agent_smith | 69344c280d9c6efe22758c2e008920f0823f5bacef27e9c4eb3eab28117d927d

Analysis

max time kernel
687498s
max time network
161s
platform
android_x64
resource
android-x64-20220310-en
submitted
03-06-2022 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69344c280d9c6efe22758c2e008920f0823f5bacef27e9c4eb3eab28117d927d.apk
Size

252KB
MD5

6f3e67ffe0fae70074d1855a31de58b0
SHA1

52b3a9ca753f16b7dd7f59a408b1b71cc5f36ae0
SHA256

69344c280d9c6efe22758c2e008920f0823f5bacef27e9c4eb3eab28117d927d
SHA512

4ef840cbbe8e0a6815e086e4aa04a388d889035dabcbfab3034034cfa4e0350803881475de3b724d00365d966a1298da9e2f23bca913cd20966c5c4746a21ea4

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.mufc.fireuvw

ioc pid process

/data/user/0/com.mufc.fireuvw/files/firehelper.jar 6373 com.mufc.fireuvw
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.mufc.fireuvw

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mufc.fireuvw
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.mufc.fireuvw

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.mufc.fireuvw

ioc	pid	process
/data/user/0/com.mufc.fireuvw/files/firehelper.jar	6373	com.mufc.fireuvw

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mufc.fireuvw

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.mufc.fireuvw

com.mufc.fireuvw
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6373

ls /sys/class/thermal
2⤵
PID:6419

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mufc.fireuvw/files/00e906f0d4601cd76e8e8205f9fe6ce7.d
Filesize
32B

MD5
ea68711228698e98f4a45bbf62f6ecd4

SHA1
38f3d4bdb32d2e3536beb1a31bc6499fc4031c4e

SHA256
43e264be358511ef80d551d06eabfe87080df90020a03334ba322cf0739f3bb0

SHA512
47e2496420631e79096d9c260af9d7d190dd5b8f76fd5a7f074fb40060c24b9ce5122660a19de6e6d8ec030324176f15b92c6c7e48d414d921586683a7ccc5f4

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
21KB

MD5
e9fbfb4a5a2af96193ddaa105c9139ef

SHA1
4f29fa3cbbbd5eb175ad4185b6d6a3923778d742

SHA256
b678a11102acbf3d118fa6b4d153d6c9bcc93e4a9530fcb8a7c5e0f985c70857

SHA512
ea217f4be3129069f8c681206e4b1155f92f7de99cca420183c4d8118c3738ccbe5df1c9e5dd7b95fddd57341e64d9ae45555f7b1efa13df335267053ab6746c

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
21KB

MD5
baa6c2e617cf078af55f93b8c6892864

SHA1
ebc5fd019a7e985d661c42e0c7e38501ca7c4046

SHA256
0e80f9711450da54f7e7650848370f5276319c1627fcc33e2388214e0318d75d

SHA512
aa22f1016c029fb3a06502d3eb90e8c3d061756add78a34fc9e69c3d8e6e3cbd3aa7f55544618f248980180e8077d486e868cc70a3a701ec9b3388a9cef9dcfc

Download Submit
/data/user/0/com.mufc.fireuvw/files/firehelper.jar
Filesize
44KB

MD5
efb8c11a1074065497f8776b3b9ee783

SHA1
b62dc0e90c330be4ab7f05af3b8ded922de7acc0

SHA256
48e844d5d4eb116bb0aaef8e5da85f12958d53a58ecf95d737359b2699a24c82

SHA512
bfd6bab60d2c229a17ee9001025dc633d93b68f2247199dc2bf47cedc4da1d3b68914fc969c3b254033c838a53755eee83762901ee2168d291323b09b113dad9

Download Submit
/data/user/0/com.mufc.fireuvw/files/oat/firehelper.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjU0MjQ5Nzc3NTc2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.mufc.fireuvw/files/umeng_it.cache
Filesize
350B

MD5
5ff1f597c66b75d8b6c7eafb5dc310d8

SHA1
bbd5c7c87f1e0e1780002fad6ef2020e08c494b5

SHA256
da9416e6f2806360d3f30ce7075b0031c3e75c5f4a56acadb569b3acbb6043e6

SHA512
c76f64f7c45c2f0b1428a0da8d09a99e17dc502ca13a6c4020fb182b2907b9b078bce88ee525ee123a09d42110931068efb6b8e6494e884d1314608ba2116f19

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/umeng_common_config.xml
Filesize
112B

MD5
dee456b587f148d935694b6853143288

SHA1
bd376b842ea8258dd7b49dc8be9c1ae7df7b1c76

SHA256
173405968cde2fd129d1073f474a5a151345adc6421e6f55dab2cec747ca1cec

SHA512
649550bc3d065141c42f75f2f6510579ad79af4111d033b9f589c72a13399dce2b0218959aa02c906e52df720a49dd885efd6ca857563f006f55b6d754fce4b7

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/umeng_common_config.xml
Filesize
172B

MD5
a133127c1ecdf98a9f192d3b538c30ed

SHA1
0c858b84d21aaad3edb98f8c401dd9a58bc5cc1b

SHA256
6aed7c9e38f06b46a5670b3228cedeb4722e9b6236582ea29dc4219da5130088

SHA512
0f4dbd688151c50bac3a6ec3c2835fb9b5d0dc0944700f45544af873a6daa489a6fad1928ec22aec284f0cd1074675fe9f15f2fb319ac623ad5481660bd62813

Download Submit
/data/user/0/com.mufc.fireuvw/shared_prefs/umeng_common_config.xml
Filesize
237B

MD5
24c8129278909e8c06d7679f1855a314

SHA1
6bacc8e8dfdf487942cbad36a6a426fd7384f8f1

SHA256
52b683b6487ed1f7e4ad63b41ccd5b137d3a62544e17e11d1764837946f21263

SHA512
f61cb403d5f85182308daa63c5717e76db60308b4d8ef83ba3cd4d24219da90fd733b474e6e81c6d27b461ebda71ae8384510e174f5304ed17fc0ca8cd66565a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads