Analysis
-
max time kernel
3826991s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
21-05-2022 00:36
Static task
static1
Behavioral task
behavioral1
Sample
a9450e63452babcfd011dcb4c91446a0524dd1b1910b879ffe8e0aaa587dec4d.apk
Resource
android-x86-arm-20220310-en
General
-
Target
a9450e63452babcfd011dcb4c91446a0524dd1b1910b879ffe8e0aaa587dec4d.apk
-
Size
2.5MB
-
MD5
badd1f1f06deb17261c08184d243fba7
-
SHA1
a2189d43278760394176828a09e996100474c581
-
SHA256
a9450e63452babcfd011dcb4c91446a0524dd1b1910b879ffe8e0aaa587dec4d
-
SHA512
9716d869bbe56997a9ef53b2c553caed6960c9b528413a1916882411db0f7e5800b522970ae6f2ea453f1e3858820d61f3f060b0a9e059d0935e2bd8f4b51457
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.dfoiej8.ccsdyiadescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dfoiej8.ccsdyia -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.dfoiej8.ccsdyia/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=114 --oat-fd=115 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/com.dfoiej8.ccsdyia/files/one.dex 5108 com.dfoiej8.ccsdyia /data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar 5318 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=114 --oat-fd=115 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=& -
Requests dangerous framework permissions 8 IoCs
Processes:
description ioc Allows an application to send SMS messages. android.permission.SEND_SMS Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read SMS messages. android.permission.READ_SMS Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to receive SMS messages. android.permission.RECEIVE_SMS -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.dfoiej8.ccsdyiadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.dfoiej8.ccsdyiadescription ioc process Framework API call android.hardware.SensorManager.registerListener com.dfoiej8.ccsdyia
Processes
-
com.dfoiej8.ccsdyia1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
-
ls /sys/class/thermal2⤵
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=114 --oat-fd=115 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jarFilesize
35KB
MD5e1ab911d4b585a26aae02d8540575013
SHA1ac148f7bdf95edddc97d9224ff51a771f1070520
SHA2568a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca
SHA512983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jarFilesize
69KB
MD561503c78bfaed115dc65f007a7461ed1
SHA1e989f0a0abe36a164feb51d6419eb1d10db3fcc0
SHA256f9eede33f737a4287b1412412c47a8eafbfb732f764fe18cce955c4a28d3d2e4
SHA5123c59c6deaf0c0d0aa559beec62fea04a8021d471ba92af656983f6ad72f1a07af25a3d886b1c2783cecd802bf865c6100c459eee83e963cee95d834e643d2014
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web DataFilesize
104KB
MD5dc79f9ce5f3ab5270b33e61119dfc959
SHA11844bf222a5144b513dcf2fb50a18c011701c647
SHA25647e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA51218b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journalFilesize
1KB
MD526835479d9ca9a5a47f09665d8f797ac
SHA15a26e9a7eebd4647eb2ad25e7a21ee1063f0494a
SHA256f21aba6b092c3d83af73fc35a12fec170f45d2662df1bad987260aa5de39334f
SHA5123df86acf78995bcf3a95dd6c0dcdb00313174e9f24f831f29c68db3968c4f5737018c044562c62838b600c69414ac15d27966c2da625ad7d212bd50ea8e12aed
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guidMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guidFilesize
36B
MD54d06920b86b73a1aeecd8f22a67f6639
SHA1720e68a95e0e90f95cd8fb9c96422ca964e33f4b
SHA2564f123380378e57509fc4e48911dec2b349455762731a295625e98e39043d5e5c
SHA512036ed48b193b6a7046c47c15e53888eae6c852e3ec0b3951667d869647db09fab0f676e50f9c361c35046271c56c7373eca0fb8734ee7d57381ef0949cae803b
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_newMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stampMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/jiepayplugin.apkFilesize
45KB
MD5c83e81f064fbbff6870210fcc9abcf6c
SHA165f94be4a62160065ff192b9baac02da3a293031
SHA256fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9
SHA512100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164
-
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/one.dexFilesize
59KB
MD51b5c4ae7e385db4551ced8c19386abe0
SHA112d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4
SHA2568211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70
SHA512f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b
-
/data/user/0/com.dfoiej8.ccsdyia/files/one.dexFilesize
59KB
MD51b5c4ae7e385db4551ced8c19386abe0
SHA112d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4
SHA2568211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70
SHA512f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b
-
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apkFilesize
38KB
MD5cc860a00cae01d4f2e88cfcbf05f06ff
SHA187778550a32109a679a2d28dec9ca4e6c0ca19fc
SHA256494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347
SHA512dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057
-
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xmlFilesize
127B
MD521223e9184445fe043476484cd8cb1f9
SHA12b4813f849121d60ba35eb0889080668bb62c778
SHA256bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xmlFilesize
122B
MD576a516ec620e2508e512a673a58347a3
SHA1386e9ee5d38602ebdca74bc24b24d75b1a765e8c
SHA256245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5
SHA512e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
112B
MD51bb34fdb25adc2f4182971d8a7b16402
SHA1e2eb49b9a05a21fc3603dbcaf7901a3822c70ecd
SHA2562cb849e37fa91834a6d6f4a5655747aa7360857146cfd5115fb1c93e2b1e2a6a
SHA51270a33817476340959d03804dd70bdc42a55cb47acf24c2fad59c79308d0d9af78de126a8eaee2e11bf765ace231ced82a825bd638c2ba10a3b6dcd16b5071cbb
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
172B
MD5f43fa687a315f2b3315247c8f4b02219
SHA139fd5f37c9918b016418ebc1f70f6fca41a59384
SHA2567c38b0e4161197481dadacba7a09507dc3c1ab27aead57048bf81312d38795a0
SHA5120c07e85df65ca07ea00db3abab7adc4a17e90ec559c833d71ae8413df05ffb442c2ae748c68f2831c571ea4260d6c4e435290baf67ef07a85af6cc27c8aac4ae
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xmlFilesize
237B
MD5af95da3e1c6523b8566bfe4f72dc7379
SHA180bce84d613981315a54d031b12bff82ab703b1c
SHA256c17e9d858a81146f3c7e6f1e8ef83b9423ccae8f3c7a967bb7c60d33b87f896b
SHA512f0e139aa46e9bba51d7de6f264b4275c193129bb810474069ab6bb7c1528d9c47b5a0f365c16023e3c90274c0089c3d7167d129abaa27e92f05c395544aa164c
-
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xmlFilesize
390B
MD5324cdd9e86b8fb412defc558b036680e
SHA18f54afa42baf41d538f0f02bcc9c4e8e0106723c
SHA256234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa
SHA5122b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc