agent_smith | db1c713a93890ea8450b49bcc10903fc36d5cdc7788d88d648078e2af4e706d4

Analysis

max time kernel
1411714s
max time network
123s
platform
android_x86
resource
android-x86-arm-20220621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
submitted
31-07-2022 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db1c713a93890ea8450b49bcc10903fc36d5cdc7788d88d648078e2af4e706d4.apk
Size

2.6MB
MD5

839c2031755061e9f0e2f41382b3253c
SHA1

4b691578c5afc147498642256eec8a72a20555a3
SHA256

db1c713a93890ea8450b49bcc10903fc36d5cdc7788d88d648078e2af4e706d4
SHA512

652a578349ac518d268e01fd4f356ca8ac4f622a26fe0b19b333dc9c7572f0aa27f421878a5932e0ffd2db02bb227351754b7169168174c2c47ebbe48d113a07

Score

10^/10

agent_smith adware evasion ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.wrysdop.fghsdy

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wrysdop.fghsdy
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
evasion

Processes:

com.wrysdop.fghsdy

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.wrysdop.fghsdy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wrysdop.fghsdy

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.wrysdop.fghsdy

com.wrysdop.fghsdy
1⤵
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4629

ls /sys/class/thermal
2⤵
PID:4704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wrysdop.fghsdy/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/XinZF_conf.xml
Filesize
170B

MD5
228dc52a2342eca0ef8c70b676c71d47

SHA1
408a8056c4361c42d18f43ca6f4c5f31628ba702

SHA256
ee596bc42cffbc5f4f83ba2ed92b97c05924b7c2a50ed84d649b3a4f2acc4301

SHA512
ae85c6c9135e7f9286f2b7e7f6a5d126d9074e21ba37f99ecc70800fd72ca838e638e376db8e6a477e595bf3ef08f994f8d307da28b6bc3d43dc06f340a3e755

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xml
Filesize
112B

MD5
0b6db4fffbfcd78b7716a92efdb2a68b

SHA1
55a606d76e621e6d5d82c5d128c8d0b0e58c2df6

SHA256
26d329ac9901b0356503367e9189605697ef3195f4d91cf2c9e36d316a05eca4

SHA512
ba9d68ca9e5ac1cd9311ea27027002dde122d687bdfdbecdddd61ad2f0028337e4699c11d51f6c61c7d78cbeb6183694d5ab00e6d878a39f18bd9f648e4e395f

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xml
Filesize
172B

MD5
a64260134268a8b30fd6ea8f9512435b

SHA1
ae7534e83d6798e7db93b9080be0ed67d510ed7c

SHA256
dd088ac39917646e1606b0528d2376ad4e8b9cd5c4fabf9c5748cda79173bc33

SHA512
b8bdc785c955aa4125fe267b634fd4f41608dea8e83ce75a5e39c3d911380870ca24f3605ed5ba1564cbe3a5925d3fba595f471b8be846700e4aab8c248f0857

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_config.xml
Filesize
237B

MD5
12aaaedadcb41c27ee5ff386c89cd7a5

SHA1
ae6ac9cd2632d6d493aa2448a0decb7dc5813774

SHA256
7a1cc18e07c0eca6e941b8bd26ae76204b0dbfe6d28fc83c9662bb5fb38bd299

SHA512
39aacb20e29febe847fe2e6b134c069a9b0ba1285cc5f2894f9b34f9f7fdf29cdc4cae81156a897e2e0ce00c6bf93876712db892b15fedc142e7ce83069c020c

Download Submit
/data/user/0/com.wrysdop.fghsdy/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
67f729dc77a3c4c773e2c2e6660ab8cd

SHA1
9122cf56e4985a4c1c494159648f398055224dd2

SHA256
3c3207eba967d3afbfbf4d6bfb76215691c8cf70d960071af690894a2b4936fc

SHA512
94a613cd51657e766ce670c34868f3127b76adfd54c23e63b0b34e0f36313f092da282abd2e111b70f6f91671f6beded77fcdbf04bfc4e8e6d93ebe6dd015903

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads