agent_smith | 35388c45bd74e105a99bf7c25a15dfd874af229d2891690c9d065945fa972a09

Analysis

max time kernel
3825609s
max time network
163s
platform
android_x64
resource
android-x64-20220310-en
submitted
21-05-2022 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35388c45bd74e105a99bf7c25a15dfd874af229d2891690c9d065945fa972a09.apk
Size

5.2MB
MD5

ce3c27f2093bc7c87b267643bf530569
SHA1

858a0434136ded6ee2cdc84f689c6ae393bcde63
SHA256

35388c45bd74e105a99bf7c25a15dfd874af229d2891690c9d065945fa972a09
SHA512

63981c9ea9da102ff02eced243c32addcf50e06fbe9550835f081ab0e0585158f1376d600e62c8a41596a028a47c8dbf97fbce7f890f8ef451e5230c0716fedf

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.xigua.wang.freebook

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xigua.wang.freebook
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.xigua.wang.freebook

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.xigua.wang.freebook

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xigua.wang.freebook

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.xigua.wang.freebook

com.xigua.wang.freebook
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6182

ls /sys/class/thermal
2⤵
PID:6230

getprop ro.miui.ui.version.name
2⤵
PID:6288

ls /
2⤵
PID:6311

getprop ro.build.version.opporom
2⤵
PID:6328

getprop ro.build.version.emui
2⤵
PID:6349

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xigua.wang.freebook/databases/share.db
Filesize
160KB

MD5
e7ce3ade3ffa164115becefcd5238b21

SHA1
d9fd903a8b79cab59e71066365f998cb0209dcb3

SHA256
1fc81137aff75bec22cf6b1195ee61b6124cbda2cdfca6a518653dc8f4f97ae0

SHA512
c38e245aec76156ce7e177d9f2c86e9740dbad7f3d6b7c7c1887acb496192ee567a3bc0a72e626e598d464a1b77cc21014df31fa1f6e280727aace20d7cff864

Download Submit
/data/user/0/com.xigua.wang.freebook/databases/share.db-journal
Filesize
1KB

MD5
026b4725b0b069b5f860fccb122539fe

SHA1
3f87b759f9acef62c1038569915a1675294adb7c

SHA256
3782607dc342647f971528776b4f3938090d56f48c79a62420ab3a32e94b72ff

SHA512
56a72b449584b06e36951f11685c61e639445e10c85613ebab85bc4156e7a69ce99f0b2568cb1372c59d622a39d1d585f750b021f9881b8ee99d4454f2a9aa0e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/libcuid.so
Filesize
109B

MD5
4a9c8e7290b80c5cb4a91f8ca523a0c5

SHA1
f5fbc9f959ce61e83588ebc36e81c0951350a412

SHA256
a65107828c7b2cff1e937e464d5fa5091fcb74c0ce742b0d26a93fefbc82216b

SHA512
e715a38443a63f24a4075cc91b96d97b17bca99c28fc631b2718a7b485810f0680a7b4bdc70ab8336ff1f11453a63abeca8e88ef6d6f82fb6f03e528dd6f5173

Download Submit
/data/user/0/com.xigua.wang.freebook/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUzMDkyOTM0OTI0
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNjUzMDkyOTQ0Mjk2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNjUzMDkyOTQyMTEw
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/umeng_it.cache
Filesize
350B

MD5
e4f8d4bebc541e2895c43966af2e316f

SHA1
327c640cd329d26a8c78a7046c0d874945ce2ff8

SHA256
2c9cd759358c88074e33eb92857d79bae79d47bb428b131523daf8b14b1999c9

SHA512
10d60bdd1668e878730dc732b1121b97ab662644f5128f49a3543b4322defead0cef2f67ae51396f51f7b79bbad709149c9db6eba281452be7195711f5f3a0a3

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/LY_AD_KEY.xml
Filesize
166B

MD5
66a609f1ce6f7462e17fc9c6b1c0dd38

SHA1
55edeb93efd00cb0665dbfce06388f34479a0c5e

SHA256
79b3f80647fac613c40a06a9884f420490123ede0c8abb5c6915d546f6d2b113

SHA512
0c40409c399178d9afaceaa7e9b1c2fd2b2543ab11e23cdf319c7f93db73fd515b194dec8b703619c3f16cbe8466faf99f342624f11d25194ef972b95b7c1017

