General

  • Target

    fa9cdb00f578204226a9396f0169d53fc38112ae68502d3ef44770153d971596

  • Size

    2MB

  • Sample

    220520-wd77daeahm

  • MD5

    b6bb1472e043f0bbc772b348212bf7f6

  • SHA1

    47ea4a3582ad9740183ad2141e23ae2d89ba066f

  • SHA256

    fa9cdb00f578204226a9396f0169d53fc38112ae68502d3ef44770153d971596

  • SHA512

    138f2a6c936ae96ebb3d11365b485a976be1921bd044f88ab3967bc4845bea9fe9db6cac2987570d542d0e268a47616eab5f22be43293a7271b6da0543ebb342

Malware Config

Targets

    • Target

      fa9cdb00f578204226a9396f0169d53fc38112ae68502d3ef44770153d971596

    • Size

      2MB

    • MD5

      b6bb1472e043f0bbc772b348212bf7f6

    • SHA1

      47ea4a3582ad9740183ad2141e23ae2d89ba066f

    • SHA256

      fa9cdb00f578204226a9396f0169d53fc38112ae68502d3ef44770153d971596

    • SHA512

      138f2a6c936ae96ebb3d11365b485a976be1921bd044f88ab3967bc4845bea9fe9db6cac2987570d542d0e268a47616eab5f22be43293a7271b6da0543ebb342

    • Agent smith

      Agent smith is a modular adware that installs malicious ADs into legitimate applications.

    • Reads information about phone network operator.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation