agent_smith | dc605338fcedb9e697bd557d40d13c668e8be0c02da3065b1834b6dc32ae37af

Analysis

max time kernel
954093s
max time network
146s
platform
android_x86
resource
android-x86-arm-20220621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
submitted
25-07-2022 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc605338fcedb9e697bd557d40d13c668e8be0c02da3065b1834b6dc32ae37af.apk
Size

2.6MB
MD5

f55c6d856a1756577140e88eaa46707d
SHA1

30695d68188364cb1509ee0ddaff4647affa7fe6
SHA256

dc605338fcedb9e697bd557d40d13c668e8be0c02da3065b1834b6dc32ae37af
SHA512

d3cda2da7fed95667c02aac09811dc6e9864bb2fd2436ccea94a139f1982f2dd878a280ee99ca718e443c9947060414c3325872a2bf26ffb91b6c48a918a6cfb

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.wrysdop.fghsdy

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.wrysdop.fghsdy
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.wrysdop.fghsdy

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wrysdop.fghsdy
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.wrysdop.fghsdy

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.wrysdop.fghsdy

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.wrysdop.fghsdy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wrysdop.fghsdy

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.wrysdop.fghsdy

com.wrysdop.fghsdy
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wrysdop.fghsdy/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/Web Data-journal
Filesize
1KB

MD5
0779ceffc33107b116b3838f4da3db95

SHA1
8da9fc1267e0f1e95f78a3c3caffc274fc7be36f

SHA256
8aaaf11da3154f39988bd043afbae1d2534efbe3118e033fb9be7d267f8f0569

SHA512
cb309613e12a36482095e7266478d269052fb7c5bb8d364a79d03c5f2bf4fdea0494764bf513630427eaf0c9c545350c0e9de6cd68d3304e340fb0f4a84b5346

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/metrics_guid
Filesize
36B

MD5
75872be6699265b805341fbd1dba6883

SHA1
af5ddbed4e1cffc55b1af7e56a3b3be3cdfc2c97

SHA256
8caa8e364f0a0f9932381280cfdaa58e68865ebcc9f8b19fb034a58f6f8de419

SHA512
cb365e37c7f8d80935d40a2a224a38205700daf57af73f4fbf31a3d820773d2616e2cb1efc013c8c38c613653f9b0104e4d2e4cf6de0d30f2b32c880ecffaab3

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/files/jiepayplugin.apk
Filesize
20KB

MD5
d306d3d7eb67b36c05171df3f12dda60

SHA1
c8827c4b2a1471a6cf71d6ba569b1772af861674

SHA256
a41c11d65630f45ea0ddfb26b964bfcac454d445959dee2694bc66b59ba0bb34

SHA512
1b01c6e9957c8e9973601ca22c2cda5d01d00876ed596251e1a457d6734f8dfaa8297dc63a8492b044674f3115ca86c78db47e6e712ed7a105c1c3db3b1bf5e4

Download Submit
/data/user/0/com.wrysdop.fghsdy/files/oat/x86/yypyda.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/files/oat/x86/yypyda.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/files/yypyda.apk
Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.wrysdop.fghsdy/files/yypyda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xml
Filesize
111B

MD5
e74db5c7c9ca2d6ad7807e5fbc19fe29

SHA1
0c6b38712acbc7b6f636b7849f83eb7031dc7118

SHA256
df63dc8475ece45624576d385073751b751da53d9de9b9d54e9088fd2c397e99

SHA512
0c520d2a815cc3b6be8c6d6070a500ac053363bace67f258e907f7b6f1e5fabd1ba929a4048dd9575326b284b1caa473af9dd245b7fe1290c7a11519b8303edb

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xml
Filesize
171B

MD5
db49916e96248cd71ab540f4e478b1d8

SHA1
5ac8e6b16d4771ce2bdbe880f3dd9b9e4619ba6f

SHA256
bbc079a1e8b70ef9ed1e8b53ce6358eefe364f77670ca65dad5ed618051ab017

SHA512
f480819de9f976ea627e97c985c558cc2cf05fe8327fb738d2cf72d5c4e4c8b67f12a348943683d2b149f14362be4554e6c382056e36ac057303c77019c94543

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xml
Filesize
236B

MD5
49ff1dcb016c6e39a0bdce76d783bc69

SHA1
1d83f4da40555f5ef0d0f208066e643597f7c5ab

SHA256
ed32eeb472409cdc5cbe969e8c1d2670ef53561c1c37383e631a3b391584f029

SHA512
e6ba88cfbd61e42e56c73e6699b3ee06bae903f09c51aa7b97e4da2776b948b5a668b2b2c6c5d12c57b17d354b37ce60c6f130d65d84b7f14b3bfe8ea0a03ecf

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
67f729dc77a3c4c773e2c2e6660ab8cd

SHA1
9122cf56e4985a4c1c494159648f398055224dd2

SHA256
3c3207eba967d3afbfbf4d6bfb76215691c8cf70d960071af690894a2b4936fc

SHA512
94a613cd51657e766ce670c34868f3127b76adfd54c23e63b0b34e0f36313f092da282abd2e111b70f6f91671f6beded77fcdbf04bfc4e8e6d93ebe6dd015903

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
6fa164b770d6369fceb732d213c14bee

SHA1
d6b38b8fe5136979783040a380ff4a5822be0f5f

SHA256
7157c846549e595afb03da02841a84955817bd1824640aa7a73e8057edf38d2d

SHA512
b86b99a842a4a7d12f91c97e2b0927b31390b2b4bc3c00ab78a583178a7c7f4dde6f21d14d1dd6f9e44032e175518245ab473e022206983cf38fc9ac71e533ef

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
d0642c4cd615db3fcd1203d187f12003

SHA1
b7de90fbbe838881d840fd18d41d90b4c02333c6

SHA256
df5683480c2dd63cd45dfdbfcd1b84c947c823959201ebe8ec2541376fbf1511

SHA512
7f088a50073302538e9f0d59112026b2d3c9b54c7568e58b598189a3eaef3bd24b2b92439c2e04c5b923d76e6938cae2e72bfd369756c15abbc0508ba85484d4

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
ba0fd9f078bcc5b0a370f540d729bec3

SHA1
c95ed19f3e0daa83363241249434e6e237627cdd

SHA256
4885ef1be02a57eba3ccba951e970d53532249b7060d9503c13218e87511be52

SHA512
4b64a99b6bed5b3d2a45126a0ef738a38999eb20c1d00f9e2b0363c4a149b67b9592732466c3785a853b50f5bbcdd0f1080c59bdb346c7db3d5486c7f6f446d6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
80b66db7a8a05f418ac14c279d50f0e8

SHA1
9e4eab2ea4b11bff8c74de02eea4c20d42b82a14

SHA256
68515024bbc6ce5fd96c7df622c05049c8f22c201170a6563960bb96a93f39f7

SHA512
7092039fa6684e162e3010a10dfccb5c48ed7264e5d956b987f4368e28c336a7ba3faaa0509d91b9619829737c82e1f52e5d70d7aa44d61858ea0bdd62e4b5ca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads