General

  • Target

    5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b.apk

  • Size

    20.5MB

  • Sample

    240216-ty883adb9t

  • MD5

    274b3854076ae54515453e34e7042793

  • SHA1

    7607b232e147d8a26a1331e1be13b39e6dc6bc99

  • SHA256

    5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b

  • SHA512

    4418677aa987c3433b0d817c8fc4e0c98e5fd8f030b71ce4dd4ebf5f2a07e6d9256e2d7803aa9ea433f5d9efaa9c1e930f43b802b78d2f0132065e9d83a481ed

  • SSDEEP

    393216:oBtbEsJA35z7A79L+FyZ1mbgafiubcEZjbnT9i/zVN2I+TXaFKKpPbNiRSKcssJP:E5LJA35z7c5dPmbBffcGj1i/zVN2IkK/

Malware Config

Extracted

Family

andrmonitor

C2

https://anmon.name/mch.html

Targets

    • Target

      5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b.apk

    • Size

      20.5MB

    • MD5

      274b3854076ae54515453e34e7042793

    • SHA1

      7607b232e147d8a26a1331e1be13b39e6dc6bc99

    • SHA256

      5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b

    • SHA512

      4418677aa987c3433b0d817c8fc4e0c98e5fd8f030b71ce4dd4ebf5f2a07e6d9256e2d7803aa9ea433f5d9efaa9c1e930f43b802b78d2f0132065e9d83a481ed

    • SSDEEP

      393216:oBtbEsJA35z7A79L+FyZ1mbgafiubcEZjbnT9i/zVN2I+TXaFKKpPbNiRSKcssJP:E5LJA35z7c5dPmbBffcGj1i/zVN2IkK/

    • AndrMonitor

      AndrMonitor is an Android stalkerware.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks