agent_smith | 39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746 | Triage

Submit
Reports

Overview

overview

Static

static

7

39aa9f2c44...46.apk

android-9-x86

39aa9f2c44...46.apk

android-11-x64

Sharing

General

Target

39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746
Size

15.3MB
Sample

221125-lh723agc45
MD5

058f5a4037f42ee67766531988924c73
SHA1

9cd3a910fd8ef392748e964c98dad7dff59fa066
SHA256

39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746
SHA512

d80675a59ae5cfbaf74e7ac1cba7053f8211e22936a7cbc61750286e6a19bd5e1c2cab70ea217e90f46b3c91c1c8f1d013191044bd52b93e6366679f169e0c2c
SSDEEP

393216:Te8ilU1aJkgRlonedGHce90GDfbDqA+UanNe41VbDzouX:GcvISneIva2TDQUMe41FzouX

Score

10^/10

agent_smith adware android evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746.apk

Resource

android-x86-arm-20220823-en

agent_smith adware evasion ransomware

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746.apk

Resource

android-x64-arm64-20220823-en

agent_smith adware ransomware

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746
- Size
  
  15.3MB
- MD5
  
  058f5a4037f42ee67766531988924c73
- SHA1
  
  9cd3a910fd8ef392748e964c98dad7dff59fa066
- SHA256
  
  39aa9f2c442b9237f4350b434ec0b83794ae3f18deceacb0c6651671080ae746
- SHA512
  
  d80675a59ae5cfbaf74e7ac1cba7053f8211e22936a7cbc61750286e6a19bd5e1c2cab70ea217e90f46b3c91c1c8f1d013191044bd52b93e6366679f169e0c2c
- SSDEEP
  
  393216:Te8ilU1aJkgRlonedGHce90GDfbDqA+UanNe41VbDzouX:GcvISneIva2TDQUMe41FzouX
Score

10^/10

agent_smith adware evasion ransomware
- Agent smith
  Agent smith is a modular adware that installs malicious ADs into legitimate applications.
  adware agent_smith
- Requests cell location
  Uses Android APIs to to get current cell location.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests dangerous framework permissions
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agent_smithadwareevasionransomware

behavioral2

agent_smithadwareransomware

© 2018-2024

Terms | Privacy