agent_smith | 774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80 | Triage

Submit
Reports

Overview

overview

Static

static

7

774c01fe72...80.apk

android_x86

774c01fe72...80.apk

android_x64

Sharing

General

Target

774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80
Size

19.9MB
Sample

220524-ver14sabe2
MD5

5a4b594934bfb7adeae5806a976ec7c5
SHA1

7148c4a08a6c4805dc2048d4d41ff00a6d134205
SHA256

774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80
SHA512

b7048616eadd756805319989a99f42c6f9a422b859b122ad54e834a311eeea62af750b72ddde64ba4986088a392b3d5c4a661f1e972ceef0d58ab06715410792

Score

10^/10

agent_smith adware android evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80.apk

Resource

android-x86-arm-20220310-en

agent_smith adware evasion ransomware

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80.apk

Resource

android-x64-arm64-20220310-en

agent_smith adware evasion ransomware

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80
- Size
  
  19.9MB
- MD5
  
  5a4b594934bfb7adeae5806a976ec7c5
- SHA1
  
  7148c4a08a6c4805dc2048d4d41ff00a6d134205
- SHA256
  
  774c01fe72c80800cb2acd33d36f4977d42c1ebf9d373bd63c217524b66e2f80
- SHA512
  
  b7048616eadd756805319989a99f42c6f9a422b859b122ad54e834a311eeea62af750b72ddde64ba4986088a392b3d5c4a661f1e972ceef0d58ab06715410792
Score

10^/10

agent_smith adware evasion ransomware
- Agent smith
  Agent smith is a modular adware that installs malicious ADs into legitimate applications.
  adware agent_smith
- Requests cell location
  Uses Android APIs to to get current cell information.
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agent_smithadwareevasionransomware

behavioral2

agent_smithadwareevasionransomware

© 2018-2024

Terms | Privacy