agent_smith | 6c7ad16ddf81769322390bb88cf24079188ca85d999f58a61da4506dbd307a46

Analysis

max time kernel
3759471s
max time network
158s
platform
android_x64
resource
android-x64-20220310-en
submitted
20-05-2022 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c7ad16ddf81769322390bb88cf24079188ca85d999f58a61da4506dbd307a46.apk
Size

291KB
MD5

0deaa330e86fbe7421cc579cf454f53e
SHA1

fcc130f37edd4f1fe8c60b68672c6cb58243cddf
SHA256

6c7ad16ddf81769322390bb88cf24079188ca85d999f58a61da4506dbd307a46
SHA512

f105bda1ff0a2828b009cc5e74c4986cd0a199f8e586f3d1c1f9151e0c75a288c0074618f20931ad2868ad217e89b41bdbedea49db464400aab9c1fbf7515fac

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.ylisten.mtinyapple

ioc pid process

/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar 6181 com.ylisten.mtinyapple
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.ylisten.mtinyapple

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.ylisten.mtinyapple
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.ylisten.mtinyapple

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.ylisten.mtinyapple

ioc	pid	process
/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar	6181	com.ylisten.mtinyapple

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ylisten.mtinyapple

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.ylisten.mtinyapple

com.ylisten.mtinyapple
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6181

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:6331

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:6369

com.ylisten.mtinyapple:remote
1⤵
PID:6231

.x
1⤵
PID:6297

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ylisten.mtinyapple/databases/ua.db
Filesize
112KB

MD5
8fbbf4ca47bc63ab679812669eeb19ed

SHA1
fccd80594f7970ea708c22926c0b91522cdae44e

SHA256
203bb0bf07f4a8c228f32880d5791e2ecc36eec8a4e7804e57ed9f63a441e584

SHA512
9f2657dbc9dd7601126591e3c8bbf9b80a6f6bf07689db1110f06b416e8cb9100816e374ba82dc3d80269c34d48d1850e8f5dd30cf0f547d3dab1509a5ca1c24

Download Submit
/data/user/0/com.ylisten.mtinyapple/databases/ua.db-journal
Filesize
1KB

MD5
39c725f26118383a530f32e7009f1306

SHA1
bbaae48d8975030be674f1299b16185b01d4edc9

SHA256
10925ada74c1f35926c7953d17f233235aa3eb3cc18d00366957734a19e2c1c2

SHA512
1f670fe225048977c356829838503ab8f342f3fd25d988b24346bb2ecbae759cbd4969bda53de73ab5e23f9408ee27b8a3421a4c25b0e54f985824ea0975bf54

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/.envelope/i==1.2.0&&1.0_1653026779646_envelope.log
Filesize
2KB

MD5
ad195a2b409f81acbd4c439f3e66ac69

SHA1
47939f72a2c5e01ad0105331f3388f1c66131d3b

SHA256
f9b68b483f6eb1ca934bcd89a002ee41d321112b8bb208540a858b7cf5d047d7

SHA512
256a0cee04049f5da33ce5e3b8794849655bf8cbcb0e427c2a36ded08bd400937b4d78bef651b6814dd623880819c9103fd0ec06dfa925424a374f21953d63ab

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/.envelope/t==8.1.6&&1.0_1653026781118_envelope.log
Filesize
1KB

MD5
08a0c0d0029c6e416070f3c065e80ffc

SHA1
0c1068a5defe96ba5d01b893b2c9514080478c4d

SHA256
e75abbb45ca0d4b761cedc98d179aebfa431426e16f274ad6f6fd1826934a64c

SHA512
3734215b37971c053280dc106e43a3787534b056518190fd2c18d2d940fd24482d5593c16091d174164014f35ffc54e3062f06564f4cdd71882b1cb9e87024e6

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
7e8f07b91d0697ec987f67dd35156680

SHA1
0efda446b3772a20fcc7a929cf77663d95686650

SHA256
ddb2e3b90ecc61922cba76bdc4e6799b3a39849b729dd929e4fdf95f16e34fde

SHA512
2dbe84b37536a53943a62e37d7c1480037bc65e05240f48571c077c1a434e8bec5ca2f402201bd4dfb31e46da42bdbe986d4dd6779e2a4163fc3f97346a9a188

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/951629046349d6ba8970999079b1a168.d
Filesize
32B

