agent_smith | 8805803f2c32db1e59afa4b86ddb5da684663048c0237a5c03daae7acc605a5c

Analysis

max time kernel
3873580s
max time network
29s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
21-05-2022 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8805803f2c32db1e59afa4b86ddb5da684663048c0237a5c03daae7acc605a5c.apk
Size

2.5MB
MD5

2965a9a9049ca51aaa1965dd1a6ba612
SHA1

f3ba6964e449d9e5ee719dbb441dd3c623acc38c
SHA256

8805803f2c32db1e59afa4b86ddb5da684663048c0237a5c03daae7acc605a5c
SHA512

8698195d2db39bb7cedba2ceab174c37051c352e60e670b785d09bb8bc6296c0cfe462de4f85c231de52e1126b8031b0baba29ec8f84a7ebe5df0ae9f6448deb

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.dfoiej8.ccsdyia/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=92 --oat-fd=93 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/files/one.dex --output-vdex-fd=121 --oat-fd=43 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex	5209	com.dfoiej8.ccsdyia
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar	5405	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=92 --oat-fd=93 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex	5471	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/files/one.dex --output-vdex-fd=121 --oat-fd=43 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odex --compiler-filter=quicken --class-loader-context=&

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.dfoiej8.ccsdyia

com.dfoiej8.ccsdyia
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5209

ls /sys/class/thermal
2⤵
PID:5291

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=92 --oat-fd=93 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5405

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/files/one.dex --output-vdex-fd=121 --oat-fd=43 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5471

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar
Filesize
69KB

MD5
61503c78bfaed115dc65f007a7461ed1

SHA1
e989f0a0abe36a164feb51d6419eb1d10db3fcc0

SHA256
f9eede33f737a4287b1412412c47a8eafbfb732f764fe18cce955c4a28d3d2e4

SHA512
3c59c6deaf0c0d0aa559beec62fea04a8021d471ba92af656983f6ad72f1a07af25a3d886b1c2783cecd802bf865c6100c459eee83e963cee95d834e643d2014

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journal
Filesize
1KB

MD5
1d5c023fd9d4399b4b2fac0bcb13fa3b

SHA1
f67f38b7221a27d925daf925b8de2a7af8bad776

SHA256
fb6f979bdc031e33af58451c9dc2e5e12e863f819e061b80422c9a1dcaf1bef1

SHA512
3a1a2c58477d6714b4155d40e017d13f035e569ed95632f9be290af39e70e0d546ee05d0302d9caf7e6902b010bfe6ce408fc8f0edb9d515bcae3202d1a0288d

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
Filesize
36B

MD5
e4ce8a6c6ffb92fbd9e594102a68a4b7

SHA1
115720c3c7f92641f47e704bec5a7635a66aa723

SHA256
d424804bb7e875851c54b8a6f930c9217328a0ab7b4d2ee3006674cb77b97726

SHA512
7450761abbb78c1510ca629171f8108f49313becf66f8077e6b2067855685a9e24d766702f5305c918155ca98eaca0667acb51036c03af6f47f64343cfe3ca74

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/jiepayplugin.apk
Filesize
20KB

MD5
d306d3d7eb67b36c05171df3f12dda60

SHA1
c8827c4b2a1471a6cf71d6ba569b1772af861674

SHA256
a41c11d65630f45ea0ddfb26b964bfcac454d445959dee2694bc66b59ba0bb34

SHA512
1b01c6e9957c8e9973601ca22c2cda5d01d00876ed596251e1a457d6734f8dfaa8297dc63a8492b044674f3115ca86c78db47e6e712ed7a105c1c3db3b1bf5e4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/one.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex
Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex
Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex
Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk
Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
110B

MD5
0a9fd8e9bb6638f970b452441b05dde0

SHA1
3326d8bc868f0c854e1a7f1b632518ada6c7bf6e

SHA256
22695302c5bb540ad117082e58a2bc095b17873281ba0c254640cce3aac81e32

SHA512
52d97a8b56c6ae2ffd467d142a8019c7f144e7917573f3820275cd3e9132e2c9eff09d4b2d14eb87ea042ac1f296df979b95f52c184a69644fd0bd0b402f6a0c

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
170B

MD5
c21bfd7912d131ace38d6f4fc33ee5d3

SHA1
05cf1dbff08d8936eb05bdab46edb207364b0ddb

SHA256
6596a41f18e227984887608ebc689899a68990702cd13685bfe7094f342e5494

SHA512
d4c7e5b172099d0919c4dfb987ad6464b41b7b7d76603316bfd2583f3360b50713b1be894695d51e5291f8a8a7303323d5c28fd78fafed0e21cbfc0df08a5dac

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
235B

MD5
20c263009d92de431b80a43a5063e3c7

SHA1
d3edac47040e824424057e86f6235343e50bb089

SHA256
a27f671db89ebb127896fc0f8ff175229f07f5d9316ccb4b5f53caba7417b8f7

SHA512
b6ef5c34dc0e9360975888b78dd6793e0f233fa0df957234ee4c0f6c9f04396c0b79148a964ca879e11d8f5cd540e67ecfa84b98e06754bf242403c3106a63fc

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
324cdd9e86b8fb412defc558b036680e

SHA1
8f54afa42baf41d538f0f02bcc9c4e8e0106723c

SHA256
234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa

SHA512
2b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc

Download Submit