agent_smith | 5d0697bc743389cc899dc062eb62981508f2c059d1737691f308b943458f1680

Analysis

max time kernel
3545118s
max time network
129s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
30-11-2022 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d0697bc743389cc899dc062eb62981508f2c059d1737691f308b943458f1680.apk
Size

2.5MB
MD5

ee654f52428468bde74df3290b7a87d7
SHA1

023a6e32525d508282abf118368fce83c31fe47b
SHA256

5d0697bc743389cc899dc062eb62981508f2c059d1737691f308b943458f1680
SHA512

2ca278566cc98e8635ee58d259af952501d0b4381495d5051b8394b21c68341cd55479a4a9b1f65e3b0da6588fb700044c8e36ad185ed30eebefb856997f7f53
SSDEEP

49152:nASxVPa2KLEWmE/h2SkUEjqvhInlYYhme3oeYUcunYzoI3cTRexHSaOg:nALoYp2vUEOvhIn2RX3zjfjj

Score

10^/10

agent_smith adware ransomware

Malware Config

Signatures

Agent smith
Agent smith is a modular adware that installs malicious ADs into legitimate applications.
adware agent_smith
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dfoiej8.ccsdyia

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dfoiej8.ccsdyia

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.dfoiej8.ccsdyia

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dfoiej8.ccsdyia

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dfoiej8.ccsdyia

com.dfoiej8.ccsdyia
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
PID:4081

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar
Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/lpdf.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_jar/oat/x86/lpdf.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data
Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/Web Data-journal
Filesize
1KB

MD5
b4deb177b5620c49505519087d5223f9

SHA1
22b0c3ffed2a31b6c5316a186604a131b970a669

SHA256
0eecbe0e0378dc8145ab9c769d770b83cede7376e364bc5e045fc710111cbaa7

SHA512
81b58d0a529f115194137da9f5651546bf4cbb71f0e7f8d6159811c03f3d54742c3f9c334d959ad0581e77860d161ce40a3394b5e6f92e71413a33fe0f4e04a5

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/metrics_guid
Filesize
36B

MD5
f870bc565d008f2dfacb0e70e1ff7123

SHA1
c4522f92a8123a2fd2d7446d90847af203800e89

SHA256
6a116cd1cab7aa91763d40233f20057a153ae8d5d2806721273cffcf1e51ca79

SHA512
b93b743531a8671615c091cbccf08e0bf66cb2a8f09d092e6f31b05eefada5670a368678526f85e15ecab05a9a7fa58b906e32b4925874673885b0d3c9d08638

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/jiepayplugin.apk
Filesize
45KB

MD5
c83e81f064fbbff6870210fcc9abcf6c

SHA1
65f94be4a62160065ff192b9baac02da3a293031

SHA256
fc37a898193dd0b37c226a5841936c88bc51a02bf99abe3f17ab84951a3aa1c9

SHA512
100c617de8aadb73da780a8e16eccde545b9717bc0e77823efbc1d9831f13a2592a1a14d9e68ba49a364cf2a8029f6fee42d7268925da7f0112c18a5e9412164

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/jiepayplugin.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/oat/x86/yypyda.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/one.dex
Filesize
59KB

MD5
1b5c4ae7e385db4551ced8c19386abe0

SHA1
12d4bc9728c4f1deec1b9b8aacbfe71c3ceeb4d4

SHA256
8211fa61bdd647dc627a182c4e2a763024252dfd94d14f1f12c9c9b4df045d70

SHA512
f56d74aa9a3c150034866b12abf7ed233fcc2bd03d7f34bfdfd61cd054952189311669892e91dfcbf5000f509210d56d094abff99371e4897bf7943ef5a2764b

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk
Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/files/yypyda.apk.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF.xml
Filesize
125B

MD5
237ae82ee89a2accf57cc2d78879094a

SHA1
0c2efe5d38dbb74625568265c72e3b624091bd57

SHA256
7c593841a5a94cb2e7e8b6b991eb936fbbb90cd68b02fb38795c1c24779dfff4

SHA512
414228ca69a9556e7ea86e3f0d9d1026479b72aa3ae9a3977f20dcdf489a1c25e61b4fc510eb54e0a7472985a309b472744190ee86b730cc08cd00e1ebb0ff08

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
Filesize
208B

MD5
7be658d90c007e37ccaa58a0e0be2a73

SHA1
0d9a9d88aaa71033a7822d826a7e5d24fca8ae0e

SHA256
2a96884c88e76ea74f4a896b1157ecb92180318e7fa9cc0ff722bf343c7096ee

SHA512
81904a76703ca59b7c65b5c05540b312c849f5f52990674a6127750e40eabf61df6fbe32879b2fa9ad2a7e97c0811ebb2d872454c2dbd1206a48392681e4401c

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
Filesize
122B

MD5
76a516ec620e2508e512a673a58347a3

SHA1
386e9ee5d38602ebdca74bc24b24d75b1a765e8c

SHA256
245368df69958cb3da7feaea45e63731daf36a8954e5982bc36ed91eb439c6b5

SHA512
e4e96e50d4119fb2ba9d28b997b4991cf5e14ea7ea43c25304c3a40850a7744491f25e2ee0c7e500bc02e203669ff1cdee302f96534960bbcca3760ff8d192a8

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/XinZF_conf.xml
Filesize
169B

MD5
5c63d2ef7263abbd6488bf725891f955

SHA1
2956c8357be05911cdb97454da456d7fab30ec1c

SHA256
649a0e32e6fe0f887c316713191699e3df2a7bb1724797ee8dfa12abb0ee0cfc

SHA512
8d0a0c436bb8e28bbdad33c07a9f69cd2a48fa30d65ad745b1878fe2ac685f402b9beb0e2e4f9117444260426fc3c19e61016457402151f667ff9ee8fcecabb6

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/com.dfoiej8.ccsdyia_preferences.xml
Filesize
241B

MD5
9bfef8d721b98ddee96dd2642fccb104

SHA1
26c3e32b758213150d54584c10fa9adb989d3162

SHA256
a72976bf3d2218d0554e25733771017182f8532bcdf50c10afb910b297bfacd4

SHA512
c4f8b8aad372f04969542e70b8d62757d8efbacb4c4988f0bcbdda11bf4f28d1ca4cd601ae59bbceb18cb4be7d5c80cae06f9b3ed8bec72f57b389ec60bc5b6d

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/com.dfoiej8.ccsdyia_preferences.xml
Filesize
143B

MD5
af676b20def68eb777d731819de7e380

SHA1
f9a57535848a86e99dd50dd9ef7c1e1da2165e05

SHA256
468c30ca20a7f99d824d8061e3d7e07f004ff19ea030394087d321f9d2616f62

SHA512
983ac9bb9ab538b6a42f10bc5d5a539cb8f27500e207feb217759880ed641cc2e08acc520bdf1cb8332a38ba06dff1d0bd804eabee6bb8dd7ba465e112282ea6

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/com.dfoiej8.ccsdyia_preferences.xml
Filesize
200B

MD5
b0c953387e0d2dfe8fe263e4f8b8bc4c

SHA1
1e0165877b941f1f5fd1b077bac47b0b1b2ba5cb

SHA256
ff48fa7356770e9e3780aae6642bf5f563bf7698806345cb02deedcbdc3c46c4

SHA512
69ba555ae94f3037b92bde16c0faf4556cbf50bb70e39d56ef4360b4a355c726f9d8bff422d142619472e9da7df0de12a0a6fb43a095f3bf3164ce7e42defd22

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/info.xml
Filesize
400B

MD5
98a46452a36ec9e73c736290cf35ea6a

SHA1
e5289543f999e35a26b0240aa4ca37d19bb567ce

SHA256
a6aae24bf5a100ddd662a576576e964ca43905d15464aa9e900fa9bcc7d1623d

SHA512
09b0e30f7da6def58b2b8488e08039853f8b7a97f44c3c7163e925c8689b1e2833979368161ee49d02cb41df08bbe4e5cfb62b78d0d559c0617e94799c0158f5

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
111B

MD5
daf506dc35507d208a01722e72e80f7f

SHA1
01d7b6f0015b022f87de8351d1a91c3e43ca842c

SHA256
8bfc22df832d3ab1b93f2425f3dee68626155de7bfbf2fb2f5c805facfa2c0a9

SHA512
92672004b9e06ef0c6fef2b6dc2110b41b3afe075815afedc217c69833cdb2624daa42b18a0fce02556e109a3d8300455c12c7cd3c551501af8debf2871da06f

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
171B

MD5
3648b64c5e031b713499eeab2564e56c

SHA1
913580e9ed983ea936a1fe4e724379b0a5ef9dbc

SHA256
4f387beb7c686028d2cf891d8cf28e94381e4647a09f709aabfb3932827e3ed8

SHA512
c593d1af60924a2e9a1882fd1de7a4e317bc443daeb8a83a1fb41af36818b347bb0ddd7520bcf883ae7c9b8e292a852e48f60966e41a38bc26cb54b3ca4528b4

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_config.xml
Filesize
236B

MD5
b393fd97e604d6a90892f4bd8907551f

SHA1
3cfda5ce231124def53200bb264a2361ec8e4753

SHA256
cd2c8d0e62cb5f4377bd750450cd716600923ce8781061332fd6bbc6635c76b8

SHA512
d5e0f6471423e541fb617849281a475f35080ce819c08a4e0e3646927ce3aface54d8aac98c61339820f70e5f60ddd31f24e5cfc7153d61f897bfc9852c96f82

Download Submit
/data/user/0/com.dfoiej8.ccsdyia/shared_prefs/umeng_common_location.xml
Filesize
390B

MD5
a29ce057d0ba59ace6ce8c992d6b9a5f

SHA1
c7e1e1676a68160dff7e87aa4875027e4dc5db2f

SHA256
544715d753c64ac6fa615df0764ff289c99ce753e7694f28d982e193a3d3089f

SHA512
f3a7320ac5237716be6ec7d20ce2ac4f62b83d74d3f23b4cd2b69c16c7f112f0d1b88f667bcad052320c00cae115ccab25db11682d862675ace666d58de79a22

Download Submit