agent_smith | 69344c280d9c6efe22758c2e008920f0823f5bacef27e9c4eb3eab28117d927d

Analysis

max time kernel
688647s
max time network
161s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
03-06-2022 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69344c280d9c6efe22758c2e008920f0823f5bacef27e9c4eb3eab28117d927d.apk
Size

252KB
MD5

6f3e67ffe0fae70074d1855a31de58b0
SHA1

52b3a9ca753f16b7dd7f59a408b1b71cc5f36ae0
SHA256

69344c280d9c6efe22758c2e008920f0823f5bacef27e9c4eb3eab28117d927d
SHA512

4ef840cbbe8e0a6815e086e4aa04a388d889035dabcbfab3034034cfa4e0350803881475de3b724d00365d966a1298da9e2f23bca913cd20966c5c4746a21ea4

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireuvw/files/firehelper.jar --output-vdex-fd=71 --oat-fd=72 --oat-location=/data/user/0/com.mufc.fireuvw/files/oat/x86/firehelper.odex --compiler-filter=quicken --class-loader-context=&com.mufc.fireuvw/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar --output-vdex-fd=78 --oat-fd=79 --oat-location=/data/user/0/com.mufc.fireuvw/files/oat/x86/fdc81aea256f2289da5bcbe8543b92137f19.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.mufc.fireuvw/files/firehelper.jar	5191	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireuvw/files/firehelper.jar --output-vdex-fd=71 --oat-fd=72 --oat-location=/data/user/0/com.mufc.fireuvw/files/oat/x86/firehelper.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.mufc.fireuvw/files/firehelper.jar	5085	com.mufc.fireuvw
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar	5465	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar --output-vdex-fd=78 --oat-fd=79 --oat-location=/data/user/0/com.mufc.fireuvw/files/oat/x86/fdc81aea256f2289da5bcbe8543b92137f19.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar	5085	com.mufc.fireuvw
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar	5085	com.mufc.fireuvw

Reads information about phone network operator.
Removes a system notification. 1 IoCs
evasion

Processes:

com.mufc.fireuvw

description ioc process

Framework service call android.app.INotificationManager.cancelNotificationWithTag com.mufc.fireuvw
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.mufc.fireuvw

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mufc.fireuvw
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.mufc.fireuvw

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.mufc.fireuvw

description	ioc	process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.mufc.fireuvw

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mufc.fireuvw

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.mufc.fireuvw

com.mufc.fireuvw
1⤵
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5085

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireuvw/files/firehelper.jar --output-vdex-fd=71 --oat-fd=72 --oat-location=/data/user/0/com.mufc.fireuvw/files/oat/x86/firehelper.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5191

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar --output-vdex-fd=78 --oat-fd=79 --oat-location=/data/user/0/com.mufc.fireuvw/files/oat/x86/fdc81aea256f2289da5bcbe8543b92137f19.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5465

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mufc.fireuvw/files/01a08aa5df702696bad2bad90bf94d53.d
Filesize
144B

MD5
71c0a580f9a228a8ec01e407a125598a

SHA1
f3784525ab92ddf851a61f320cde97dadef6bcd2

SHA256
66a4a50e9cecf109ee6b32738b4cefe8a3f8950a5ef31debd217fa38ee6e6f8f

SHA512
806cb6b115145f640ad4d27e9c590d29245e49cf72c1ae8d7b73d24f33cc5399344851a84b37afdd1bc1ab289e01ad1d188099d128dc9790880079fa32f533bf

Download Submit
/data/user/0/com.mufc.fireuvw/files/9350088488c2aecd6c2e7ad7dfedbe37.d
Filesize
32B

MD5
f39d10a6ac6de8c5009b78992f892406

SHA1
d66dcd2be1748e1051353c4455b2b179e8272078

SHA256
a621374685fd1fdf9630d37806579f765edf1871337c16ef06d928718160307c

SHA512
b04aa3fb98e1e3da2e68cc933f3f62f5b81848eb6a292b893dc905bd400556ccc340ee2e38990a92f1289b132f4cb4342334c259ecc84432d5e5233da6601679

Download Submit
/data/user/0/com.mufc.fireuvw/files/bll.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/bll.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/f33bd619ebea0d18b9b4bd9551c62945.d
Filesize
144B

MD5
7d1381318cde3ded561f01d9e7df729b

SHA1
624655266996ba266073a6e9681884d6539969ac

SHA256
1b5a16bcd8df5b9ae11afffa08df1239d77d16e329a5159e2a2674d285d47279

SHA512
189f309ddd07d7798a42122d4d393cce38d4f3a8b3f5fcf414a7e8c212b16abf2747446282989abe5208fbe98bc74d2634acfb3725e5b71e69da7f11083c9780

Download Submit
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar
Filesize
269KB

MD5
40245ba6aed46dcc9c6adaa479f65ec0

SHA1
4b6ce9fe507d4fb74fa075fdefece580a59078e7

SHA256
cb6cbd5ad214913aa308d36afd4781f04f3fc3ad6a5c6b2f1d71802ab18d3f26

SHA512
9240e7b9379f9984d301f2fefb0b64acb4529ead9e3ec3e64028877808625642579b5cc1686d6396b5f6dd24add090d30b9ebe06df8b44dfb73098c56f88c95a

Download Submit
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar
Filesize
4KB

MD5
a6f01ba466ce17edadb9677102a7811d

SHA1
f6984399b86579543946bffe304db5676bc40057

SHA256
6d9d2f53056afc466245840f91e9c4a46ea11469f67b3f8953e2fff21f201a1e

SHA512
2b0020847be9cf50223b1e090edbe19e43d213aea16d5ddd755f1c376ebd622f22d58f5fad775bbe012906f7697e614277c97f6d790819199e95cfe1a38baadb

Download Submit
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar
Filesize
4KB

MD5
a6f01ba466ce17edadb9677102a7811d

SHA1
f6984399b86579543946bffe304db5676bc40057

SHA256
6d9d2f53056afc466245840f91e9c4a46ea11469f67b3f8953e2fff21f201a1e

SHA512
2b0020847be9cf50223b1e090edbe19e43d213aea16d5ddd755f1c376ebd622f22d58f5fad775bbe012906f7697e614277c97f6d790819199e95cfe1a38baadb

Download Submit
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar
Filesize
4KB

MD5
5e29cac62d12d758c63adf60c8546a5a

SHA1
def85fddb4efd262add4c6692d46f761bdc94479

SHA256
12c396c61d8789bf2410e89d32f5a32b61ace0b78059e31bed67d13dd2674792

SHA512
b77c667cd05d5dcd5e49ab55e99b5b68b9c1b3e771d6db71b1c05786c4ad18faf57d749f459e51e76178e1c4fce73fc54f49716e2b4f4b2ad47dc4769a51f1cb

Download Submit
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/fdc81aea256f2289da5bcbe8543b92137f19.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
21KB

MD5
e9fbfb4a5a2af96193ddaa105c9139ef

SHA1
4f29fa3cbbbd5eb175ad4185b6d6a3923778d742

SHA256
b678a11102acbf3d118fa6b4d153d6c9bcc93e4a9530fcb8a7c5e0f985c70857

SHA512
ea217f4be3129069f8c681206e4b1155f92f7de99cca420183c4d8118c3738ccbe5df1c9e5dd7b95fddd57341e64d9ae45555f7b1efa13df335267053ab6746c

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
21KB

MD5
baa6c2e617cf078af55f93b8c6892864

SHA1
ebc5fd019a7e985d661c42e0c7e38501ca7c4046

SHA256
0e80f9711450da54f7e7650848370f5276319c1627fcc33e2388214e0318d75d

SHA512
aa22f1016c029fb3a06502d3eb90e8c3d061756add78a34fc9e69c3d8e6e3cbd3aa7f55544618f248980180e8077d486e868cc70a3a701ec9b3388a9cef9dcfc

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
44KB

MD5
f6942d8bc53446600abbbf83f6d1d4b7

SHA1
e102621831f1e42ab876413a9a6c7e6373df4ac3

SHA256
2d625b37127cbaf1025315cc171c602c5dfe79fcab8f9e3eb8e0dec180f981a4

SHA512
9fabb2d002c189e1b1a206ca799c073e98ddac84057f8ecfa80dd3fde9e3f7cbf1cd0fc22a01e48147c5e1f916b718a7e11b9bc4a45e7cffbd4c7ae1e754f59a

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
44KB

MD5
efb8c11a1074065497f8776b3b9ee783

SHA1
b62dc0e90c330be4ab7f05af3b8ded922de7acc0

SHA256
48e844d5d4eb116bb0aaef8e5da85f12958d53a58ecf95d737359b2699a24c82

SHA512
bfd6bab60d2c229a17ee9001025dc633d93b68f2247199dc2bf47cedc4da1d3b68914fc969c3b254033c838a53755eee83762901ee2168d291323b09b113dad9

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/fdc81aea256f2289da5bcbe8543b92137f19.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/firehelper.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/x86/fdc81aea256f2289da5bcbe8543b92137f19.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/x86/fdc81aea256f2289da5bcbe8543b92137f19.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/x86/firehelper.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/x86/firehelper.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjU0MjUwOTI2MzU4
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/umeng_it.cache
Filesize
415B

MD5
3dbffcbb3927225c2b7f66b67356c486

SHA1
595a4f1c87df427409a7c1ab5a806d483d73aa09

SHA256
7723d4603d5e9c36c4b01bccc8b3df198a98f5753486eac51638fab85596c91a

SHA512
81f8f8372577731efc60889aecd5b5fbd5284cef34d988f66010b99b5c98d6fc23c657b05bbd79469ab39df1852f9ad7b87d21bff7328e3397aa9679f79e1642

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/info.xml
Filesize
455B

MD5
8bdd06d4ae81b3806ed1120c44787d2c

SHA1
06900acba3ef4cb92a753d6a58364fe750fef4eb

SHA256
8cda3a64809af95413f53aeed41395933f5c540a0f53e3099ac335249aa4faae

SHA512
c583c76b8177afb33b2839178b9d1077fbfca034aa3f5263dd448b373969764c6adc75938da7c8d49b2a02f9ecaddde54e1efc8d86d489ddd242aa65b9185447

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/umeng_common_config.xml
Filesize
112B

MD5
dee456b587f148d935694b6853143288

SHA1
bd376b842ea8258dd7b49dc8be9c1ae7df7b1c76

SHA256
173405968cde2fd129d1073f474a5a151345adc6421e6f55dab2cec747ca1cec

SHA512
649550bc3d065141c42f75f2f6510579ad79af4111d033b9f589c72a13399dce2b0218959aa02c906e52df720a49dd885efd6ca857563f006f55b6d754fce4b7

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/umeng_common_config.xml
Filesize
172B

MD5
a133127c1ecdf98a9f192d3b538c30ed

SHA1
0c858b84d21aaad3edb98f8c401dd9a58bc5cc1b

SHA256
6aed7c9e38f06b46a5670b3228cedeb4722e9b6236582ea29dc4219da5130088

SHA512
0f4dbd688151c50bac3a6ec3c2835fb9b5d0dc0944700f45544af873a6daa489a6fad1928ec22aec284f0cd1074675fe9f15f2fb319ac623ad5481660bd62813

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/umeng_common_config.xml
Filesize
237B

MD5
24c8129278909e8c06d7679f1855a314

SHA1
6bacc8e8dfdf487942cbad36a6a426fd7384f8f1

SHA256
52b683b6487ed1f7e4ad63b41ccd5b137d3a62544e17e11d1764837946f21263

SHA512
f61cb403d5f85182308daa63c5717e76db60308b4d8ef83ba3cd4d24219da90fd733b474e6e81c6d27b461ebda71ae8384510e174f5304ed17fc0ca8cd66565a

Download Submit