agent_smith | feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b

Analysis

max time kernel
3446169s
max time network
156s
platform
android_x64
resource
android-x64-20220310-en
submitted
16-05-2022 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b.apk
Size

973KB
MD5

d2107cc5cb0b0c4ea4a431bad4b69d4d
SHA1

75df3a748c30e7706fbc3871f098cf98347c83e6
SHA256

feec0326f70fa8f97a42a1b5a8584423138d7dec830994be73608ada4bee5c8b
SHA512

c93e3d8e88f420a16c0b0bb689540dd3daffa1ac7a4bd044d55d9f241ab1a9fae6c96ee35b5b86ec7142375b0ee53426d422ea08ca25e2534191476f45842b93

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.youba.flashlight

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.youba.flashlight
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.youba.flashlight

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.youba.flashlight

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.youba.flashlight

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.youba.flashlight

com.youba.flashlight
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6270

com.youba.flashlight:googleService
1⤵
PID:6309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.youba.flashlight/databases/ua.db
Filesize
104KB

MD5
9fc80363998b006e0cd23b932a3767de

SHA1
a042774dc0a970af8bbaac5deb753aa9f5752c5c

SHA256
fe578355161482f7a262d6b0a963c8f2ff7b3c79e5ffff9d23785c87b19f2987

SHA512
0352940515006256c6729861e6e6adc1a639d0d88242daa1639de80d5a23ff1d54c140775b58adbe292b515914edc1e51d13661475c58cef2a92861c8161511b

Download Submit
/data/data/com.youba.flashlight/databases/ua.db-journal
Filesize
1KB

MD5
a2884f2a0e5c3dcc6f734118008d03e7

SHA1
161e2db731f24de0c73d40d34b8f40c15d631f2f

SHA256
83109b42b0399ffb39d267b63765f9d76cba6999b2572b17ba913e07811b3aff

SHA512
c5df7f386fa496c56983a1e5b8a1510e09cf20e536dfb526139f12a42ddd7999c72ece46b0f02ce41347c81482b40232bb11c139384461ae5c55c23847be31f1

Download Submit
/data/user/0/com.youba.flashlight/app_p_a/p.l
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youba.flashlight/files/.envelope/a==7.5.0&&1.0_1652713499124_envelope.log
Filesize
1KB

MD5
2bb6b934bf4c6fc1d304b4c3f818fb7d

SHA1
d0ca276fe8c818251e2f9f787385f2ca6aa288b1

SHA256
4b80c11ba8590a22e6b9309c83c5bdbf0597fabe750579d77614de2bdd0016ad

SHA512
fd437500dc240c103f64c889a85225717f4de572ef462890ae1cbb178106ba3290645ea2776dd611b3d9ec951d990f11aa6c846acc65db78e9661478b89512c8

Download Submit
/data/user/0/com.youba.flashlight/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
1cd4282fc9da082ac5f60b96f372c835

SHA1
7da8f16724c676b564e0e2e97fa676b731306957

SHA256
4eb14e5ab3b382bf1e2dd5039811d01de8fee9307029830b41d31468ef1b2bfe

SHA512
2251e2eca5775ff75d140f6ec61684ebcbc0af01c49bb60c193b260801970047941e0b967f2e1c65dc92030666a69feb01fe5533d2b4934864a5f5ccfb4da619

Download Submit
/data/user/0/com.youba.flashlight/files/exid.dat
Filesize
55B

MD5
a42e33690b57918fc0a979959d45b75c

SHA1
b65041c7890ffa25cecc5df64e5fb5819fe3e304

SHA256
3c5c8cee88a3c59d84de221ab5793bcfa974455549649bade7891efbc9f07f81

SHA512
f2aecc7f6410e3dbcd158a5809bea9b02d707bdd15a131b47e65297e95f04622dfb6f4cddb850e9bec3e18142c0dcbaa86d09e2558ecd4f14b4ef089702fa505

Download Submit
/data/user/0/com.youba.flashlight/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUyNzEzNDk1NTE5
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youba.flashlight/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUyNzEzNDk1ODg0
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.youba.flashlight/files/umeng_it.cache
Filesize
433B

MD5
9f7774ef83791435ab56acd7d1a1978c

SHA1
3dc5446ea1b271db6242a4ae45f7cfd62d0c4f7c

SHA256
af6c4bbb1ae0a8f26168aa167bf321e64260e03fd51416f226c931033f2a2ace

SHA512
7e059e50f7da43cd9003b05d5320708fb7904d4e17879164b6692e3a12e80b46b440963e367cd39519a5493b6a526c24c182dbb718f85a283b3127411a0f6df4

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
5a4663c3d43634403bcbef9d5278f0ac

SHA1
21f1b4ded4653784460a2d974f6acbb26902eb0a

SHA256
1ed23d24bb233063a9dff648437024df79edadd61b6c9d0ac1489aaa9b96ff85

SHA512
0dbcb0649cb5f6f19b2b598681be0688b25649328fb48dce833e1bc0f18b01f3f30fa6015633bf210d26698470ad641a903ccbe1abca01ba46334d3b37b82599

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
8bcbe931be4c868f4600a0252dd521f5

SHA1
3f0065d67bc647703989c558378238c458a8b37f

SHA256
2652d3e7495f10964c37f96e3b29de701e4d6a5e2fa1a37cddf87a104502a46b

SHA512
cb31fca83351552dbd1e6b1f29f3766b7a188d2ba47f62dad6ddd7b1ae85f2b685ec558d2dbc958ec69b4286c530dba94658c8c6e5b93d733f76f5856454067b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
18731f14d2f30ad9dd9c35cccb4797ad

SHA1
c9761da64c13e026471fd5f0caf3ab1d1f95b606

SHA256
4ac6345a588efc06cd276ccb79cd784ce96495fbedb253fbf93cd1f0098cdf63

SHA512
914ea75b6f35464075a98e66b69f4dd5cd64499b5bd7d066781bb3343a7020db97eb75de2fa484394a382f17db9611d5238e4a24e3b6639d82cd43ddf6aa1b51

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
cafdcae102317539e9e4de6d69f581ac

SHA1
5fd0b02188e2e3b9f60f407e4e1d4ece40397a7d

SHA256
6b6048a56b58d80d62a5bbf927d8c6e2f5b3a584487da4f0924916a8a25d6786

SHA512
c1a656a6c7b569f44a478e9659ebf73f3fbda736d764f954b71e1f691f992b9399f2606c9355d977295ec8d05a1a60dc13c3f14319cd442e328891ba4f2f51b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads