agent_smith | 37e4761fe0955199cf990ed14ecf686b623b0be6115dcca4ed6eeed69acb490c

Analysis

max time kernel
1477949s
max time network
31s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
12-06-2022 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37e4761fe0955199cf990ed14ecf686b623b0be6115dcca4ed6eeed69acb490c.apk
Size

5.2MB
MD5

2155bdd6c6a96cb4a60f6ea349880bc8
SHA1

45bc8e5985add67ba8a0f6bbdac191b82d04f72e
SHA256

37e4761fe0955199cf990ed14ecf686b623b0be6115dcca4ed6eeed69acb490c
SHA512

5782a67ab961af107b80e9c5956c1f2664a50abb0e9df66aaf1b499ec94f3d0229041ac79b3d57461cc84c1186e9975dc96714a99caf1c55e9adf89b1d706ff7

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.lbwifi.anpok

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.lbwifi.anpok
Queries the unique device ID (IMEI, MEID, IMSI).
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.lbwifi.anpok

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.lbwifi.anpok
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.lbwifi.anpok

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.lbwifi.anpok

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lbwifi.anpok

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.lbwifi.anpok

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.lbwifi.anpok

com.lbwifi.anpok
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:6836

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:7184

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:7215

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lbwifi.anpok/cache/VAdNetSdk/reqQueue/-1135038580-754662270
Filesize
985B

MD5
139bfb8a475a9c628c6e16e1258dafd3

SHA1
75f5d1694e184805fd77799e049c88201c1d2465

SHA256
413a3a33668cadad9e37d87f6643879b284911663b01d3c854ff15023725dcc2

SHA512
151c9a10f6b273991bb12d39796b184ff0b56a8cc6bcc0b271024b28abd231c992700a3ec6f03c601b6d7aec404779fe80411193537e26fd91ca690a58a35fc3

Download Submit
/data/user/0/com.lbwifi.anpok/databases/downloader.db
Filesize
72KB

MD5
fc0c49a567c43b57f8f7bed7c9cd7d4f

SHA1
3b50f3078143577378294af8674167e00fe39ad0

SHA256
254ce3e20baf0a7ac95530fce4d0e76cc65b017edf86c7cf91bef33a0bd7d100

SHA512
547e97a66fd10fe3862bab002af282c636bf2aa76520906598d13d705d915a73af2467d435f3fca0857e5888141761d796f9d28add10a4d748983dbf8560cf06

Download Submit
/data/user/0/com.lbwifi.anpok/databases/downloader.db-journal
Filesize
1KB

MD5
e9790702171448fdd205a05d4dc1f93a

SHA1
bf3b1f6bd4b614603bda8ad8ce2a4c2170005d73

SHA256
4ab757b878f1ebc3ffc5adbe9066d4d9bd5591f5fe11032e64a248f6dd3f4c18

SHA512
5dd799eb3c331de56f7e751513f897ea504a1aa26073428555f486ce42fe4fdf55e20e5d95730f2aea482f5988e8d0a81a4c63d5f4b2915b7770f2f9151260ce

Download Submit
/data/user/0/com.lbwifi.anpok/databases/npth_log.db
Filesize
72KB

MD5
8b0374e2764d73cea00c5dd5a6406850

SHA1
4e6f893298d6a40ce88559cce9ac0f945c1f740b

SHA256
42b2bf02efc6f638b7bd14b67dc73ceb329077983202d95a3cf82b7bdae79afe

SHA512
e202f54b788dcca5bf225a6d0fe15d5582a87cd6701acffd11856b64abc3a88f8cbffae0c838eafa645947eb4ee1f969399a419f43952d5b77a7932236cad5be

Download Submit
/data/user/0/com.lbwifi.anpok/databases/npth_log.db-journal
Filesize
1KB

MD5
7cc82d43cfadea1090a1581763444948

SHA1
e4a52c849d2ea965bcf0db7ae2ca371e06696ffc

SHA256
83d52746c80c7e3c20eaaa62c9ca36ccc1eb0319dcde2d24f34a7e1c88445710

SHA512
b603f1e56add517e887ec13e237f86d5ff7713291d1f2e245ed2df942a59a915fa021dac1ee44001c8c00040b10ec1bc03eee29e95d3f934ac1afb28d9b7fcfe

Download Submit
/data/user/0/com.lbwifi.anpok/databases/ttopensdk.db
Filesize
232KB

MD5
230fdd390a90afb27cb08f0c487f0d9f

SHA1
f78f654cff7c6c7234ae1b935912443c3243dc4d

SHA256
8fe434074f50747f253cd3099930349423c59dfbeb92ddb0fa39608e5c12eca9

SHA512
b691bd0e5d5407f016a537561941427fe4da80be40a2a1f6b624761cc0a0189b83b2154163d0938efe92435d99d8d6dbce28255265a7cb8d57efb2a0e806803f

Download Submit
/data/user/0/com.lbwifi.anpok/databases/ttopensdk.db-journal
Filesize
1KB

MD5
c04b438d6c008c5318441cafdcf4f4fa

SHA1
41c22a3765786ba2b2499b5350354d7107fbb5e5

SHA256
74bc92acfe7bb389f78bdfa7d981ec65bd09c986f734585fd993d640bfac084b

SHA512
b3ec27febab6df63a7c9564fa41cb10fbd2c96c627f212b8858107d1a298f3571a9c0dff5d67d76586de9c6ad057310fae021444faf7bf97406165c95cf85d3e

Download Submit
/data/user/0/com.lbwifi.anpok/databases/ua.db
Filesize
112KB

MD5
9e38947768cd711eaeb6774ef29df1de

SHA1
a86d3c1491c4415c759315e82758658d22249dbb

SHA256
e0a51258c664c4f2b8e5f77f0b8c3d34181431f8fa7074b6899d961d4439b1c6

SHA512
274493bb87b1a83dbfc4b4fcd95c793e838bf1b8e2cfa09e443ab16aa289cf4c36109be95524c593d94a9eaf2e3c4f8bb636e0c24c3095f973083318cc2a3dd2

Download Submit
/data/user/0/com.lbwifi.anpok/databases/ua.db-journal
Filesize
1KB

MD5
83b097c319ebcf3472089973abbe1a33

SHA1
34bc4c662aeb52f86d61eea5e2b746c1cb537b63

SHA256
83bbaddfc7f0093b0648721971b2da0add1ad849825b8a0be33cc096565af816

SHA512
125bf9f3592206e0c20554b07e691a6bd4cf278f313e00d394db51dba883930d661f57a8799d2a077775ad49cf516094ca7c42636d4dd08fb1f7d76baa4c016c

Download Submit
/data/user/0/com.lbwifi.anpok/files/.envelope/i==1.2.0&&1.4.4_1655040356432_envelope.log
Filesize
2KB

MD5
0fa7bdf8791a2617f75297ef48a87898

SHA1
7b82cd8de75d0021cd2338b5c64a7a14033e2222

SHA256
e03ca5159b2697efb1e5e24179b06a69f9a02137e4f6480cc85084259c573567

SHA512
230ebe6fe2cfd0e6777a0bdbc002d8c1f17576293fe67290ebf70c36a6c040e3a9d1f770ac22e9d40959232f2cd5d4b5ba3aa0e7e7d94667cf3753dc093f0f64

Download Submit
/data/user/0/com.lbwifi.anpok/files/.imprint
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.lbwifi.anpok/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
d2973bf5b8c3d44dafb93b340dd3b674

SHA1
bf9255ee3fae2348877e4d1baf010e84107597f4

SHA256
b4ba1ebfd41430851bcb34dd9e2a758417f2be1c0d98a44625cb335ea0fdedf9

SHA512
0d81d0948d6f19940f9bad1406e6e58704b5bfc46e4bcafe8bc24c2902102b70d4c59977f2ab52420965bbdcc9010e5392e83c6a46f786b68a62edcb36311df6

Download Submit
/data/user/0/com.lbwifi.anpok/files/exid.dat
Filesize
54B

MD5
8136d6b74c144c70e9ee60ecf01f4cc3

SHA1
41c810d594e6e26418b93ae1e75cd96af7fd16e8

SHA256
369521cf559b658fae99aa10bb4d709805b3918308d32406968582e99903de40

SHA512
5a9a6f967adebde5e1848ee4d9474047708d54239fc71399747660eadd6d459f28a31947567382f3a7962a7489f2f0b911db9eea58c15ecd53a52990645e372a

Download Submit
/data/user/0/com.lbwifi.anpok/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNjU1MDQwMzU1ODQ1
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.lbwifi.anpok/files/umeng_it.cache
Filesize
350B

MD5
94e5f0ca19d2790f736dbc686ea21719

SHA1
3009fb8348ffbd937d04654432e280b75d39553e

SHA256
7428e03cf0591f1ba75db2dd313824dda4281b7c897fd701a5af189b89a2af32

SHA512
24cb0284a7538cc13e5c09e1739865ebf950befaa13fb327ea3a528b184aa37a96f8943c469e3f4ca7209149ad71ee51bec4dd6e7d296869341df196064a9c19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads