agent_smith | 3b9b2f751ade2c0dd2c6ac1676af5f047f513501d56a5b1909458360816b7bcd

Analysis

max time kernel
3833385s
max time network
148s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
21-05-2022 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b9b2f751ade2c0dd2c6ac1676af5f047f513501d56a5b1909458360816b7bcd.apk
Size

2.5MB
MD5

4d5f7fee3857add91dc6509e4752658b
SHA1

82168bf32cce3aee78d511266ba10e311b5680d3
SHA256

3b9b2f751ade2c0dd2c6ac1676af5f047f513501d56a5b1909458360816b7bcd
SHA512

976d78f7b30957a227fdabf510fcb36b40a07e0f714d80e83a814cc3a0bd196893a10825b0094328fe2cbe79ab3aa73945d4cd3f05c157d2bf0aea6d8970dc75

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.cvbsdk.uuihk

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cvbsdk.uuihk

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.cvbsdk.uuihk

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.cvbsdk.uuihk

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cvbsdk.uuihk
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.cvbsdk.uuihk

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.cvbsdk.uuihk

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cvbsdk.uuihk

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.cvbsdk.uuihk

com.cvbsdk.uuihk
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cvbsdk.uuihk/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/Web Data-journal
Filesize
1KB

MD5
88c1a04e4acca6dc571d2424300cb38e

SHA1
cc9588afd702790a6633dda4f81ed4f9133a0e28

SHA256
e4be756fe8acdb3776654afc163120d8bca5658695cc673fa7bf542ffdde3685

SHA512
749acbca5df624ee79970ce5064b673c9aff6f0e468c630c183cfa9aff2e948fdcd9c99f58a0a6087aea30125b526e633aab48712ae0baa422040e6ec4ef785c

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/metrics_guid
Filesize
36B

MD5
3f047493edef3074bef1af8d8a907cc0

SHA1
c9aa5fe17cd5cef251be9f5b0ac6e7ceb2c203fd

SHA256
60627db521463a58b0f12ddfd0935ca8f08a2b695608cbfda0c65a3708336e31

SHA512
5f63238de6ae0334a7891d25d51f7c9269d2b36fb13a14412ee0ea3e4d8274933c154a94cce2e4a37ce431965b8423e0229d792965bec800c1b6eb9d72faab22

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/files/jiepayplugin.apk
Filesize
45KB

MD5
c83e81f064fbbff6870210fcc9abcf6c

SHA1
65f94be4a62160065ff192b9baac02da3a293031

SHA256
fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9

SHA512
100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164

Download Submit
/data/user/0/com.cvbsdk.uuihk/files/oat/x86/yypyda.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/files/oat/x86/yypyda.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/files/one.dex
Filesize
4KB

MD5
fbcc103df7af93d6cc5f3def9431132c

SHA1
36fe8b02a1a184fdd18661bd02aa02417d7455c6

SHA256
6d4b6fa2c34e31d27ae41e4cd87b57915519c8a660a7b38d0231930523552f47

SHA512
46479717d3b4853448ad6afd9706f4ae3cf19541a7d160c8ec93a809fa6757c227535317ac6353259c0f35f265c7bcd909399dad8e62c362dbf6a5842c651871

Download Submit
/data/user/0/com.cvbsdk.uuihk/files/yypyda.apk
Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.cvbsdk.uuihk/files/yypyda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/XinZF_conf.xml
Filesize
169B

MD5
92054950421da0a37d482cd05e37b506

SHA1
cd5ec1354b4f5e3b4a568763512c92b1b793f04e

SHA256
23389b8132a34c694f1f9c5547413e3a7ad5e8303590b137d56b47fc869d42ea

SHA512
f5c31fc525f8a35b4c06d5a3117b394aedb63c1c8d55efb9edbb0d77b6bae077c66d20982b5c578786ab9b2dc3c8cb077ab37929455102914a14c542cc782db0

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/umeng_common_config.xml
Filesize
111B

MD5
b14bb40ccc9e5f9f83cd3b230ed5b512

SHA1
b84fcbc09d4a3fb6428aa551d9f628b5af666369

SHA256
ab6b36acc58c7691eb799350c18517270e7c05ab18356d91258eeda2f7ae8d6f

SHA512
6fbd134b5306c9958d9a9d48025be2c4436d5a9941244b2d5cc5a0af2bd1c3c858c00961e6a5548ed6cf8f6e19f739a01b48375a71bf2b28b533a20c325cf1cb

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/umeng_common_config.xml
Filesize
171B

MD5
44e89dbb009a85117af30548cfd30487

SHA1
7a8fe4d09b36468bc8b38ce57eeaed0aa056fab9

SHA256
4fc20f9f168488ed4de0b64950280f52d602f82f145fac01ac8106e0887cbd04

SHA512
08aacb6e86a73659d3eb5c29c308e3e41852104e854bf949287a550f1bdf1e7c8fbfad5443ec8a54d70bbb6c828e04b80bfdcd0dbf20b7abbe51f832002e2d5b

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/umeng_common_config.xml
Filesize
236B

MD5
ceb395048ed00c48de20ac18efd1675b

SHA1
ec41b799eaa5d45c6191161c362934845df57bab

SHA256
ca6296c8f294d7407c7b37e16ef1875721e2d22d845f87fa2836c8e5ae0cb022

SHA512
3e39a9b559a7314f6433e583ca1a18bd4e90e463bef2dca39b29a8bd28c58a6fd81403206adf1b2ef952430a7d9fe542547d9f4efd68805a66bc9817d0ce4615

Download Submit
/data/user/0/com.cvbsdk.uuihk/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
324cdd9e86b8fb412defc558b036680e

SHA1
8f54afa42baf41d538f0f02bcc9c4e8e0106723c

SHA256
234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

SHA512
2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc

Download Submit