agent_smith | 6c7ad16ddf81769322390bb88cf24079188ca85d999f58a61da4506dbd307a46

Analysis

max time kernel
3759495s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
20-05-2022 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c7ad16ddf81769322390bb88cf24079188ca85d999f58a61da4506dbd307a46.apk
Size

291KB
MD5

0deaa330e86fbe7421cc579cf454f53e
SHA1

fcc130f37edd4f1fe8c60b68672c6cb58243cddf
SHA256

6c7ad16ddf81769322390bb88cf24079188ca85d999f58a61da4506dbd307a46
SHA512

f105bda1ff0a2828b009cc5e74c4986cd0a199f8e586f3d1c1f9151e0c75a288c0074618f20931ad2868ad217e89b41bdbedea49db464400aab9c1fbf7515fac

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.ylisten.mtinyapple

ioc	pid	process
/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar	6739	com.ylisten.mtinyapple
/data/user/0/com.ylisten.mtinyapple/files/2c9e148bfd9e2068b312d438b8c583c3a828.jar	6739	com.ylisten.mtinyapple
/data/user/0/com.ylisten.mtinyapple/files/2c9e148bfd9e2068b312d438b8c583c3a828.jar	6739	com.ylisten.mtinyapple

Queries the unique device ID (IMEI, MEID, IMSI).
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.ylisten.mtinyapple

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.ylisten.mtinyapple
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.ylisten.mtinyapple

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.ylisten.mtinyapple

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ylisten.mtinyapple

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.ylisten.mtinyapple

com.ylisten.mtinyapple
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6739

com.ylisten.mtinyapple:remote
1⤵
PID:6804

.x
1⤵
PID:6881

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ylisten.mtinyapple/files/2c9e148bfd9e2068b312d438b8c583c3a828.jar
Filesize
269KB

MD5
40245ba6aed46dcc9c6adaa479f65ec0

SHA1
4b6ce9fe507d4fb74fa075fdefece580a59078e7

SHA256
cb6cbd5ad214913aa308d36afd4781f04f3fc3ad6a5c6b2f1d71802ab18d3f26

SHA512
9240e7b9379f9984d301f2fefb0b64acb4529ead9e3ec3e64028877808625642579b5cc1686d6396b5f6dd24add090d30b9ebe06df8b44dfb73098c56f88c95a

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/2c9e148bfd9e2068b312d438b8c583c3a828.jar
Filesize
4KB

MD5
5e29cac62d12d758c63adf60c8546a5a

SHA1
def85fddb4efd262add4c6692d46f761bdc94479

SHA256
12c396c61d8789bf2410e89d32f5a32b61ace0b78059e31bed67d13dd2674792

SHA512
b77c667cd05d5dcd5e49ab55e99b5b68b9c1b3e771d6db71b1c05786c4ad18faf57d749f459e51e76178e1c4fce73fc54f49716e2b4f4b2ad47dc4769a51f1cb

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/2c9e148bfd9e2068b312d438b8c583c3a828.jar
Filesize
4KB

MD5
5e29cac62d12d758c63adf60c8546a5a

SHA1
def85fddb4efd262add4c6692d46f761bdc94479

SHA256
12c396c61d8789bf2410e89d32f5a32b61ace0b78059e31bed67d13dd2674792

SHA512
b77c667cd05d5dcd5e49ab55e99b5b68b9c1b3e771d6db71b1c05786c4ad18faf57d749f459e51e76178e1c4fce73fc54f49716e2b4f4b2ad47dc4769a51f1cb

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/5ffb648eb35da74b649bbfc6bb605832.d
Filesize
160B

MD5
e59170e6faad07f7108d4d74f188574b

SHA1
0be74205908ba8906dc3d257536aafdc2205108f

SHA256
c4372cf78bf955543c41c17d406d828022a6ed29423be6f72c8ed319d852237f

SHA512
357eb3719054de047609e0d0a85974dc63199023dc2f0a26acb6f074053aafd655430f8fb5d5abc8617668028a0374fc72d12d854322716c40db7f129615bee6

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/77d47f5093362d2f71d292b1f2d2eddf.d
Filesize
144B

MD5
960b733efab5b18fe2b8597cbb68d748

SHA1
c207e759df708cf9bb82791b5cf40f5732d9aa44

SHA256
1a7525ccdd046f715a7b8bf339f79c6c2fd774ce4551dc1ae69cc743534aeb43

SHA512
b49f5eb5a7bdda74c5c3065490b90c4ad4517182f3b7e55a4d49182de096189b1ae6bc8855a6b268fcbccc92d052721f915d8542500a896faa72fe626bc78b2f

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/920cb93f18e7ad87564c0b4777dc5577.d
Filesize
32B

MD5
04f7b0f33f103e46b0bea58b6ffdc2a7

SHA1
f37ebb71c9ef138b012afe8209e3739a4e0373dd

SHA256
8c767dbf6ef309a6218b6f5173e544d8b6f82b220eed4d3d056656fb5ad14c73

SHA512
6307da09f54f560daf1bbfa0bbbfe1adf682fbaa0cb6d20019018052b9fde3738f098e591c27570c62066c3b0d3f58c3ecc9486a83dfcb563abb9ed95435b131

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/bll.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/bll.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar
Filesize
21KB

MD5
baa6c2e617cf078af55f93b8c6892864

SHA1
ebc5fd019a7e985d661c42e0c7e38501ca7c4046

SHA256
0e80f9711450da54f7e7650848370f5276319c1627fcc33e2388214e0318d75d

SHA512
aa22f1016c029fb3a06502d3eb90e8c3d061756add78a34fc9e69c3d8e6e3cbd3aa7f55544618f248980180e8077d486e868cc70a3a701ec9b3388a9cef9dcfc

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/com.ylisten.mtinyapple_ic.jar
Filesize
44KB

MD5
efb8c11a1074065497f8776b3b9ee783

SHA1
b62dc0e90c330be4ab7f05af3b8ded922de7acc0

SHA256
48e844d5d4eb116bb0aaef8e5da85f12958d53a58ecf95d737359b2699a24c82

SHA512
bfd6bab60d2c229a17ee9001025dc633d93b68f2247199dc2bf47cedc4da1d3b68914fc969c3b254033c838a53755eee83762901ee2168d291323b09b113dad9

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/oat/2c9e148bfd9e2068b312d438b8c583c3a828.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/oat/com.ylisten.mtinyapple_ic.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUzMDI2ODA2NDE3
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUzMDI2ODA3NjU2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ylisten.mtinyapple/files/umeng_it.cache
Filesize
350B

MD5
1867c8acb76c17821de8c27fbf12a9e0

SHA1
9f2c5ea970046bd1624ed6c24dc5317f58430e08

SHA256
ed75106cae7dd2110ca4d94b72e523fc4a9702bb01fa7db8c87aa1792d099c3d

SHA512
f99ffb4369b3073bd89257634690a05d4a7058d1db0fec7de912f84f2030b3c06103bd5a2ac3ddb8f768325dda957183bc6d2b0ed7e1374dff0f91e4a91cba18

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/PersistedMapTagLastSeenMap.xml
Filesize
123B

MD5
dfe7da953a02ad40d3ff30fbaf511f3a

SHA1
155f4ebb56e7cb359221d89d5d2cbbdc7fea18b8

SHA256
bcbe4eaf6dc49881631b3283cbc81bcf9bdd2d4d02baf7f07e2d228f8b52e913

SHA512
3e9ee6b5ae4aaf3b3cc68de9e4a4ff9102881de265d05b002c6738b03ea785caf90e590338031af233a10691a6639bcceeda6a16e62c89e8753480dbbb3f3c24

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/PersistedSetToDoSet.xml
Filesize
108B

MD5
cc19f0efaf01829518e05f5ebd4b1073

SHA1
31cb16a290bcd3a777a27eaad2a005f74bbf29d8

SHA256
51bc46c9d289974164ff10b230a33cb8791f013059ca1be2120e49acdd3c120c

SHA512
deade5cdfcfa6116d32da149c01cbc095cd3cd427da2ca64b64fc1d247b160ad9bcd1b4c89fe5f1e5d8cbe338bf1993891000002a0f02aab433321cd04d8d873

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/_umeng_common_config.xml
Filesize
119B

MD5
3d457f58fefd9d9a56a2b6fa97c01ece

SHA1
d4a649d81f001e127157c7f3ba5f7a5f45645228

SHA256
4e8dc7051d244746da9fb5ad6529e0679bae2f455b9960538ef540588badefb0

SHA512
b2e1d912a12c7ea69d8a6594cdee87af5cb842e1a2f0c93a3d002f90a52275bf266dabb8c5f405c5cafc1b87bfcaf6651a48d330a208c004c93b1bccf15c04d0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/_umeng_common_config.xml
Filesize
179B

MD5
6fb320bd0c34a47cbe6bcb63580861b8

SHA1
d18f5dc2c2d240354b3290446594cc3656b1f083

SHA256
69649e9b3ec6171cbf163ddad1c42bc72073374020b97caae54ed5a38821b4ce

SHA512
06d9b86a82525a7102b1a2bb0977013e993159e2255df4ec5524ad9a4550ae13f403d65c5f9ad87c8be083152df382ab6c82b6b3e96076b7545415b6462698f8

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/_umeng_common_config.xml
Filesize
244B

MD5
e77124936894253eb372be8058445e25

SHA1
de67dc1eeedc9a36914ecc2538914ec595a4338a

SHA256
02b082fbc588e8d7c3c39b3b6da4f51d559bcdd0c87399321f3bff76b589e208

SHA512
d2bf7e0681d0527778259838f9dfafc6c531310ff166aaac12f21621911d9fd99adb540f46518380964b08d8c3df4eff2b53be4dce98348c7005677fd35c5db2

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/config.xml
Filesize
145B

MD5
e8d9c1fcb556fc2c5b9e51b281c3bd3f

SHA1
dccfdb1996950daf92271a06ff6c58f13099dcb0

SHA256
2af2437ad6178008a8b247bb9fc6f3dd3d6ff8fe5df3a16c3a48e33175f7e92f

SHA512
7562fc7e737c47853b5c2b2710eaae1b27a9bfee8a9264271c6d53d5b247d968faf454a807b4a0dd645767fdaf8adcbddb31dec0aa97399fe3f0eb41d90feb6c

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/info.xml
Filesize
448B

MD5
497aa07d240318d946b0f6a454ce08c4

SHA1
9e4130bdd5c8b71a8b728159d360c5537ec83850

SHA256
f8502cc9f43de672f6a8d02fc0354153136c1d96c78ee45c7a2fad7bd117f110

SHA512
a3f3bcbb4a2da5338e5230e7e23b7d2d27499a528590bab146985ea76745d73a4dad695b813592b21003c5520c214665d2b519508484144bf098cc5ee182855a

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/remote_umeng_common_config.xml
Filesize
119B

MD5
3d457f58fefd9d9a56a2b6fa97c01ece

SHA1
d4a649d81f001e127157c7f3ba5f7a5f45645228

SHA256
4e8dc7051d244746da9fb5ad6529e0679bae2f455b9960538ef540588badefb0

SHA512
b2e1d912a12c7ea69d8a6594cdee87af5cb842e1a2f0c93a3d002f90a52275bf266dabb8c5f405c5cafc1b87bfcaf6651a48d330a208c004c93b1bccf15c04d0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/remote_umeng_common_config.xml
Filesize
179B

MD5
6fb320bd0c34a47cbe6bcb63580861b8

SHA1
d18f5dc2c2d240354b3290446594cc3656b1f083

SHA256
69649e9b3ec6171cbf163ddad1c42bc72073374020b97caae54ed5a38821b4ce

SHA512
06d9b86a82525a7102b1a2bb0977013e993159e2255df4ec5524ad9a4550ae13f403d65c5f9ad87c8be083152df382ab6c82b6b3e96076b7545415b6462698f8

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/remote_umeng_common_config.xml
Filesize
244B

MD5
e77124936894253eb372be8058445e25

SHA1
de67dc1eeedc9a36914ecc2538914ec595a4338a

SHA256
02b082fbc588e8d7c3c39b3b6da4f51d559bcdd0c87399321f3bff76b589e208

SHA512
d2bf7e0681d0527778259838f9dfafc6c531310ff166aaac12f21621911d9fd99adb540f46518380964b08d8c3df4eff2b53be4dce98348c7005677fd35c5db2

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/umeng_common_config.xml
Filesize
119B

MD5
3d457f58fefd9d9a56a2b6fa97c01ece

SHA1
d4a649d81f001e127157c7f3ba5f7a5f45645228

SHA256
4e8dc7051d244746da9fb5ad6529e0679bae2f455b9960538ef540588badefb0

SHA512
b2e1d912a12c7ea69d8a6594cdee87af5cb842e1a2f0c93a3d002f90a52275bf266dabb8c5f405c5cafc1b87bfcaf6651a48d330a208c004c93b1bccf15c04d0

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/umeng_common_config.xml
Filesize
179B

MD5
6fb320bd0c34a47cbe6bcb63580861b8

SHA1
d18f5dc2c2d240354b3290446594cc3656b1f083

SHA256
69649e9b3ec6171cbf163ddad1c42bc72073374020b97caae54ed5a38821b4ce

SHA512
06d9b86a82525a7102b1a2bb0977013e993159e2255df4ec5524ad9a4550ae13f403d65c5f9ad87c8be083152df382ab6c82b6b3e96076b7545415b6462698f8

Download Submit
/data/user/0/com.ylisten.mtinyapple/shared_prefs/umeng_common_config.xml
Filesize
244B

MD5
e77124936894253eb372be8058445e25

SHA1
de67dc1eeedc9a36914ecc2538914ec595a4338a

SHA256
02b082fbc588e8d7c3c39b3b6da4f51d559bcdd0c87399321f3bff76b589e208

SHA512
d2bf7e0681d0527778259838f9dfafc6c531310ff166aaac12f21621911d9fd99adb540f46518380964b08d8c3df4eff2b53be4dce98348c7005677fd35c5db2

Download Submit