Analysis
-
max time kernel
4164289s -
max time network
18s -
platform
android_x86 -
resource
android-x86-arm-20220310-en -
submitted
24-05-2022 21:31
General
-
Target
144d27de1a641711a1307ed2cdc519878335abb8f5906001b150772ae6131a6e.apk
-
Size
2.5MB
-
MD5
4f3a3d82bbcb1449bdc1621f8c3a6068
-
SHA1
a8a37fe51bdd72d97b3970df4f11664e4c83f7c9
-
SHA256
144d27de1a641711a1307ed2cdc519878335abb8f5906001b150772ae6131a6e
-
SHA512
fba9fefe1793a6f9ad13d0d4c74c42a0e50dddcd600abf309a00b76ee3d9dbf705a17750ea2be6128759e0e31d6a72ea8326d8e447f86355746d1495bf1ad0a2
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes
-
com.wrysdop.fghsdy1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
-
ls /sys/class/thermal2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.wrysdop.fghsdy/app_jar/lpdf.jarFilesize
35KB
MD5e1ab911d4b585a26aae02d8540575013
SHA1ac148f7bdf95edddc97d9224ff51a771f1070520
SHA2568a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca
SHA512983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4
-
/data/user/0/com.wrysdop.fghsdy/app_jar/lpdf.jar.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.wrysdop.fghsdy/app_jar/oat/x86/lpdf.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.wrysdop.fghsdy/app_jar/oat/x86/lpdf.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xmlFilesize
111B
MD5fda1bca7aba079b0c31f0b0b4c7a2551
SHA1f70c5879963f6dd754429348178a77eb6918e542
SHA256290273beda97bce9fbb7e31e9cba9298ec63d2540bb903b8c566542646f12483
SHA5121fa74696ab8cd2d85491e135d36fd39c907224d5f91b658666d0a33597b4250655b4bb86d16d89f9eada184bf2eeea09935bd7e97a986ab02dfa54fa9458a39e
-
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xmlFilesize
171B
MD5b462c1c1997068210926fd4c4b7af685
SHA1ffd40f2b91fa803325e80a8c65341d8c1c19cc8c
SHA256faa028aa2e9546dae1c8aa2e5bfb0fb3fc7b9645c9afc7bbf6bbd46fd4351ac2
SHA5128ff87062b20148647bce35eb301052e4468ebb32620413fff38dd74a4d3065ec67e1d2ddf4bf8188c0ddff01689ddb3927d7bbbb9fe7b2dab1e0002004ac1592
-
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xmlFilesize
236B
MD57ec28bd49d57134ccab39b74a9455f0e
SHA12ec803000e7997a6ecaaa2898166776c82e36953
SHA256039e562108c2d71c5a94cbca0fd3c840aa83e46009d3b4afe3b1aa365d227b0e
SHA512a2f879891798d62c903eca0e72e167577db514f90e17e98a697cee9a719cea29afc2b88916699cbe22802a808296eb0293b7d7f23c225a2aa9051be0ec18bd49
-
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_location.xmlFilesize
390B
MD5324cdd9e86b8fb412defc558b036680e
SHA18f54afa42baf41d538f0f02bcc9c4e8e0106723c
SHA256234373510f164b28162a7b89b5ebe1d0955697d97cf2f991e269b10b1f80bfaa
SHA5122b08cd705f8d22da534285b6d47a88b35d37b4d2bdc7207cfd65ae0493629d6feccc3bcf55791a27f40448e784d66e129ca8bd92e1a3bcf532b21c3a293e5fdc