agent_smith | 35388c45bd74e105a99bf7c25a15dfd874af229d2891690c9d065945fa972a09

Analysis

max time kernel
3825650s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
21-05-2022 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35388c45bd74e105a99bf7c25a15dfd874af229d2891690c9d065945fa972a09.apk
Size

5.2MB
MD5

ce3c27f2093bc7c87b267643bf530569
SHA1

858a0434136ded6ee2cdc84f689c6ae393bcde63
SHA256

35388c45bd74e105a99bf7c25a15dfd874af229d2891690c9d065945fa972a09
SHA512

63981c9ea9da102ff02eced243c32addcf50e06fbe9550835f081ab0e0585158f1376d600e62c8a41596a028a47c8dbf97fbce7f890f8ef451e5230c0716fedf

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.xigua.wang.freebook

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xigua.wang.freebook
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.xigua.wang.freebook

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.xigua.wang.freebook

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xigua.wang.freebook

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.xigua.wang.freebook

com.xigua.wang.freebook
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6943

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xigua.wang.freebook/databases/share.db
Filesize
160KB

MD5
17bc82d166d88a5079bc77d1bc22c001

SHA1
d27481092a2a31c5675f65609af7d8c5f10fa55d

SHA256
32f7067ae445bf6690e4042f7aead34e942010c6c96b3a194973a8b7a0118b53

SHA512
68df16934bcde17239fc19e0686730cedfe42a96f6eb0d3797d6745dbb3edc082e1f937859e066b42ae973cc73f3761308b68f7a1b54c121be2e2e9a6ae0c314

Download Submit
/data/user/0/com.xigua.wang.freebook/databases/share.db-journal
Filesize
1KB

MD5
357cc8e04e8b62c4d066de0aa89ec588

SHA1
b32b794b139286783162039a52baf700a3bafab7

SHA256
17ea4d8c559cf688123b17bc86bb7f5811015207c71b701187f755cba665ff2e

SHA512
281770813dfb281123268f2818ae3ac2148264e79feee4fa9348e29415dcf0c114aba5fffdca05bc7c46b07c0ba3d8b15b0318e7ae80e3eca665ba735f3932b7

Download Submit
/data/user/0/com.xigua.wang.freebook/files/libcuid.so
Filesize
109B

MD5
405c76ce8ed0a9105c8f62b588fb9809

SHA1
6ee962553788dc6368ea1a565004b0f3e4ad1f9d

SHA256
892994285f8bfcd366f7466165ce06c74b4fc633ffa7ae8194729a35762dd62b

SHA512
81eba8ab9fd3fb06786a47f8a04d578816f52d4675a57a63160c865cae0799d0f125a0d5850cbe15f53d06407469ec11e1eec135cf40bd6035d3bb63b7a597f3

Download Submit
/data/user/0/com.xigua.wang.freebook/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjUzMDkyOTQ3MjE2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNjUzMDkyOTQ3MjUw
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/stateless/dW1weF9zaGFyZQ== /dW1weF9zaGFyZV8xNjUzMDkyOTQ4NTE1
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.xigua.wang.freebook/files/umeng_it.cache
Filesize
350B

MD5
3a471f7a70e73ebdebe8c9f062cbf16c

SHA1
877e17b51cb1dbcaa71d2926e3a6dc3ae77c5d0c

SHA256
e6f0f98b28008f69b909bc63946569c6065485c97da8c1057e14e36443c4a91c

SHA512
7f0230d98e42136719a86d22e1deb3e64ccd64348b0fb84bbba603562a291ac6baf95cdc4999273018f8a4601ef8b1145cefa6818fc150673674bea82c3c4023

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/LY_AD_KEY.xml
Filesize
166B

MD5
89ed6a18117a5123ff40af588d8deb7e

SHA1
df882fdcffff96af0b539ca4258a91e4f27c1344

SHA256
40bd6b1b86219a303a1ceb5eca06b17f6b141d64fbc16140a9bf917b42db4d1c

SHA512
80b0de438dd845426ec6ea78d3406af6b57f23bcdbb455b499f0f95c0a1196b98b0406c6e5fe3522d16421ea59270a814a133b0dbe4b0cc06941885a4e24e39b

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/LY_AD_KEY.xml
Filesize
213B

MD5
2751878f922bbe0c7db3834101e1787e

SHA1
62bd244d3fc27e0873c245a3bc5e86d39f42c284

SHA256
cb63c06fff6ab1539c3e76e41b282b94ac415b6e14eb866da044eca2bff84782

SHA512
9963b47a796b7be52d026e9d3677bb59fd644f61783f9b56bfba9cf7427c30b391a2943f86d26ac60bd2d6a055cdd29af04cd5072cc937ff0bc16a2e640d4bb6

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/LY_AD_KEY.xml
Filesize
121B

MD5
e10d65c33b30f1cc9468f47c17690ee4

SHA1
682a118ff7dcd51fc5c9f94a88e3b73e36928ecc

SHA256
1e4f9e0c6860bd8d116d7ed829fc7dd9e383c1dec86c26571f261742673ed4e3

SHA512
66592af22f8b6d37734792db5a4ad36db3147e4695c592b0cf220d5e859de5214f6bceef022bab8e4fbb62ade85f760269adf69bc1630fad67b7402e5fa1824b

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
352B

MD5
757ffdb021ae7bd94ae9aad7d9d399ff

SHA1
352eaae73b82f34bb7b42f52344db1b2cfba55b9

SHA256
7b115a007345d48b3c3e818fd9e8ce1adc518bd23258357f5a8777d5bd81e44c

SHA512
474131e3e441187f6201d106336b4659a41adf2ad14ec41cde0cc720063d54e360f033fc4f08830f6a66b06c8f990def825ef38f5f9a52981cc854d8c23b1b01

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
126B

MD5
114478752d2870b897d8990d6d2ba095

SHA1
84b3592dfe23d5d709f40ad11e511d830dc910ce

SHA256
cebbf218d852803962735ea8077d0afc6bb041cc4a11d8d71542b57426b8e3cc

SHA512
106f516545cffcafee755cdc702cdad5cade8e48db76b3479135d35b20bc2e4b9be50b02355c77020df4070a2bbe44a3c59243305615514e53bb33243c0591e9

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
181B

MD5
09756b075e1c252c2a1e40ccfc3ea38b

SHA1
f8de71997e4cd5224cb9a390051d99c04d9783da

SHA256
3d072242a71772bb538d6b72fc3c63e49f43b235f17120c0feca6e0d20edec1d

SHA512
1d42bfc02e20ae32e815606ede85cdfaca3167a710dcdb0712190a85e248fedf8aea76887b20873239dbbc0d16f186c6398bad81b99a21ffcbe6f7114b6633f9

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
Filesize
249B

MD5
771fd180c1f77840aac0d3d1b42e83c8

SHA1
a758efc48b15d869c0371342c064f19fc8c60fc0

SHA256
4cb7d428d3ff200511607680087efa1a417391446c3cf45223aa1b81dfefbcc0

SHA512
56d603c4e357b3338e390ec8d984bf2aa537ed3bdbb06d8ede0ae1d334df29121a82a1467e3d15c8d1bac9de401b826e5bffb7117e33989362223291c1bfc44d

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/com.aikesi.app.DEFAULT_PREF.xml
Filesize
135B

MD5
abaa36f18ce0a76153c01d6cc01fa436

SHA1
f599fd1236c957a48e9861508bc3f3cd56ee0739

SHA256
e7038f9e8286d77caaefa1170f411e88e3e1384c374eee4a7f5d972c556dfbcb

SHA512
6319f42480df6ca0ca98d67d8a63a51ef9ef594815a1c98e47cbfa1baddc0f57a396348fd550bcc243419b6c432b0a67c6578a3590d9d949ea7aa42297ff1d7a

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/info.xml
Filesize
453B

MD5
8b9481531974fdcaf722495d1b2b4ff6

SHA1
965977c511296d28d8e0b72de251f2be8d007443

SHA256
02c048fd5466fb041521f43515ea216e96dd335f538fa6e2d25d958d28e32450

SHA512
d68217d29dd1d592a4426bab52e8cc24644f1c42b447f979a24c8e864cc388e377e7ac3de72e031f7f90ae27fd7d15455c0fde47a3b3afb446e5fd76adc8163d

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_common_config.xml
Filesize
110B

MD5
a2e87ed039f5323ce9ae2d180bc4026e

SHA1
01d24f1b72830193160e6b8f23c3b64dd05fe20b

SHA256
3b95c4fc9aaf363bb9f4f0f2bb2949f3a78d6a6f36d70f37bd22411b9d4defd9

SHA512
1633c05b73ae15517bdf0fbe1cb6ad63e918907aac7cb2302e3a729a8294096fb3287ad5788570e127d20720c8b7d00d0b44314551ac1676ac0c25a0a1acec8b

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_common_config.xml
Filesize
170B

MD5
3b3a55d11d02727589782b2c5b6fd3b3

SHA1
0ad086bb3167b66aaad612bb5e12002d6d570767

SHA256
4098663cb2df8fd9909d3769074b64b5967469c486607aa388b15d0f5f952449

SHA512
4098c2ce1e6c87e000eaa90697eed7b5c62943e27cbf0b40636c81fa5807ab4062e172255b3c8af903a4613025931a293f32d161c0bfa958320cdc4cfb14a7da

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_common_config.xml
Filesize
235B

MD5
f3081d91dcd0f16106e1c3bf64e3c3f5

SHA1
a2a6a1d4e3f1fe7919f90d387e416b721a116b96

SHA256
e743daf843c45c707376bea8bad5de6f050055aed68e50a56c117c59a120a929

SHA512
ff16aa8e4bc24edb60a9ad669123d5642c411b2037c9866147ed7ab7bf378451c6c3703e1f3478f3567d96c18354835ff5b94404289481546d0efd2aa2fb47ad

Download Submit
/data/user/0/com.xigua.wang.freebook/shared_prefs/umeng_socialize.xml
Filesize
125B

MD5
c1c27eee9c4e77d30a7187846f46daa1

SHA1
b9743cdf596fd988245553a7ced10b1b4f188d94

SHA256
8656dd048674c33f4a27d8e7ef97c7c9ab082ed8d72cdd7f0675de87ba58aef9

SHA512
7d94cfd1d091043224574f3e7d7415d7e066ea2c7cc47a0a19e3ef3882d1f1865ba6eb88ce1c6994799c88aff015352028e9f932023f23d943a5a5c5dd5fdfc9

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
109B

MD5
405c76ce8ed0a9105c8f62b588fb9809

SHA1
6ee962553788dc6368ea1a565004b0f3e4ad1f9d

SHA256
892994285f8bfcd366f7466165ce06c74b4fc633ffa7ae8194729a35762dd62b

SHA512
81eba8ab9fd3fb06786a47f8a04d578816f52d4675a57a63160c865cae0799d0f125a0d5850cbe15f53d06407469ec11e1eec135cf40bd6035d3bb63b7a597f3

Download Submit
/storage/emulated/0/backups/system/.confd
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
1KB

MD5
8afec2afa7db9a8e23fa137404e293ca

SHA1
4a4516076b977fdcfac011bf83cfa54e9bc92a5a

SHA256
f0a299512b1c264b91d7d5b4389b0ffee5db8c74689b86afd3ece54d6732c136

SHA512
4cba8077ca8e92bf2f0d77591ea99c2afb97445d34fd66cc1dc584eaa22f0e7d54e98d68afe205e1de535b006be4d27d90e03060c846de17c20eb36ad695bd07

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
25B

MD5
64b16beb6b6010f7f561800fec3ff701

SHA1
9dfa70d9874e45bce36ff4f09d5faa1a8a109afc

SHA256
619510a96dcfabbc2c1976ef8cbf9485d9e689e56b7fdd0b06366cff985b1d68

SHA512
755093b768eed378cbabedba4e95c4c2c08c7ca7e18e6e59fd6d1d571213b1b974d411084263948f35a5ba8bd7f8ed64daf8c835ae903bbacbcaa9ea4023d4b1

Download Submit
/storage/emulated/0/sihelottery/log/2022-05-21Crash.log
Filesize
2KB

MD5
9733611c151529abf309fef636b661d2

SHA1
02915ad9492f7378abe9c139da3aec6172b7d71d

SHA256
127171b4aaed70f5e291f928515751b8e1886a942617cb0d76d7eb7b93e66f4b

SHA512
26ac0bfe4cfd9eb00c7cdb05ffe7c42fba38f4671bf6908f38963135e69c8a53216a54f25cd36afa77c1bc74809eed01304c7a575de1da0c165b29cdc926ea70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads