Analysis
-
max time kernel
2570818s -
max time network
129s -
platform
android_x86 -
resource
android-x86-arm-20220621-en -
submitted
25-06-2022 04:32
Static task
static1
Behavioral task
behavioral1
Sample
196c262a0ec4d1d8d23b9967433d4ba05f35fe80e54a032f767ae522f5251acb.apk
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral2
Sample
196c262a0ec4d1d8d23b9967433d4ba05f35fe80e54a032f767ae522f5251acb.apk
Resource
android-x64-20220621-en
General
-
Target
196c262a0ec4d1d8d23b9967433d4ba05f35fe80e54a032f767ae522f5251acb.apk
-
Size
14.4MB
-
MD5
e81f599e57f40a50ac99b38933531b1c
-
SHA1
a15180947012c33f6e0e5f30b3215fcee7cb5294
-
SHA256
196c262a0ec4d1d8d23b9967433d4ba05f35fe80e54a032f767ae522f5251acb
-
SHA512
db1d99dc3363115bd44a63dc2776ce7fa934362dde3ad83242206188ba6111daaab555cad0bd4b1850f2f5063a74c0bdd6b452d2707db143a48bb1242961e6a0
Malware Config
Signatures
-
Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.cam001.lijftdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cam001.lijft -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.cam001.lijftdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cam001.lijft -
Checks the presence of a debugger.
-
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.cam001.lijftdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.cam001.lijft