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/LY_AD_KEY.xml
Filesize
213B

MD5
5c0471d687928a30515086c4d3ba2f40

SHA1
12b0e76d3989c9ed1281ed288d3721712c3bf7f4

SHA256
a7b0ce2d36881e50cefad26d353792eb4f00645f57805dc7a73d0b53d5089d04

SHA512
2cdb113f768b7a6014a09c17a0c84d61b0a1bdf145a228ff23395b25f251644445db6d9bf2b6bea4ea7cfd87e93500e25681d5d6551a8e336bafc2138d2fb316

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/LY_AD_KEY.xml
Filesize
121B

MD5
b0bd252d728a979a4920e282f9469825

SHA1
7e7388a60aed0ba4ef3add0f324c7379757e38f8

SHA256
4691ef8575ebb584bd5f6854cd8e1336ce5a1f217081b10b8e37d7b9e0ba2191

SHA512
e296bc0437ef07e6a09bdc701303720f600d8517cef74ee742fb9f89c74b47acaa56bb243ca97182c8f109684233a66ee80de431e033e3877f88300da2b5d6bc

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/UM_PROBE_DATA.xml
Filesize
202B

MD5
f24a40fc45ac55eec82679546fa6d363

SHA1
0415bf04ad883f25eec111b47248bf879bf0493c

SHA256
4d4ebed11bb4287c221121ca8fd06dc3f4216fc08c34228f78402f6601ef8408

SHA512
d70e56b5f12c30a2fbc9aaa8347b86fcc52940464c25e26d0c232982b312c5749f84afb4973ac536643be4ff89ed2bc5ea511df8f3e1964fc2a46d939bea5eb3

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
352B

MD5
e32b6deafcc31a45cc22a5047a7a3c16

SHA1
caf893954e31cec2bf1d1ccf8bbb0e0dc85305c1

SHA256
fc67bdafd5508a6fa32cfe3a8a8ac653eee5dee6421a3ea857061d90c73275d1

SHA512
9ece6942ff9d099d4b8098a8f9e2524d9a2053236e0b14d23f5a1832480a7789b2ea5d825a3a40c65d3e901a4fcba41c9956dc060fc5e54824993fb83f85a5e1

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
126B

MD5
114478752d2870b897d8990d6d2ba095

SHA1
84b3592dfe23d5d709f40ad11e511d830dc910ce

SHA256
cebbf218d852803962735ea8077d0afc6bb041cc4a11d8d71542b57426b8e3cc

SHA512
106f516545cffcafee755cdc702cdad5cade8e48db76b3479135d35b20bc2e4b9be50b02355c77020df4070a2bbe44a3c59243305615514e53bb33243c0591e9

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
181B

MD5
09756b075e1c252c2a1e40ccfc3ea38b

SHA1
f8de71997e4cd5224cb9a390051d99c04d9783da

SHA256
3d072242a71772bb538d6b72fc3c63e49f43b235f17120c0feca6e0d20edec1d

SHA512
1d42bfc02e20ae32e815606ede85cdfaca3167a710dcdb0712190a85e248fedf8aea76887b20873239dbbc0d16f186c6398bad81b99a21ffcbe6f7114b6633f9

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
249B

MD5
f0c72b04d0954f37f6a0f30f907521a2

SHA1
0628f71cfa57de7886df1e0d5f8b36b1d689891a

SHA256
73276f7a0e704625b1cacae7c70d32aac8f23090623e3f1d330d05e0bafb68d2

SHA512
b5b18ca2dd383898a87d29ccb99c3744681a7ad8ef2a910f5dca3d059f258363462701d1dd2a20efff4d5ffbf62c851f1d3c613a47ac69e57cdf3fa6f7f0eaf8

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/com.aikesi.app.DEFAULT_PREF.xml
Filesize
135B

MD5
954c41b5154a8fae56a2aadcb192cd57

SHA1
f4facd3109cd7805371033f50bb280a813e47f6f

SHA256
2427da3e5528dd051f47b431baa51392d20a055527700d0d9fe6b5b324795f91

SHA512
220ffeac3054b925e86c010ac9a0719d41bc55f1784edbfd275d88711d8813012abeecfb304e28fe5f7402857cd6ccb7ab80a4200ba8e3592c00f9e0fd71dff2

