agent_smith | df8d90e26f69ed5ee26205e6195d6afacebd2a2a47f33692d676cd3f5c3789b9

Analysis

max time kernel
878080s
max time network
114s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
05-06-2022 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df8d90e26f69ed5ee26205e6195d6afacebd2a2a47f33692d676cd3f5c3789b9.apk
Size

2.9MB
MD5

aee1e673d34020746a0360eee4f576b6
SHA1

cc8c1e47ce9d9eae441d0d317200e021cbace954
SHA256

df8d90e26f69ed5ee26205e6195d6afacebd2a2a47f33692d676cd3f5c3789b9
SHA512

955c61dd85f02a730c15617b48cf85dc08ed80bb96a220f15b4af07429c61049f6b3c35e001132d88de121d2155d4c66991a376867d98828ba6d668fcb8671f0

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.gevyknj.ekwnnnr

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.gevyknj.ekwnnnr
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.gevyknj.ekwnnnr

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.gevyknj.ekwnnnr

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gevyknj.ekwnnnr

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.gevyknj.ekwnnnr

com.gevyknj.ekwnnnr
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:5264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.gevyknj.ekwnnnr/shared_prefs/com.gevyknj.ekwnnnr_preferences.xml
Filesize
111B

MD5
3540f78e3e81cfc9a5d6049f40ff080c

SHA1
2a0a7e4a979dd0b8e6e4780acac3eda34071cfd9

SHA256
556e6eab901fd80ca01dffadf2d30f9176a52e0015d1776d9bc0f4bf5f68423d

SHA512
2023cadde1e30861824e706b4568576104e70682c18fb4f849ed1afc06663e0f388b78324fa5c580a08a7f1c0fd7b7f857080ea13c621598ec6dc18dd6b57c40

Download Submit
/data/user/0/com.gevyknj.ekwnnnr/shared_prefs/umeng_common_config.xml
Filesize
112B

MD5
67fb7d8c3ec75faa97bda63719d88925

SHA1
d047c38ba5b4cbedff3e8afaeac59e40873cce3d

SHA256
f6bb52f869383fa5b6e0b943974228b88408ca7526c57f1487a64af7ffe0a555

SHA512
7e43723a29ec877f0ffe9e45069c4d90aef912db27511ff8f06eed49aa888f66434d8487fe525778840576ec8d20045ca844d2e03122cc27aa45dbc2ab9b3fd0

Download Submit
/data/user/0/com.gevyknj.ekwnnnr/shared_prefs/umeng_common_config.xml
Filesize
172B

MD5
1f291fdb7dcaa6646496b7cc40c4b81d

SHA1
39e7b61b154f440260431eb44f9083bde1b4e018

SHA256
4495e5d2bada9e907d99de1c039ad9f6a972e15ba7e910991b31f8de9976bec2

SHA512
0bb5c4c294962e08a7d3bbb7057e3ab642432ae4e09bab414cf9f82929f3003c85700f07bab10b8601c5725a5fd78ce724cfea962658711bba4295c873d09ace

Download Submit
/data/user/0/com.gevyknj.ekwnnnr/shared_prefs/umeng_common_config.xml
Filesize
237B

MD5
96493aded337b8db98ea780eb5daa3e9

SHA1
79767f89c6dbe2148531dc685fc032cadbd442fd

SHA256
5d95e72de243406ae77144fa452fefa9140f81a4a64748a0f616bd53ca14fab3

SHA512
1b9d0cdf3f1eacb2a5cc15a96a9efe3d9bf66eedf0a072a5a84be6b67d237dbe92da50b0a17aa669a76134e27baea427adbd4ebdf508a047b7b0f5dac158b966

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads