agent_smith | 432a188b6eae863631ad9c8a59bcc123aaae857f43ce4ee9b601429e60dac6a5

Analysis

max time kernel
3836981s
max time network
18s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
21-05-2022 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

432a188b6eae863631ad9c8a59bcc123aaae857f43ce4ee9b601429e60dac6a5.apk
Size

2.6MB
MD5

8fadde0b1126da724f5957fc62b49cf8
SHA1

b0cfb644a31d689887fbef54ed2a725d38937297
SHA256

432a188b6eae863631ad9c8a59bcc123aaae857f43ce4ee9b601429e60dac6a5
SHA512

26233bd6a5cd8f7be60ddd5e0e720fa9c455f6e80ea8fa63bea5e3674b7c7dd0991260f7a8c5ea0c26bb0241f67cecece2b623d874d70b71d0e309d25b12bb93

Score

10^/10

agent_smith adware ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.asdty3.vbxck

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.asdty3.vbxck

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.asdty3.vbxck

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar --output-vdex-fd=123 --oat-fd=124 --oat-location=/data/user/0/com.asdty3.vbxck/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar	5260	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar --output-vdex-fd=123 --oat-fd=124 --oat-location=/data/user/0/com.asdty3.vbxck/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.asdty3.vbxck

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.asdty3.vbxck

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.asdty3.vbxck

com.asdty3.vbxck
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
PID:5048

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar --output-vdex-fd=123 --oat-fd=124 --oat-location=/data/user/0/com.asdty3.vbxck/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar
Filesize
69KB

MD5
61503c78bfaed115dc65f007a7461ed1

SHA1
e989f0a0abe36a164feb51d6419eb1d10db3fcc0

SHA256
f9eede33f737a4287b1412412c47a8eafbfb732f764fe18cce955c4a28d3d2e4

SHA512
3c59c6deaf0c0d0aa559beec62fea04a8021d471ba92af656983f6ad72f1a07af25a3d886b1c2783cecd802bf865c6100c459eee83e963cee95d834e643d2014

Download Submit
/data/user/0/com.asdty3.vbxck/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/Web Data-journal
Filesize
1KB

MD5
c0502a82d5a68cf15e5f56ca69673418

SHA1
ff10a047a76715be4b993b2d8869965a89d91e9e

SHA256
770060e4652d9e997a6e466d1d63eadc58e786a68ed9f690402e9d6c09b4071f

SHA512
f2e7c482a464b9409187f120f4589e1b5ac897b9771d4ea8859016cb340bac751aed57be7af2e2f224ad5fb551cafbeee78fea488b199bca829057b3c8abbc41

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/metrics_guid
Filesize
36B

MD5
164f692c34c2fb6f04d74b769d2b9d5c

SHA1
473997955afdaeed2e6ca09b3bfda52c7847fe00

SHA256
23146c1ef57d7ba0638e74efc165a1f1cec5e7e43e6a03ba9d7899a1d406dda9

SHA512
c829c16548f00347ab92c2250a6ea22ccf5f1c0d8e549dd256bc541d79e92a96ac2f99b3827e8e5f8342c7e4b761ecf8d505d2930ed0f879320928e11ece3c51

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/files/jiepayplugin.apk
Filesize
45KB

MD5
c83e81f064fbbff6870210fcc9abcf6c

SHA1
65f94be4a62160065ff192b9baac02da3a293031

SHA256
fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9

SHA512
100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164

Download Submit
/data/user/0/com.asdty3.vbxck/files/jiepayplugin.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/files/oat/x86/jiepayplugin.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/files/oat/x86/jiepayplugin.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/files/yypyda.apk
Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.asdty3.vbxck/files/yypyda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/XinZF.xml
Filesize
125B

MD5
237ae82ee89a2accf57cc2d78879094a

SHA1
0c2efe5d38dbb74625568265c72e3b624091bd57

SHA256
7c593841a5a94cb2e7e8b6b991eb936fbbb90cd68b02fb38795c1c24779dfff4

SHA512
414228ca69a9556e7ea86e3f0d9d1026479b72aa3ae9a3977f20dcdf489a1c25e61b4fc510eb54e0a7472985a309b472744190ee86b730cc08cd00e1ebb0ff08

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/XinZF_conf.xml
Filesize
170B

MD5
bfd71e12630759256c9819303b50df93

SHA1
a63dbe58a747a6d69abc2d03cdabd5651075afaf

SHA256
a9a9583c605ea5cea08d7be621b9feef9cd13bda28af8a12888489a5dfa74174

SHA512
a592b3e36fe227f3b3054476f56dba9e12e561ff2d5b8bcafe794aecbb28fe670d04c8632ed8e5983226f371f3cf5cecae0e18c67b22348a9d0540d8607a9c19

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/XinZF_conf.xml
Filesize
209B

MD5
645422e2398ddeda28bffca661afaba9

SHA1
c4a5da0afeadc3eb18e1c192c1d2556d154f53d8

SHA256
69890417fe35f44b8f513693fc72a29fcc6e892c6649a40abb7b081c86dd2c9f

SHA512
5cdd81475365d25fce8cbc5f2c3ffa17f2c8ef8d279b60af5c7d1dff8a9c164a38f6b399fc7b90f2f12a7d246889e65c531dcf87d7fd3e4e7408b8c3edf3138a

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/com.asdty3.vbxck_preferences.xml
Filesize
200B

MD5
37153ab351ce8849d5920fa1bcc72a8b

SHA1
6bc26c3b669a88c39f6673af182b05690024837d

SHA256
1cbc4da2cb0322b889b415355fd71fb5bdcea5de92f985b855179770b0f075de

SHA512
b8e00eca1adab77e10def78abfe03db64de32fe9c48cd992b4a5ef43c97616664bc2ba92d0049061b3c2d78392a8ae95438003bb0b209dcbee4abaed2824c1e9

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/com.asdty3.vbxck_preferences.xml
Filesize
143B

MD5
845954e7dee50c43f07d0a6a8d1df756

SHA1
dbf4a44e1ec0fffd2bd0e03a9c34ff732b9e4810

SHA256
c08f7cea4f7902d78b445042ce18a3d1d2d2dda94a02fd6ddcde01dbc265a2d4

SHA512
65b9731311154af9474e6f577ca267b73936e43a36d4c466b06b4494d186612dffa1130764cf38df7fe34e34e2b5ea430b63a68a92858292f82f3eb68f89f985

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/info.xml
Filesize
460B

MD5
c85301de9d861ae9b3fe84d8d0a60d99

SHA1
70de3f1e9ab199979a1e03b3e658a65a32a355ba

SHA256
703ca21bb722d3a215d35508aa8f988b44193ec983a5e252c5978df1ecaf265f

SHA512
02874a5d1dfacf37814a87e34eb6bff5e08231176ab2a78471b0ff606871faa8a418836922a370a56a6e4ab4d3875a3eeb40eeda2f8c8bd0ce11a055abd8023d

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/umeng_common_config.xml
Filesize
112B

MD5
c5abd13555fd96c52786adaf30130e26

SHA1
0a6e35531ecdb7282a7f8b0d667156f5e1ede925

SHA256
5a8f00b8f2f170b35ec846bfe7287390cf166fd22b2e0efaf7fd8f949d552f67

SHA512
668a83daa2d224394104ab45d66ef047d3ba14492172a24831e53103a9e77b8717a8f40ea4142fd27a7a44d205f015a1acaed3033f1e91bdd0cd4e0993afd624

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/umeng_common_config.xml
Filesize
172B

MD5
f708f6cfd4e9995cae626a0e576757b1

SHA1
6953528dab82f45d86fc7e41dac62bdc09882b21

SHA256
d5d05f0b98e4d3d8e737256d82efb9da061be98021fef6c4b5275c25487fbfa5

SHA512
a375218a56b73309fdd269f89bddc9ba8255ad80199fe99acd7b60204b68849cd6c444c077fc777a625af43f4f6f77a8322c31c15d7149873d17859633b914d1

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/umeng_common_config.xml
Filesize
237B

MD5
0cfc515d7330a7dee6bcc8d469800bbb

SHA1
c127eaa1fda56b813012c26a0041fd1f213452c9

SHA256
d5cacb6889d80ce3ffdc1d7249e354a10c26f7e7a09373c1b965a67d1702784b

SHA512
957fe6d931598ab72d493c5e109ea1b72b09e2ae6c16c429382745a036f9a0cf7b6764a02002064b2a66fa4168fe08882b8dda2fac8eb3ca45c394b053bbbfee

Download Submit
/data/user/0/com.asdty3.vbxck/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
324cdd9e86b8fb412defc558b036680e

SHA1
8f54afa42baf41d538f0f02bcc9c4e8e0106723c

SHA256
234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

SHA512
2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc

Download Submit