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/info.xml
Filesize
453B

MD5
70ef522cf741fe0ad2f46b7cb16a2c6e

SHA1
a0625cba88e073a0dcec51bf452b5cec2e454519

SHA256
c3b32022eb207d35e995adf8ac71f2da4df2a54258e52b403ae1cf0f7deaed1c

SHA512
806ab5c2d80a0f7bab638178eebbe2698e579bf6d0f8e21ab1731fed43036e17bb7a33d6b1b5956f5962795360df2c4875a21868e30beb02b5beb6e2dbf3b8dc

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_common_config.xml
Filesize
110B

MD5
a2e87ed039f5323ce9ae2d180bc4026e

SHA1
01d24f1b72830193160e6b8f23c3b64dd05fe20b

SHA256
3b95c4fc9aaf363bb9f4f0f2bb2949f3a78d6a6f36d70f37bd22411b9d4defd9

SHA512
1633c05b73ae15517bdf0fbe1cb6ad63e918907aac7cb2302e3a729a8294096fb3287ad5788570e127d20720c8b7d00d0b44314551ac1676ac0c25a0a1acec8b

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_common_config.xml
Filesize
170B

MD5
3b3a55d11d02727589782b2c5b6fd3b3

SHA1
0ad086bb3167b66aaad612bb5e12002d6d570767

SHA256
4098663cb2df8fd9909d3769074b64b5967469c486607aa388b15d0f5f952449

SHA512
4098c2ce1e6c87e000eaa90697eed7b5c62943e27cbf0b40636c81fa5807ab4062e172255b3c8af903a4613025931a293f32d161c0bfa958320cdc4cfb14a7da

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_common_config.xml
Filesize
235B

MD5
f3081d91dcd0f16106e1c3bf64e3c3f5

SHA1
a2a6a1d4e3f1fe7919f90d387e416b721a116b96

SHA256
e743daf843c45c707376bea8bad5de6f050055aed68e50a56c117c59a120a929

SHA512
ff16aa8e4bc24edb60a9ad669123d5642c411b2037c9866147ed7ab7bf378451c6c3703e1f3478f3567d96c18354835ff5b94404289481546d0efd2aa2fb47ad

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
109B

MD5
4a9c8e7290b80c5cb4a91f8ca523a0c5

SHA1
f5fbc9f959ce61e83588ebc36e81c0951350a412

SHA256
a65107828c7b2cff1e937e464d5fa5091fcb74c0ce742b0d26a93fefbc82216b

SHA512
e715a38443a63f24a4075cc91b96d97b17bca99c28fc631b2718a7b485810f0680a7b4bdc70ab8336ff1f11453a63abeca8e88ef6d6f82fb6f03e528dd6f5173

Download Submit
/storage/emulated/0/backups/system/.confd
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
1KB

MD5
d230d2a18736a984af84ad217a878a66

SHA1
4bb3287f6b89641dd80b1e7edd0291a165a51f47

SHA256
a94bc6f79561559cdb78d9d6141f2dbc038a35bbe465e062020cf613230ee97f

SHA512
5fcabd20b549859ef47ab8a464b12f97b7a110cb9f23dccba05828499fefc29b6d2a6b66532ebe5f5f6b229f8fe1972d3bc2808c915c04a9332b6a8baa371382

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
25B

MD5
e4720da6a4d25d39ac53a6d13773b3e9

SHA1
d746f124b52e412d5476a4c865ea1b127c5240ef

SHA256
d45159d7877440338ecc44b28d6b47d750a982564c027f540fe5b809c5d31768

SHA512
5a904ae5870c272b9edbcb1fd6ea1ad2f89dea3cc6d897d7a42e40d890f64fc5a68eccc1369625f609c70654cb91f45be590301d7e326af0e0739d136a7a0a21

Download Submit
/storage/emulated/0/sihelottery/log/2022-05-21Crash.log
Filesize
2KB

MD5
53b6f8ee756ba57d12f03114467eb649

SHA1
4327e3f27158479145fd5ae646b6853e37f171da

SHA256
fafc0596d350f95acb874a6b47938922597319e88c74ad5f13fdb2339b933fbe

SHA512
6cf0d3ac79ad7a775d006ef498f4fd857166b2c7c86c28e875960f36f82b85c7f8bbf97d8e578a81e5de43f517486717975f8dc6ba79397f76cefba17ae90a26

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads