agent_smith | 0cb31ac15172c5f74195876deaccf5bd0a4a064fe6e44dca8657b2296f089674

Analysis

max time kernel
915001s
max time network
156s
platform
android_x86
resource
android-x86-arm-20220621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
submitted
24-07-2022 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cb31ac15172c5f74195876deaccf5bd0a4a064fe6e44dca8657b2296f089674.apk
Size

2.5MB
MD5

bed072181185cda703eef9c70b58fea0
SHA1

f61b4b4930a78a3b59b4b56952f0af3770ea2b81
SHA256

0cb31ac15172c5f74195876deaccf5bd0a4a064fe6e44dca8657b2296f089674
SHA512

86eb36bbed7b4d0c2114e3c2b6751bd205134bab3784b2d0a620e307fd9162fa6a6b579634d8058f66a2bdc6844cc9fce9f939e6422b827ae51687ff6b32164a

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.dfoiej8.ccsdyia

com.dfoiej8.ccsdyia
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4050

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data
Filesize
28KB

MD5
1769b076826d2eef12cca84a84539031

SHA1
aae6df2af435a9d1db60aa5d5033a4365ede5bfd

SHA256
3e258345c0025f0d4bf45f3fa167ffbdf0ab449433ace3137d4cbc57ad72ef81

SHA512
cb4cfed2a4b3977bc15ec2c68102a43a92788b4caab88907ce6b509cd1ea4b42899cfc30ffc13e0dcc70139197802592d084ecec3779a911eb91c06cf3040a1a

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journal
Filesize
1KB

MD5
16e85b2c2ce61a34dc91b04178cf763f

SHA1
4d14e88965253f9468edc414ab6093d590dd6252

SHA256
4d8f965a2d78c25f15ae34c15e6f548c8ab8f33bd20f560652421c7213e8f6a7

SHA512
d26ba2b42bc0c32ab12e5a727884d106814d166d7045da898ae22e0089cec518c1883e9454d1f701a3fbf0bddbc2d7484434cefbeae1db3da9aed76d107bd9d9

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
Filesize
36B

MD5
ba7e9a1d1cf584a0062d585f0bfa226d

SHA1
3e8ac71eb065f31d085cbedf7f29ea4d0752490c

SHA256
f4539b68d7d354a5c3e5670b6396205263c125aa24c1d7b8aeba96a7760d6f43

SHA512
fac547abb60cb58fc01b64f796c3acda4ebf9efef740d966ae4d8d7d439d089ff135a849fea3aa6ef2d39efe97e8418ed76a17c670125237f4d16266fef97f63

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
112B

MD5
b85dde949f457d79a16fb5bb257a84f4

SHA1
b6b10e58dcee3cab9943fd50d869722aa87af295

SHA256
02ac12c82a646b8e3c611d7bd4e9265547b8d148c5b945c388b088b882f8bbdb

SHA512
450535e4ac9858c419eb7c26985e2a8d6054ea991f7135f1021b38eaf16f8ba6ed581af7522320a500a655390abbfafd25797ccc929bd937cdc8cc9ad9e91cd3

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
172B

MD5
4f9380d1a065f84a61ae68b67634f491

SHA1
6f8464e4c2ceb92e37d9c1c1bd97280b3e5e001c

SHA256
516909b5816cc48013443fa6329bf059c5ff177bf6cb233976ec359c73df5323

SHA512
987f83b094c6ecf1a7b9fb7f238f9bcda286e007f7437c0998118564e40ed2210240a7c4727de1cafe992056c3f5fa424b643a9afc322dbaedd0afc86ce522f5

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
237B

MD5
a998d6db386e7f03eaa7a788c3299379

SHA1
2b3c6144e1e3924ee06f66dc626653c04743872b

SHA256
9ca743608e6dbd5054302d1197b772cc29bdcf63f91d7f3fd70e72773292bb69

SHA512
2671a7a10fb6b919a065733d69b7a840d1588233c472b568a779c2a64726372b453188622d922129bdb4a1da246b3526deddbfbea8f66be161a0a92a007521d0

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
3f01244f5454b1a77c4c0033bdb13f66

SHA1
bc201e264f54693a04715f276f1201a754715a80

SHA256
aaa7c3c856616c370c9907889ec09ecbd598e276111791a0eac128390d638332

SHA512
7cbc2573daeea9064e313767451440547af81044f904fd5969901d526bb529e033eeb319ef5137ddee61329cddfc0f928db2517d62ca8b6ecfae065777f2a46b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
08134cbf34f220a3a98fd4e689db02da

SHA1
4f9e173656d2642d1294b9a74997bdc4a17cfd7c

SHA256
ab878e42a9bbaffd535aa94bb51397ebc7c2e6d4dad23d9e285c8d853a637356

SHA512
0bce6ccfe7f3dfc8143aca58a4fa2f6b0a1c1ccc375e87d7aa9b28539d379d1c02a978f629290cd2e1ca1264f2e55d6c1de09cdb88c5a90295d9626f8ac3d3d2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
48540fc7da881e1f7945e64f7939f0bb

SHA1
a18e8163c4b4a09e6c595890aad7789cc75fd50e

SHA256
8c215f6865e2cbe8ce960cedad0c9b278f08192b7bc952c0c531cd4681ab92f3

SHA512
ad6f270f4b49e32c51bb580604da5b95d3a3b53c7c749a2658d74a2baa1bb46d43a478d8fb3d548d630b25bf95267bf2cee25f09c27e0947cd1cadaa931dc6de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads