agent_smith | 38dd8dd176a1f6f1a68ecbee675df7bf220484aa72b9dbde0f49a7b8cfd730c7

Resubmissions

25-11-2022 09:59

221125-lz2avacg61 10

Analysis

max time kernel
2941789s
max time network
158s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
25-11-2022 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38dd8dd176a1f6f1a68ecbee675df7bf220484aa72b9dbde0f49a7b8cfd730c7.apk
Size

2.5MB
MD5

7b5621db21e666d6eaa4285d6c14f5b4
SHA1

84f918c1a3e8c64aaa6591d69eb2e27d1b945ce8
SHA256

38dd8dd176a1f6f1a68ecbee675df7bf220484aa72b9dbde0f49a7b8cfd730c7
SHA512

ae8825c268a55215da6a2a3ec0278cfd03e46ea3b66eac1fe71396ac90c4c5c69404b4e4444ef9b985f9ac2e8fb76970f6303b0b08da69ec6419d66fbbac305b
SSDEEP

49152:xASxVPa2K9ph2NMOBf8XZ9f8tbuSHyOo2uEAe3oeYUcunYzom3cTRexHSaoA:xAL9pQNMOB0J0buSHyV2aX3z7fj1

Score

10^/10

agent_smith adware ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dfoiej8.ccsdyia

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dfoiej8.ccsdyia

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.dfoiej8.ccsdyia/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=123 --oat-fd=124 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex	4139	com.dfoiej8.ccsdyia
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar	4364	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=123 --oat-fd=124 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dfoiej8.ccsdyia

com.dfoiej8.ccsdyia
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4139
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar --output-vdex-fd=123 --oat-fd=124 --oat-location=/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar

Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar

Filesize
69KB

MD5
61503c78bfaed115dc65f007a7461ed1

SHA1
e989f0a0abe36a164feb51d6419eb1d10db3fcc0

SHA256
f9eede33f737a4287b1412412c47a8eafbfb732f764fe18cce955c4a28d3d2e4

SHA512
3c59c6deaf0c0d0aa559beec62fea04a8021d471ba92af656983f6ad72f1a07af25a3d886b1c2783cecd802bf865c6100c459eee83e963cee95d834e643d2014

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journal

Filesize
1KB

MD5
efd395199cbfeb8cffda207aa2dd51d5

SHA1
4489e8122c240716792b501c240552ba250bdb19

SHA256
e50a60e738f5a19e4011f097087f6f60346333f30a14006a43b4de3e53f6dcd9

SHA512
ba479281a99a423c775c3fa62e60c8632c70f7374d9024649d8cdfe3335a6cf0a4cfe8060d8233651757152978ee80fbff0c747045c0e162ce4def84617621fb

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid

Filesize
36B

MD5
9fcd42e6280645a85b15ad378eff3c2b

SHA1
f2ca8c8742568560f551eb37ef40ad13fd212257

SHA256
bca26360308636a43e37ff08be265d11ec97f91d6780adfddbd28db5e22a07f2

SHA512
2a856d48c3dd77e1052e2940326884974eb8c8525609aa02eb8ede29edd183dda216d3df77af0bd10a1a6dcb8c995165c4d4cffed5c2a54ed9cccf982a5362bb

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/jiepayplugin.apk

Filesize
45KB

MD5
c83e81f064fbbff6870210fcc9abcf6c

SHA1
65f94be4a62160065ff192b9baac02da3a293031

SHA256
fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9

SHA512
100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex

Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex

Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk

Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/c8ef51bca7c6ca597d96a5924f5daec5.xml

Filesize
118B

MD5
70bcce713d6804dc2383d9c3f3c11f88

SHA1
914578332bb50eec030e67550714ee1eccbcfb1b

SHA256
4402bbdb6845770a576889b95f9b636ab10337339fce737ed6d7cd353571e1ad

SHA512
2ba316869c61f58cca7dd2260c33b59d211b56abbf763ed5af1d0b7a94c8d5bebeeb6d59d26b8dc1c5f2dcdcc17c71306e46cc126218364d5ab55ab2187c8679

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml

Filesize
112B

MD5
d31df9d1296ef84e866de56d74f5cd6b

SHA1
5573373ff507a9c3924a033907982980f44e7807

SHA256
ff1ad8f1b08a190f444835dc7805b0f0c98ab7a1c5e908bbbe06e57aec4822f4

SHA512
0f3e7dcfae348602e9ae07e37dd2c8bfddad20aa366af2ed9b0435dfc0281afd4f3e674621fc1d84cb5fe2068776b14c8b19dc983ea78b506af0b8cc96efad54

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml

Filesize
172B

MD5
371a6b2c1502770b330576f4e6124627

SHA1
b6435b00533b81e01b7cca577243771db2a79812

SHA256
b8b3140dae0e6577e05269fbafcd6d56c18d7ef96cfc6c51a9208632ab2be3a6

SHA512
bba2f183336724e63a8c84fd438d1cb005bb4e50720104b884bd4cc7e41c6016c40658327adabb3055d4d640faffedd843c3e2e45b87b0100762cdf213af12d4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml

Filesize
237B

MD5
cb436dfa9a9ce03be28ba69f3768f2d4

SHA1
4cf32598011045d58d6115a61dea0534073e0d79

SHA256
efc0b533e8a012d2f985d3a7886c949a5347f9926d21fd09cc2e51f24ca9354a

SHA512
b567a24e22acffa896e16de326ee1f84fc47d0bbe8d55ce61ac65544fb8474cb4992029b05bb5b3ec6705df95f21b45383af34a1aa6045a76359ad7d3b3e5866

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xml

Filesize
390B

MD5
5cb30012f95f87bd6064ef7e548d7f1f

SHA1
c2333a463250b2f529bcd65734b880b9daddd10a

SHA256
af7c46049a295e92289b78b889b1189f0b787f99e320b5bb64b7b38929718a95

SHA512
ce98c40606d8dce645d489099f187dadc8b49951f05ac43df33df6120e83ac9ea4caa78c6f3d55e5ed4bd2d770ba33e15edc5dec1a2b31fb23433d26fa33dde5

Download Submit