andrmonitor | 5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b

Analysis

max time kernel
151s
max time network
135s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
16-02-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b.apk
Size

20.5MB
MD5

274b3854076ae54515453e34e7042793
SHA1

7607b232e147d8a26a1331e1be13b39e6dc6bc99
SHA256

5f830ca263271deb676bc8ba77d7ecc5cd3c0731f7e01b9050fbe6f20066c47b
SHA512

4418677aa987c3433b0d817c8fc4e0c98e5fd8f030b71ce4dd4ebf5f2a07e6d9256e2d7803aa9ea433f5d9efaa9c1e930f43b802b78d2f0132065e9d83a481ed
SSDEEP

393216:oBtbEsJA35z7A79L+FyZ1mbgafiubcEZjbnT9i/zVN2I+TXaFKKpPbNiRSKcssJP:E5LJA35z7c5dPmbBffcGj1i/zVN2IkK/

Score

10^/10

andrmonitor banker infostealer spyware trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	gvhy.xmlhefy

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/gvhy.xmlhefy/[email protected]	4328	gvhy.xmlhefy
/data/user/0/gvhy.xmlhefy/[email protected]	4328	gvhy.xmlhefy

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	gvhy.xmlhefy

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	gvhy.xmlhefy

gvhy.xmlhefy
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/gvhy.xmlhefy/[email protected]

Filesize
1.1MB

MD5
7ed4e86dd7ad82ada6b1d25668682f78

SHA1
305d09741c47b562f479b11a90524ff106eb8bb6

SHA256
108cee534afc96d0978ec3aff571be504bd00a2fea932196a7eddd03a9fd15da

SHA512
8837786dd84b429e0cbae4ea8b2ed12e79bcc8a16b10c15b6ffd1d5adad840cd6203c299103d205310ce9a70c5124be11bf397efd3461e87b66adf45ea7b1a12

Download Submit
/data/user/0/gvhy.xmlhefy/[email protected]

Filesize
185KB

MD5
4a37ce81e95c6a6d601060c0f666c1d6

SHA1
e7dcee75b1c4676d01e5424e83492320fe9d0086

SHA256
c6682982fbadbc7579aa7f3a44f85e53273fc01241c76d9ef6ee0c0fa1237a6b

SHA512
ef9f66547fd42d7d69a817835b146ed929fe24f2fb568389cde55f06983aa6c03a2340b22686f2dabedc3376033f8504e89df68a9406aeae1d9a8a62a4ac5fd1

Download Submit
/data/user/0/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
d303a8512d7371d2eb6eeea9c3d18a82

SHA1
2ff34dd7e0e1c2f37a1fbd2041048611e61b9386

SHA256
9fc0ddd4210bfbaf3c0871e608fddeea230d43eb3c0b60d135f3ffa932ea0ec7

SHA512
e1d9b0cad71c1de1ea85896e71d981d853742ac460b822f5004e56b441219de49933d113f787d19447dc3ce3af163e98a1fae59687ffaa542a14cb6a8efd6f11

Download Submit
/data/user/0/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
fd384d16253b2c81687d3898bb2d928e

SHA1
613390a028febb74b626b3e224211fb3d3be99b6

SHA256
6be7bfa55767dd3f72cac9b37d8c2ebc059f91d7b582784f3e1399cbd6eff03c

SHA512
7a17527c1434a286fb25f823417367828effabf98278f213a26dc8537664f2c255f02a676b1b1456591d3775f814546dc7093821c44281a2d5d99f6da9998371

Download Submit
/data/user/0/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
2abb77efa1862ad36a28b98f05bbe666

SHA1
4ad6006972a7e0a0c56ba9145960e6a549b02740

SHA256
46ae2879f246ce127fff2c43be5b5e5202cc2be4608b54e88f0705d1b56e42a5

SHA512
d9006ce36d077e75dba989fa6fc7549c6dd9a8c3d669c6cfaa1659ea168359bcbe9251b0b8930bb7766289f75fb9af6d1bb5daa3ce7c685ac699fe0d497d244c

Download Submit
/data/user/0/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
42338379cc49136ece6b4330f926b1f6

SHA1
46890d1cf620dd2809ddc7c91588d42893a60a86

SHA256
8413de507185c2623e603116060c93f315dfc3111c81ee3df6d20c706df6effb

SHA512
a3f19a38a873caa57fd17875d7b224831c104247198f7e7399c0b73953b4e2f7e14c0921220d2d3c818b86fb7e0def45f94faffbba8ad5355902b833dd33efbf

Download Submit
/data/user/0/gvhy.xmlhefy/databases/SettingsDB

Filesize
96KB

MD5
e2dc426319b5b6d8f0ca1381ee51cd48

SHA1
fa96ce14e777172fcce6461a618877f052a17167

SHA256
b4e78b9124246333102e2afd555b230b0d9909226403401d5132d83cf84429e2

SHA512
8f126d97654937880b21a6fc31aaed27a688d8b9b0f89f3e6b89c74d39c6b1b871979968ee0f78b0daf51d5b95bddd6e85b057f9968c2e96db36a3a3f464f999

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
1.5MB

MD5
37a743c8ee81faf5db7108f7c2581ea1

SHA1
91e1e0a59be1ffdc81b7fa7133c708b622509914

SHA256
acdb3e463ad8012a556ec2a28153e0d201adbf647a81e35af05cf521eec3b50f

SHA512
262e2bc5e7ffde858e9160981505dc326cbbaa67b2b76b7bf94fba57b8ec1cce008e60105d88c99f55e724797739b0efc09e8e26a89a2f783fde50f8b5d0a8c3

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
500KB

MD5
faba8dc6bbc7cff4836170534740c5c5

SHA1
d21009e8f74fe48a262ad7f8b5a766a3f9282013

SHA256
9951997511b8e7f9b9e13958de7b6753e0d0f8595242d7dc460d738092ea0d9f

SHA512
0a61f20ba7ce88b4258f1485190464f7e9845e5f6faab85b1e9dd53a261dc84ea07bd05426e9d4e21b571318fa98e08384b9e3dfd5e406e6f7cea12413dc0df8

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
3d08c39f0df81725765b310a665b8f31

SHA1
3612cf677fd76e3dfbdf597d982f41e9033ca8e0

SHA256
601d395e97f5af339587e32845ead97bb634cfa5cc3682b3f78b1fb9dd9e397d

SHA512
b829f377faafbdfa331869ef8dc467d373d1fb7e867d56a4c99331e2afd3b91301d698855dc271c7c9c959ca40be802a331ee067831e70a76bdf9ba0baaa377c

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
4b56d441e61250b5c733a891bab57697

SHA1
37ad744978021a78b1d0b4ad88a18f885504878d

SHA256
0d004b0af10727af190f116db7a04e446649a6cb43d557ff9ea87b340c40d695

SHA512
f020f6cdf498884afd371e618ecaf1043f37cc2c25b7f78d1d26b6fa1eff811816791447d7d8fef7319d3542c9a693bba6ec0203638a236c189aa4a1160ffe99

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
180B

MD5
f83fc7045c177180634d25262eaf6b1d

SHA1
e6e3d19bbcc4308c1837543438f2b846ccdcba52

SHA256
58ca336c37bacc535f05f9804840284ef23ea43d7f81c2fb66c002d58ac6406a

SHA512
4cddae256b94219325579e7694891978f66e241dfdc2b45556d8c2daa872a2cc3cbcd2f91b77d7400746c509e0e0b99c0890e32d7b8421203f19e028387b1988

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
126B

MD5
556c8107154e5cf6a5a847cfb3cde75f

SHA1
627066528e5c8b7e57317a782c75bcddbe0e887d

SHA256
3c8ad39ab6280025b2ec594d5cebae267cf412006d4452f4f57e7a24d29ce1a2

SHA512
65b63b943334783529a68928a06fd8d5e6a60aa5f619fce6098de3573020457e41297bf095fe5976e33b1466e2eecb675e6844d9d6f853d476955067e28a09b3

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
640821935aa36b9b332d7fb7eebf8fd2

SHA1
bdc5821a2433c98fa00675aac2d531c476c67e33

SHA256
9d698f7feaff28cd1ca732e3187c6ea86036f5cb3fd01b868371d38083c452d8

SHA512
178d9de4651ed134385e2618433dadaca06a45f1c14e24d9af83c85910407461a722f01cb87c701eb031eb2f53b4208cbae84e9fb376a03c9d84d79a5d01e110

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
21e63a98b0fc1efa1c7337463a8655cd

SHA1
b239c0db522f5c97750641dd3fadbdba9baca083

SHA256
be27d8b0aa015a236418357e022e5d84fe753508cf452cf577c185eda4a01a19

SHA512
ad4a9b8666b7282c904929b520de7ccaccc16500264583fc362ac43b84f0b6307132b03cf3bd46af3f4807e4160f0c725b348583ee558b8e06d1c80bf22581b8

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
2ecd282c34ddfda2cd209960f8510dd1

SHA1
2012c58d505c1ff1f7a9148cbaacb9c95fdeff12

SHA256
b553f2b11e2dce26d1e9689f947cfa90312a8455912bc19c09ac13df0b09fd44

SHA512
4bf7af876cb59315c7365025c5583ad109be80de84549133fdf2bf331bf38be0a6ecf06bfad3fcfadeb59ccf4afbd9df8cdb7c364754be20817f7c1f80b5a1e7

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
25KB

MD5
5992551958f3707dcb92a0c39a34c4cd

SHA1
8213f7bf1788bf9c70c3af74325e80628f3e7eee

SHA256
c9904a1e633bc56c13bcd70af5fe16de7399804a41ba8819984fb05bcf1612b0

SHA512
50c59660df76ba7c33298de780967650114680bf32dc06ef5c4273ee3d3068bb23c907f5ef3a32fa97aac0977f1cad5fe89783709c50a3a60c6f028abadce817

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
589f00c2081df6bf9018bd27f499626a

SHA1
4a8acf0d1c3145e948043fb40584880d376c6823

SHA256
2011c69a59bc7ca267ca5bda6e9993f4eb7b5050f4a73aefe580d15ce39ff7d6

SHA512
114a691a0a51f0898afa67e96420fe77ca1e71c42724dc61092fe68c7c6e33e06f0cb815a62759ad06285d40bf8c791cfc45645ee9635dc3ff00874a17e0e7db

Download Submit
/storage/emulated/0/.am/log_1708100981292.txt.zip

Filesize
217B

MD5
2d9c73bd1d47044fa1afa7159a7d1ab5

SHA1
cc28dcd1c22c6fe72f6cc4d197d19c44915e924e

SHA256
51e198ca52dbbee5cad64c5af8aa3a6d99f362208121777c5027635aa1551c83

SHA512
8f76feea60820f8ddd5326072e2908ef73d42541783c94db30be92e5eccc51a076b0dee07967f2435322e7f62384e46c17c4cd77606ebe574ecf09810ee28fec

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
65B

MD5
39d99af9acd876fa8b3bde96f4f5646e

SHA1
4a1d047ad605e7506600431c9bcd63e07f7ca285

SHA256
2807787694377eed008c75dc56f213c9cf4f644f359fa1cd2d1e304f68f3ebd0

SHA512
676f56c4b667cab51efc2f9d0cc086e8a3eaa52913dd226d80b97e1743f08fe75f59a7072d6908fe45d0bd6ba4f850dbaac4c15d68d55beedc057765bba60043

Download Submit
/storage/emulated/0/Android/data/gvhy.xmlhefy/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
/storage/emulated/0/Android/data/gvhy.xmlhefy/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
12666f2a743fb9257da9bdec4c41f6db

SHA1
89147d0b9ec5647c5208066111f96768eb4c1f01

SHA256
8b83cbf6ed02670cc593696b1cbacdd1afa74dd887c7fedc9fe3364e08d7f5e5

SHA512
dc8f96208d937f9553fa11f5e4bd6a9634d178f65768b18861f058b90c4e789ac448634e494080a3191361d3a7fc24c7c5ea4334f7015d15bc4baeafb7d758fb

Download Submit