Overview

overview

10

Static

static

7

17cf20b7d2...89.apk

android_x86

10

17cf20b7d2...89.apk

android_x64

10

17cf20b7d2...89.apk

android_x64

10

Analysis

  • max time kernel
    3833286s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    21-05-2022 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17cf20b7d24d78e28a5bd5497ce780673828ae95740fb6807b35175109a12f89.apk

  • Size

    7.9MB

  • MD5

    7da58a306b7ff9bac0de718af6e8616d

  • SHA1

    5669788f1a771076c9be52433e402d46eb3c8376

  • SHA256

    17cf20b7d24d78e28a5bd5497ce780673828ae95740fb6807b35175109a12f89

  • SHA512

    ab78da96108e2efc28b34a5c1ee865f8f31ce5d296ca1ad14eb7291607f774652aff9877f048f5d38ff08c6d43069a6d60e5d91f2a9258587ae7bf1de40ad3c6

Score
10/10
agent_smithadwareransomwaretrojan

Malware Config

Signatures

  • Agent smith

    Agent smith is a modular adware that installs malicious ADs into legitimate applications.

    adwareagent_smith
  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware
  • Aborts a broadcast (usually for hiding system events from other apps). 1 IoCs
    trojan

Processes

  • com.ea.games.row
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    • Aborts a broadcast (usually for hiding system events from other apps).
    PID:5100
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ea.games.row/pspace/prim.jar --output-vdex-fd=72 --oat-fd=77 --oat-location=/data/data/com.ea.games.row/pspace/oat/x86/prim.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:5248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ea.games.row/pspace/nexor.jar
    Filesize

    27KB

    MD5

    316cf96ceef8af9a61ad0f28a2f9f4f0

    SHA1

    fa908fb6c8fc04a0ee10f07c7e189a5cb54568b1

    SHA256

    2338b30b5fdfc561c7e4d2ed0e8ba3d1825bbda8e17fe4008408772fbf7a0e05

    SHA512

    b3a0f347e78a41a2a262e6c7b57e7649eb7dc7748663b0eba53c3e1090cb956d2617f0964f7df54c33d46379c7aa25bd4048ef643a2451f9212ef319a94e003c

    Download Submit
  • /data/data/com.ea.games.row/pspace/nexor.jar.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/data/com.ea.games.row/pspace/oat/x86/nexor.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/data/com.ea.games.row/pspace/oat/x86/nexor.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/data/com.ea.games.row/pspace/oat/x86/prim.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/data/com.ea.games.row/pspace/oat/x86/prim.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/data/com.ea.games.row/pspace/prim.jar
    Filesize

    71KB

    MD5

    5ff46de991c9752847de22f26b3d0c79

    SHA1

    c0ed39e759e571a73c9cecce7a931e69b2906e21

    SHA256

    e39d8e14108aee6435ce99de59e7b87ffb5bc3e4ab84cc259db8d7683b981fd5

    SHA512

    758ebfb95778cae371b3c3140c5153d049e73320235cceb31b029f969f738dd1e76ac6ddf1c175c430856c6e7c694564d7ec0de5e52c697f2cab29268fff12d5

    Download Submit
  • /data/data/com.ea.games.row/pspace/prim.jar
    Filesize

    163KB

    MD5

    0791be576e1f5e840b71e5db17076d84

    SHA1

    c387ba5b24b13fa361ef34bdf58fc471f949d34a

    SHA256

    6a692ce4b2919ea79606ff4ebffe4e57398eb312cb79b9d04a2b18da467bc45f

    SHA512

    fe529a412d41002fd18d5d9e47abd52ee975d627a2cfaa3ace240cb4ebcb0e30a45b44e6fc4bd316a3e07204b2a1a63328258e15769b89a5163295d7aa89b657

    Download Submit
  • /data/data/com.ea.games.row/pspace/prim.jar
    Filesize

    163KB

    MD5

    0791be576e1f5e840b71e5db17076d84

    SHA1

    c387ba5b24b13fa361ef34bdf58fc471f949d34a

    SHA256

    6a692ce4b2919ea79606ff4ebffe4e57398eb312cb79b9d04a2b18da467bc45f

    SHA512

    fe529a412d41002fd18d5d9e47abd52ee975d627a2cfaa3ace240cb4ebcb0e30a45b44e6fc4bd316a3e07204b2a1a63328258e15769b89a5163295d7aa89b657

    Download Submit
  • /data/data/com.ea.games.row/pspace/prim.jar
    Filesize

    163KB

    MD5

    68c8d1cbe8fc44c86c56846a2d13f8ed

    SHA1

    1b25dbf8784a81f2206c002ea2309bd0c62ad9b1

    SHA256

    ff4a2cb38b541df673a1d0b37f07063cde5f2e999bf45a41ee1d4cc960ef86e9

    SHA512

    fd57a74b808edcc8f94f81a48fd0c9b07e4c77e19b1bc7473c9e154d993713a01c45cb2612f7a2a41f473aadbc27b96990163d138127aa62f8b46be2e6757fda

    Download Submit
  • /data/data/com.ea.games.row/pspace/prim.jar.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/data/com.ea.games.row/pspace/prim.jar.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.ea.games.row/files/playerData
    Filesize

    1KB

    MD5

    957d260a0195813c8b9cca1f8a16a0a5

    SHA1

    0a7a7d6ae532d9c6381e466f7af814d097ba8266

    SHA256

    4303df6869c32490d5e16c096dee8b6cd2eb9bc22217430863ca704894a3c63a

    SHA512

    81dd7b6c189466ab69641c9e43848b19d80aae84efbb2a458d98fc26591c72c7a2811fc7d3750df4564876644b81fb4e28281fd39c5008d51ff4c6c579e301ad

    Download Submit