffb4a43e0ddb7cd4bbd967a13dac3d21563f997f5d7783573e95bdc9aba1534de9363a323cb25f928d42a8b56dc22f4957750ca1d8bdaccfbccffa9ae
-
/data/data/com.youba.flashlight/databases/ua.db-walMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/data/com.youba.flashlight/databases/ua.db-walFilesize
4KB
MD58b1ab6a377513333e9badeebc0452aec
SHA1deea15098ecd12da42262b99a0a3ec36fc0ec75a
SHA256e2ff268dab919856e018b21dc6a83cc15882956d25537f2a5e87272b16133193
SHA5127349b6be03e2f28a3198c4c2be5ae981d974890a7f6c9644188eede2500f5eb3e877cbfa9363c6bae04016d429601b39f9f321880a1c91d79da0811f1761789f
-
/data/data/com.youba.flashlight/databases/ua.db-walMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/data/com.youba.flashlight/databases/ua.db-walFilesize
4KB
MD5c1d06ec9614f723bff0dab38cd0910bd
SHA116fce53ed6663a01ac682501504383fdaa3b00d7
SHA2569383d7936771ad64c5681a7b9a93883644f360c8c1c976c6a5b6eaa77e5265c3
SHA512c50e7830a5ea343b40ae85c76ed7f826d292b6bbb3369c466deaebb64acc73fb057a36941001eadbb9176625d8e084577179711ab6a5d8f6966b74ba9d4edf72
-
/data/data/com.youba.flashlight/databases/ua.db-walFilesize
8KB
MD51104f047165beb4e6805f86c34f4b218
SHA150405d801b66576e08a67b27118f9fd09c78d76d
SHA2563243501261b7a2f319ba6a0872fd1a343424acd1bfe9ee857866eb4459b91e40
SHA512d6fc976b3eaad9755d4770159b6cba0025e51ca3b507ee54e39cb5ed0056691228b1fa3acb2d8fbca9ee3c16ba97706f6366f87d581072e8ea56d0d75bdcd076
-
/data/user/0/com.youba.flashlight/app_p_a/p.lMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.youba.flashlight/files/.envelope/a==7.5.0&&1.0_1652713890002_envelope.logFilesize
1KB
MD56b8ebca0f0b762f036fa3440594b4833
SHA12a3fd3c765ec7e54ecbc7f44299fde975963f028
SHA256fd2bb446bb4181a136810df58f8b4c0c67d60398853c70f3e3ae3990a511beb2
SHA5129d3f07168de4a6c3631fbcc268f22dad89e072c57bea4735cbdd89529ee98012e511bc8d7c6983f9ca48bf486f8365741917ea64e9680b3b052c1ceecccd3f49
-
/data/user/0/com.youba.flashlight/files/.envelope/i==1.2.0&&1.0_1652713908536_envelope.logFilesize
3KB
MD54bcbb66306cfe00d196b1bbd9630cfeb
SHA114ec0c8f84c2fd1dafa2651bb9334219aa108d9b
SHA256893a3fb3ac399373897aeee79db82a166dbd22276c444f8ea6eccb56ee9ba33e
SHA512bd43a25b2d296b7185c878ad77912f5316b17a9c1e01c7f25b44c230947d4c2ea4026abbddd5915f247692e6fe2d7d80ff27ff02d79de369a8b65e07fb6e9315
-
/data/user/0/com.youba.flashlight/files/.imprintFilesize
991B
MD54258179156fc87244cc5d7edb7b8f207
SHA158d151d81d8efa59dad3ec315565b0da15cb87eb
SHA2568a92c924d04b9afa141d8edce8556ad6bd22a93a21e97ea8d1772e562ea44b1e
SHA5122c6b9d8d9766500498b14e835fa20dba79426ca85aeed02ce319d729b1396b5378a2e0c2cb29755615f3d88c99489f6385772f48a0a51233fb7ed45cbe3c3e2a
-
/data/user/0/com.youba.flashlight/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5918f8d003ff3ed5a4927c96c8519e532
SHA16b722bb3d8435b825e2a4b2f22047b5443d9bde6
SHA25601171e90c0ba79532396d78884168aec0b021a9ed19b7c4cf560756b9c287019
SHA51211eb4c2c450bbf2861e2ec6de1f462520412eee0927212cbeb3ad7b2f5b0076dc762cfad431f0fdb0e35ee573c1e39b54c83ed8c1629f0f530c7a5e0723b5380
-
/data/user/0/com.youba.flashlight/files/exid.datFilesize
55B
MD5a42e33690b57918fc0a979959d45b75c
SHA1b65041c7890ffa25cecc5df64e5fb5819fe3e304
SHA2563c5c8cee88a3c59d84de221ab5793bcfa974455549649bade7891efbc9f07f81
SHA512f2aecc7f6410e3dbcd158a5809bea9b02d707bdd15a131b47e65297e95f04622dfb6f4cddb850e9bec3e18142c0dcbaa86d09e2558ecd4f14b4ef089702fa505
-
/data/user/0/com.youba.flashlight/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUyNzEzODg4NTI5MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.youba.flashlight/files/umeng_it.cacheFilesize
498B
MD5c99c7f007e59b4dc8f5a28b63437805a
SHA1c960cdae8443ab03bbe9a6f02564e1fe5678ffb8
SHA256647904ca596533399044fc71975dcc4444a2a0cc981e7e085e512693ff82b781
SHA5120ebc6128448565b82be3433b1c3ed4e2106b3e1e3f4861e0f08614ef6735c30a567165b6e50f435562153ec584518a2949caf2a30873b030ba31b10ba5ca178f
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5e3382f5c6ed95d15d3fa6bbef8f2318d
SHA16fb70021070459acfbf14ef2e74e1d865f3f04b5
SHA2564caa1956d619d290f64fd72fa3bc74fbd67e2f1a9917086db422e8233164c270
SHA512270d77aa9eb91803456b039756a1d510ccc29262e45fe881f7ebf71df5d1f6a66ca6e4999840002b15d3db7516fb2b3de167894b2203a461a0f3dcade3b7560d
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5ecba98e829318d0b6f7130f206715992
SHA1071f8d48fca967e2687ef1e38f600c7f41a93779
SHA2563ef5da87af021b398e47c812302452528e10eaea4d2b430ec4ce9832a0b82826
SHA512c97349405db481429445e0f62a18fca5b366f554b45b5aa3ab7097bb032fa86f71ac09d228795f45943e891514bfcf21f705ef02d987cc88f50201cfba778223
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5f3f02c0826e75ae1e9b971dfc9316adc
SHA132498402daca570d14c289e50987f2871888b5fe
SHA2567bf87c052bf21649088389ac35f9a106c2d3f5c9c16e00055c24a94d335783a6
SHA5125d00c939ee50cad24f16289f1debf2fe0ad29ef19ee9dded7acfc6bcd14e0d8f2128a0a0b62501f6b3b69d627c7ee7dcba3ced8a75230c996dda2f10f414a380
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5d852001cf294a86790faf30b261f7040
SHA12c9335b8e58c978ed5dd6fe54ff3b70fc658c35c
SHA25674a96b0548a8e6c94fba9bd924f5c04ffa01c71afb584e9e40fb9f42c0794544
SHA512c88027d5fd5e5fbf4d3ce63a1810fa68ed199df0bcf575690aa636f3b43d3a8ff2a010cd07cd2d4efe10427b03a10f96830f4567a64b2c2ed7d87b1a808c2e1e