MD5
15f7b39e29cbb5a4aba84c91be9d5e68

SHA1
d4d874e03418efda712e83f25bd3b54538d50ff7

SHA256
314224aaf6d73507326529133a02a41a0eb877ecfe523f219525512b37a65020

SHA512
6b071a3cbe4b600a7f50d6a9f84d7579e16ac75b03d5ebabe3ea8a02bcd63b5147c148bb7597486e7fb4a8a66839872dc61595c1a0156b766aa509ad88a79fd7

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar
Filesize
21KB

MD5
baa6c2e617cf078af55f93b8c6892864

SHA1
ebc5fd019a7e985d661c42e0c7e38501ca7c4046

SHA256
0e80f9711450da54f7e7650848370f5276319c1627fcc33e2388214e0318d75d

SHA512
aa22f1016c029fb3a06502d3eb90e8c3d061756add78a34fc9e69c3d8e6e3cbd3aa7f55544618f248980180e8077d486e868cc70a3a701ec9b3388a9cef9dcfc

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar
Filesize
44KB

MD5
efb8c11a1074065497f8776b3b9ee783

SHA1
b62dc0e90c330be4ab7f05af3b8ded922de7acc0

SHA256
48e844d5d4eb116bb0aaef8e5da85f12958d53a58ecf95d737359b2699a24c82

SHA512
bfd6bab60d2c229a17ee9001025dc633d93b68f2247199dc2bf47cedc4da1d3b68914fc969c3b254033c838a53755eee83762901ee2168d291323b09b113dad9

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/exid.dat
Filesize
62B

MD5
3403f94c1f8e98dd0bbc39fb46000606

SHA1
136e352758afe1a5833ab062d1c56e659c3c3911

SHA256
92f00f4726c73e62aca36a8b82aa5c37e57999ffd7f5afa80d5e748d168b29d8

SHA512
471a0ce2932a47392e0666057db2ce747dbc81b7d3717a72b76dc87ee16d1e788d0dd1af50e6fa1c290eb7b1922a1738853c24076fbba28a09a878166c417b15

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/oat/com.ylisten.mtinyapple_ic.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUzMDI2Nzc4Mjg3
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUzMDI2Nzc5MDQ2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/umeng_it.cache
Filesize
350B

MD5
efe4cc0ea9d47a96c5332bae720c3358

SHA1
175147c3b072252e4f552e4828aa74b32bffbdb7

SHA256
a31457f1a23bf85253b0ff0ca065de706db8d45c0c0b111e69ecb4420263095e

SHA512
c2f8460d223c33e77e3311310ce4d0718ee84a89e0d68d1b4b2a6a6d3b0b3c5f3b20c251d760d85d55bf3bb37f5ec6d80795dda03b59de67d5daffb266eedef0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/PersistedMapTagLastSeenMap.xml
Filesize
123B

MD5
ca35a67be6c7e0431ba9e6dc42007b44

SHA1
ebbcf6ce9409a7ee5f183e51d4cd2d5e8f2cb52d

SHA256
a9d2801142c6547ee24ee7736e16be2235a5bc4022356d94c8b7f62d7b43c7bf

SHA512
4c14e432e13c467e18d11bc2a7d877c1eda232328251c36ca894d46f6572c6078d881c400f1b5017b76c5200ee61fe5860b51afb03f88734d94838a4dcbbf4cb

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/PersistedSetToDoSet.xml
Filesize
108B

MD5
cc19f0efaf01829518e05f5ebd4b1073

SHA1
31cb16a290bcd3a777a27eaad2a005f74bbf29d8

SHA256
51bc46c9d289974164ff10b230a33cb8791f013059ca1be2120e49acdd3c120c

SHA512
deade5cdfcfa6116d32da149c01cbc095cd3cd427da2ca64b64fc1d247b160ad9bcd1b4c89fe5f1e5d8cbe338bf1993891000002a0f02aab433321cd04d8d873

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/_umeng_common_config.xml
Filesize
119B

MD5
3d457f58fefd9d9a56a2b6fa97c01ece

SHA1
d4a649d81f001e127157c7f3ba5f7a5f45645228

SHA256
4e8dc7051d244746da9fb5ad6529e0679bae2f455b9960538ef540588badefb0

SHA512
b2e1d912a12c7ea69d8a6594cdee87af5cb842e1a2f0c93a3d002f90a52275bf266dabb8c5f405c5cafc1b87bfcaf6651a48d330a208c004c93b1bccf15c04d0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/_umeng_common_config.xml
Filesize
179B

MD5
6fb320bd0c34a47cbe6bcb63580861b8

SHA1
d18f5dc2c2d240354b3290446594cc3656b1f083

SHA256
69649e9b3ec6171cbf163ddad1c42bc72073374020b97caae54ed5a38821b4ce

SHA512
06d9b86a82525a7102b1a2bb0977013e993159e2255df4ec5524ad9a4550ae13f403d65c5f9ad87c8be083152df382ab6c82b6b3e96076b7545415b6462698f8

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/_umeng_common_config.xml
Filesize
244B

MD5
e77124936894253eb372be8058445e25

SHA1
de67dc1eeedc9a36914ecc2538914ec595a4338a

SHA256
02b082fbc588e8d7c3c39b3b6da4f51d559bcdd0c87399321f3bff76b589e208

SHA512
d2bf7e0681d0527778259838f9dfafc6c531310ff166aaac12f21621911d9fd99adb540f46518380964b08d8c3df4eff2b53be4dce98348c7005677fd35c5db2

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/info.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/info.xml
Filesize
449B

MD5
4349e9966536e36f311aeda4d771ee28

SHA1
483691edd7c5d0412adee809c3dd8bc166822661

SHA256
a93c88a3ccf5baefe11210fcb8247365e788f507b5bb69499a1784e0ecd59ddc

SHA512
c1f9377ea5431c5662573cd75e04eee1d7f9c61da251945818edbac1534f16075e8ab6caf8e661fa48404ded5521451576b399cb0872d94ddbad741c3e308f7b

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/remote_umeng_common_config.xml
Filesize
119B

MD5
3d457f58fefd9d9a56a2b6fa97c01ece

SHA1
d4a649d81f001e127157c7f3ba5f7a5f45645228

SHA256
4e8dc7051d244746da9fb5ad6529e0679bae2f455b9960538ef540588badefb0

SHA512
b2e1d912a12c7ea69d8a6594cdee87af5cb842e1a2f0c93a3d002f90a52275bf266dabb8c5f405c5cafc1b87bfcaf6651a48d330a208c004c93b1bccf15c04d0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/remote_umeng_common_config.xml
Filesize
179B

MD5
6fb320bd0c34a47cbe6bcb63580861b8

SHA1
d18f5dc2c2d240354b3290446594cc3656b1f083

SHA256
69649e9b3ec6171cbf163ddad1c42bc72073374020b97caae54ed5a38821b4ce

SHA512
06d9b86a82525a7102b1a2bb0977013e993159e2255df4ec5524ad9a4550ae13f403d65c5f9ad87c8be083152df382ab6c82b6b3e96076b7545415b6462698f8

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/remote_umeng_common_config.xml
Filesize
244B

MD5
e77124936894253eb372be8058445e25

SHA1
de67dc1eeedc9a36914ecc2538914ec595a4338a

SHA256
02b082fbc588e8d7c3c39b3b6da4f51d559bcdd0c87399321f3bff76b589e208

SHA512
d2bf7e0681d0527778259838f9dfafc6c531310ff166aaac12f21621911d9fd99adb540f46518380964b08d8c3df4eff2b53be4dce98348c7005677fd35c5db2

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/umeng_common_config.xml
Filesize
119B

MD5
3d457f58fefd9d9a56a2b6fa97c01ece

SHA1
d4a649d81f001e127157c7f3ba5f7a5f45645228

SHA256
4e8dc7051d244746da9fb5ad6529e0679bae2f455b9960538ef540588badefb0

SHA512
b2e1d912a12c7ea69d8a6594cdee87af5cb842e1a2f0c93a3d002f90a52275bf266dabb8c5f405c5cafc1b87bfcaf6651a48d330a208c004c93b1bccf15c04d0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/umeng_common_config.xml
Filesize
179B

MD5
6fb320bd0c34a47cbe6bcb63580861b8

SHA1
d18f5dc2c2d240354b3290446594cc3656b1f083

SHA256
69649e9b3ec6171cbf163ddad1c42bc72073374020b97caae54ed5a38821b4ce

SHA512
06d9b86a82525a7102b1a2bb0977013e993159e2255df4ec5524ad9a4550ae13f403d65c5f9ad87c8be083152df382ab6c82b6b3e96076b7545415b6462698f8

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/umeng_common_config.xml
Filesize
244B

MD5
e77124936894253eb372be8058445e25

SHA1
de67dc1eeedc9a36914ecc2538914ec595a4338a

SHA256
02b082fbc588e8d7c3c39b3b6da4f51d559bcdd0c87399321f3bff76b589e208

SHA512
d2bf7e0681d0527778259838f9dfafc6c531310ff166aaac12f21621911d9fd99adb540f46518380964b08d8c3df4eff2b53be4dce98348c7005677fd35c5db2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads