andrmonitor | 5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b

Analysis

max time kernel
69s
max time network
72s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
16-02-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b.apk
Size

20.5MB
MD5

274b3854076ae54515453e34e7042793
SHA1

7607b232e147d8a26a1331e1be13b39e6dc6bc99
SHA256

5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b
SHA512

4418677aa987c3433b0d817c8fc4e0c98e5fd8f030b71ce4dd4ebf5f2a07e6d9256e2d7803aa9ea433f5d9efaa9c1e930f43b802b78d2f0132065e9d83a481ed
SSDEEP

393216:oBtbEsJA35z7A79L+FyZ1mbgafiubcEZjbnT9i/zVN2I+TXaFKKpPbNiRSKcssJP:E5LJA35z7c5dPmbBffcGj1i/zVN2IkK/

Score

10^/10

andrmonitor banker evasion infostealer spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	gvhy.xmlhefy

Removes its main activity from the application launcher 3 IoCs

stealth trojan

pid	Process
4245	gvhy.xmlhefy
4245	gvhy.xmlhefy
4245	gvhy.xmlhefy

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xd3685000-0xd39100e0	4245	gvhy.xmlhefy
Anonymous-DexFile@0xd2c8b000-0xd2db3c28	4245	gvhy.xmlhefy

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	gvhy.xmlhefy

Reads information about phone network operator.

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	gvhy.xmlhefy

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	gvhy.xmlhefy

gvhy.xmlhefy
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4245
- su
  2⤵
  PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/gvhy.xmlhefy/databases/SettingsDB

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
c334632aa318a4d0dfc691fa50e647cd

SHA1
0bf18615412c42b44d2625b88a5d04d519af27a5

SHA256
f5d964c544f48c8e22713a47e8eaabbf85c33030baac49432185144b36a6f510

SHA512
a6381931c2c921151c68ef129aaf3bd7d4d00aa6241eb387c4c51416baae50cfd0cfbc7f3d8f28a84bb428fe202d1a2924f244e9624f4a6acb13bb84ea9e025e

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
88c0f0f371cd273ebd7d68de36f25cb3

SHA1
27d388af2ef4ec3126956c27554885b869d06132

SHA256
6dd3e242b8c4d02e332ed5dc48f1d442a57f9339a85266eb18dd303ae950d063

SHA512
df83da7a421f89131b17ddd994a5a04706f068129b37f63dd79d5f3ebc144510313debd71adfdde1966495b6067ef6790a81809487990910ba85c43dc944d695

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
e76c8d3514b1e67a7a37b4e8728e94ca

SHA1
4246dcd8cd66f53ed4d97ab5e3a04a15e2125144

SHA256
e7a209f9aa1f8f75764501e2147f6814efafa683318399a0fa7564abaf414a98

SHA512
601ceb19e1ce1c30287f608c2a6f2c328b9c52dc43e85c02378727d5faf1ea256370a2262dbbd227aca73a5f0ea7ea3908d8ac87e44830f31aefa5cbbb6055d1

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
a417a08dcee39e5c19cea03b2389c875

SHA1
6a7e9cada55cfd073963ad3f16b72cb77589601c

SHA256
91e443e681dd3a784ee5365c1670893e9012ac78c9fc68a39eb1b6071549fb85

SHA512
1395dd60f38336001c6191d48e13a654ef066c6aed88fb2698aadd920a4d92301f932155af75e7d2e18e8973f9f07dea901ed2c956e4e9629ce8c959fa01ccbd

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB-journal

Filesize
512B

MD5
a40d7544c0cd1184941c0f186c38ca56

SHA1
cb3b7dd62e49170a2228d9fc30c75a7885261506

SHA256
6e81888c1391cc33a6e3cec46659cfd5062331246d868030e338e685cee2c919

SHA512
8cba9cae72711c6da8bd47092393fa739947766fc3149cbe7184da76e72b26995de85e041510dbd19c308ab8eb4f09990d0e39c9646135062d625bba2177357f

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB-wal

Filesize
40KB

MD5
5cd142d7dd02ff0bb2f047e7da0ed8c9

SHA1
e2cce2d7ad78296786c167be13f78c56b5199f56

SHA256
84cc8629a32f63107d6300782d19c45eb8d4fe56b6731234c4847e9acb030225

SHA512
b32f00d2cfa994334c70c6e935030db9f1dd1a39b4a020bf3d544224bbda429eff09094e12444fe037197ca89d6825c5f4c126846f3910b7f509eb6cacd646cc

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB-wal

Filesize
8KB

MD5
7866de28c8143de93f837a147f86ab60

SHA1
66fd0e3e36a72de3cd70eb9811fa6b6c330cd598

SHA256
75e67ea7875522a9f1a024a7f3444e456121995ca65bbe352a8b8f6a93f884ab

SHA512
afc2f071c6d097d949f7108285643b2db1f2f05331eb2769451e7e43bca9b10ba43d6daf014f096375aa2f965b75dbbb38741e43f30e1edc43c88a8d1c5ec040

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB-wal

Filesize
8KB

MD5
96f05a6e4fd3119f11a57c499b4d8a6a

SHA1
debe8d5d7bb155e7facba9424c96ec42c73cee33

SHA256
8fb32c135e0984cd0499884d8b6825da8473059c0ee2da67bdf074189de4eee9

SHA512
750b57c8c8a99b65f84316739fafb7294de17f793aef559e9fc31a230c107b6933037a038db164be1db011e5591c9b96f60f16c0a3b81fd1e614927afbbe2864

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB-wal

Filesize
8KB

MD5
2908b268425b3bdfebcca0addaf7aebb

SHA1
2f75bc7f857b1848bb00fa4217095a444fe096dc

SHA256
8e4c0646fe4c3a13c65c0d0e446c7c269e879b46a9fd0a540ffe979fa1b9f5ed

SHA512
c2a24df493f894f501f4676124c70771b4d6f22ad1bd7b24da027380b327ab2cd8330addd0404bf5354dc29c1c3775ed3543a92f040916cd49572893ecc919d1

Download Submit
/data/data/gvhy.xmlhefy/databases/SettingsDB-wal

Filesize
8KB

MD5
c1ede40e201633ddec052e1bf29c8c9a

SHA1
288ef5f8293bd329552c3508d946433cb3d7e471

SHA256
d8d83adea53c819e294119dea26acfdc0a555b66484f31e66208c4e1088f5260

SHA512
0f11adcfb8e8b361773173ed9a276472dab2100c317ec5fd15a9172a520cb4c5c6adeec82d6ec2470aca6e9025fc6bf49a538dfa612a715473afad4105d3fea4

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
87KB

MD5
55dbe93fba290bd0a5fd88d30205e285

SHA1
e893d908bbbb0e8caf3cb5a57e29a4d2d56d010e

SHA256
6b43731c144112405699ad55d65e996c216f0b9204646ac58b054afd72b655cd

SHA512
9ff4f915b690c6c6b95ed07e5f3f7f8ac70148365b51a5ada4f127101cd6f5106c10a314daa65eb4a8a3ede3a2ba4caab1859b1b2679cde24aa00b6958d13c37

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
f6445a528b2ece97bcbaa74617513fbf

SHA1
4ec37db94e64f5b200a7457454cd81f5f1506a3a

SHA256
4bc06b33308faaea1838ed44ccdc9c9dec08f154d959da537e2e691815a9658f

SHA512
44dce236fa810beeeacc1efebbf2a1f23254a3b54981fd97246b463b809e203dbb6e91924a39d3f9ecabf64f792dc26fc7b889e89026151475a9cdfd3a0f8c85

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
274c84d139c0f1cab6dcb20ee17bcd3a

SHA1
271e18d2af4c49e36bd92b5b5df999a5a390c42c

SHA256
921a2655cb1267858b25a138dd0f5b3907c0340073eea280431d4f75507fe75a

SHA512
782edd562e68941612fb3a1bac0fe46dc256193eaec5d268cd9dbe347779967865b3c78c3e35995a0e6f353847fb7e0ae49451166849b7e5b97dc48d0adf159e

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
1f3574dd52a15f1ac1dea9c0169c4bd8

SHA1
7ade57530b46fbc071d814ea2f53c4410305c05b

SHA256
a9454afd1bce74194ce371d19267cd5691f744dc610656f637b6cbbb31040ebf

SHA512
4cb30d4bd9b567c40a540807b44faf17f0532c156f016bbe21ae3a882ea87369f5342547865d8392068959c02cedf260c334f05bc9bd17b665901c8bf00f096b

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
150B

MD5
a218423147af079b58f9d9cf01b2bb2a

SHA1
969331a49b9d2f87275882596d70b704b1f9bf87

SHA256
0332701e33841e523e44734f2ef5116d05fb6e25cae383fc130f8c87972b1a02

SHA512
54a94b8652ce6afe897902de24b8650e52d98833a82d4b3fe4a49d68a92e8c529206ae9d607fc0e1592e8e7ccffae23b4cee14f6b7a1d46c202d566bb6f76565

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
126B

MD5
7f2ed2daf640abf25f3d13e991706e2b

SHA1
a02c1912612324bbd4d811e94d147fa7830ecdcc

SHA256
1fac1d91f7cbe57eefceed3102476b32ac3a92c45e91be109fcd16d2903640a1

SHA512
beb74801fa30fffb0866e5ba03d84c6255d8bb529e89c9f141f58f18d40b6e7cdefb69323680f3854ae620cd756f9efca879e4db3032c24e364ce24833fd2e7f

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
a92cd9e64389503c207bc2e1f16e90ad

SHA1
cddd820f0ca6c4a5189e692fa649f4ec4f358630

SHA256
c3750d4f0b447d13d992b849739e5b6164963760f3bfdbce839733922209ce5e

SHA512
58d74d06962f902d5ca286f9ec051cf6589f96a0b52d4b4b2c812dcf60649c009a37c0036aca442557c0926eabe4c519b4a4d20d5a6a690f0591292c1a1fe131

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
e6d3cf52499a9630ba15eea85de6dae0

SHA1
69aa15f2874642f70026daaea6873eab190ee2f7

SHA256
e6ca982f95c55a7e4c51ade8a2d845661eb7441fa55400aeed665534845e05ae

SHA512
688ea39f11961a19704ea5872be31de59e90ec09b38a87a4fc793d9a59fa179b3f0214ce11d086facc101ebc26aae8ba5a848e0396f229f0beeb94b9d6278715

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
b519e933b348a6f7933d0847050050c4

SHA1
b08436a700429295cf5b5c40a5ac8a5fdb70918d

SHA256
8f516add33602b8372b95e4232bc01de380aa406c74aa8ff50724111637f485a

SHA512
b303787bc25008505893aec8ecbc54031bd8721a566ca1ff8ac496d7c09cd3067fad8a76d04f26cc8829022fc61f98ca805b170cf10f9a7e8342f376d5878878

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
23KB

MD5
4b8393dad12cc0d221329760057f0465

SHA1
2bc773b2b932f37ccc9c08dae415627f57cd95cb

SHA256
9df4ed7a09170519e5027e9bec75c4b846f9c03fb1c4d003c9ea4ff2e64caa06

SHA512
64c3c6a9f9edfdad29f03fe902da790242bff272158ef57fabd561065cc4e62506ef10d2f94cb2665138309130abd38eb107c4bb48ab6c287a6d0922c03bc099

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
dd4f51b4cf94f702ee72fa972acab696

SHA1
c517bd100eaaf156e1b9fd08fac71dcd5e34da72

SHA256
d7dbf6cbe36e7a823835739a9ce50db9f4a50695a54b3fd0e0820257d90b36da

SHA512
b66357245d05835f461a3a96d0d407536f613b766b1fe0c1b70545f90232ad9a16020491fa0b1c3d50ec82bf5cbdb63e73d1dcb95b4edb63376230efd7d550fd

Download Submit
/storage/emulated/0/.am/log_1708100980964.txt.zip

Filesize
217B

MD5
69591c224386b03834d248430a5aa50c

SHA1
a4be463dc0ce58b55519818f3c5e4e2facc5af68

SHA256
3e63f1d226931b4fc46c295130cb1495585b2fbab69773d084a3f88054a1e673

SHA512
96da90327025fe19d9822279052a19e73821b400b36730361036b3326399df0982fd5c72daef35509d085784b92672dffd20c954ff7155cdf0b2075af652abed

Download Submit
/storage/emulated/0/Android/data/gvhy.xmlhefy/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
/storage/emulated/0/Android/data/gvhy.xmlhefy/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
7db3353c3984304068db31c80dec2076

SHA1
f5a13f2689937715571fdcc5ad1903e68a73dc7b

SHA256
f28913d9c2061acb1f7b7813f7ea7f9db14563dc8ac58c93718234c193309c6a

SHA512
998c3efa1d9e7ebf6a5bb42b7b7371f00e64031df1b597fd5d8fbf44899372e553d4ad8863dcb3ea778cf798dbb2618982af9c954f58e7ca394b2159b77c1444

Download Submit
Anonymous-DexFile@0xd2c8b000-0xd2db3c28

Filesize
1.2MB

MD5
088c1cb2d5c378fb707f4ba914efdc6f

SHA1
4414956a17e8c28541a8eee7fbbb6634d4cd885c

SHA256
e39b442d5fdb8bd0228a044cc7c92c97334f435eacc1b84bec0e41dc4cf3cfc2

SHA512
a9a268956baaea29a34b80f652f455916c38148cb2cb77288dbb91eeeebeb516cd8c5c2692799bfb50656bfb8df820e356949cb0c6c4a1a1de8410dbd250f08a

Download Submit
Anonymous-DexFile@0xd3685000-0xd39100e0

Filesize
2.5MB

MD5
0458a37186956c2e5d9bb948b5b3e08e

SHA1
428b9b2fec09aa0127ec598e86f0a2c78b55bc41

SHA256
a95833c7ccf00b4bd429c45e6565dba97330a413c9c4de4ecc22cd83078fced7

SHA512
4451cc2f37ea1fe6ca97ab1458e820b9047374a435693b8533356020cdb95555de62840730366526941e38ed784d4aaa25a90a01e8fc056ec9b05e7f1453e730

Download Submit