Overview

overview

10

Static

static

7

a5b85b7eeb...37.apk

android_x86

10

a5b85b7eeb...37.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5b85b7eeb146a34c9dbdc182392b1e89f30391d85d111e6ee12e97280696037

  • Size

    15.2MB

  • Sample

    220524-vbyz9adgfl

  • MD5

    622a7770b8030b78db91eb99346cafe0

  • SHA1

    79a1cece85a650b61abb763a46f98a4cbb7f4a70

  • SHA256

    a5b85b7eeb146a34c9dbdc182392b1e89f30391d85d111e6ee12e97280696037

  • SHA512

    9fd849db1f0dc7f2b0ea30875e6cfce6ef48ee069baf25980d00739569c5ef6e78818ee70ff4f87e0928717bc8d044f1d6c607a2c61fd4d0d708c0b6825d8f40

Score
10/10
agent_smithadwareandroidevasionransomware

Malware Config

Targets

    • Target

      a5b85b7eeb146a34c9dbdc182392b1e89f30391d85d111e6ee12e97280696037

    • Size

      15.2MB

    • MD5

      622a7770b8030b78db91eb99346cafe0

    • SHA1

      79a1cece85a650b61abb763a46f98a4cbb7f4a70

    • SHA256

      a5b85b7eeb146a34c9dbdc182392b1e89f30391d85d111e6ee12e97280696037

    • SHA512

      9fd849db1f0dc7f2b0ea30875e6cfce6ef48ee069baf25980d00739569c5ef6e78818ee70ff4f87e0928717bc8d044f1d6c607a2c61fd4d0d708c0b6825d8f40

    Score
    10/10
    agent_smithadwareevasionransomware

    • Agent smith

      Agent smith is a modular adware that installs malicious ADs into legitimate applications.

      adwareagent_smith

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the unique device ID (IMEI, MEID, IMSI).

    • Requests dangerous framework permissions

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks