andrmonitor | 4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b

Analysis

max time kernel
139s
max time network
153s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
01-03-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b.apk
Size

20.5MB
MD5

3306391950192abec178615e5dfcee53
SHA1

73d7d97fa7943be3fb1a09021579de25f101d6f8
SHA256

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b
SHA512

67e19e7dbaec8d102cd41a693a86203bf1b2ca4147d29b5d4d5b30e24969d937c1e3ef67f88ad1ecfee75fdd80ef5849ce56d10d55f9abec58f6933063932ddb
SSDEEP

393216:oyNMhsJA35z7A79L+oIv1mbgafiubcbZLbhT9i/zVN2I+TX296KpPbNiRSKcsgJk:jM6JA35z7c5KtmbBffcFLbi/zVN2Ikm4

Score

10^/10

andrmonitor banker collection discovery evasion infostealer spyware trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	iznobhuck.ntcrxlglq

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/iznobhuck.ntcrxlglq/[email protected]	4307	iznobhuck.ntcrxlglq
/data/user/0/iznobhuck.ntcrxlglq/[email protected]	4307	iznobhuck.ntcrxlglq

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	iznobhuck.ntcrxlglq

iznobhuck.ntcrxlglq
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Requests cell location
PID:4307

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/iznobhuck.ntcrxlglq/[email protected]

Filesize
2.6MB

MD5
ba8f3d6915944853db58788045adef51

SHA1
198562ac8724166ee6b9a56d47ad66ddbd9eb335

SHA256
0f5b826f16eb47718340d7331b232cb5d88cc5df249c67d32a25f3b8f3e94ed2

SHA512
003918de4c7c0f7c12f1246038aebe70e805c240bceba062e60e040004bc15ec44aad3232a6f9cbd2ef1a9a790e609192216e5577994f04374d48ec534b94422

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/[email protected]

Filesize
1.2MB

MD5
ea1666d1e54e80c67d0fd8291b2b2813

SHA1
7cef9ba94f0be6c627ca73764ddb2598966aafc3

SHA256
84db9e19f78b846657b65eda5b6c8b7a3d3a8eb76fc0a3cbf01990083daf8e2b

SHA512
751c608e201b83f4de66d668f90e0e5f54eb2866a364670b7981c96525d675a8dd46816e887c44e866416b55f37d24d754a9047b1e4068005bd8bed3191c6e64

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
32KB

MD5
7e8819d12be7a3666bcab62a56b7e856

SHA1
af5ce55959e0732cc380deda52a6610570fd7118

SHA256
3868e1b378a012d689b558859f09e3d950d8fe5775202a60e54a2aaed169f8c9

SHA512
1aa26c842d2d7bfef7c92f394c2ec4ad83933eb073d8d4d079dea5a0e4a40bcaab178449b3a73ff0f70bca62010d20d3cf861ecb2a4ce856902e0f7fa65c39ce

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
4cfa297349dee94e25bd9b62bd10b638

SHA1
49b3d617636aec4317c97e3524d08055fc86fd7c

SHA256
c7093b1045c1292792d09b65256fb153c257e42d50116c416197ae6d7bf35bad

SHA512
c873cbbdc03a6c08bc8484fbbc2721a1f6752a719aa83beb0fed95d330cceb127342a57e8f1960f29c7122c3b6129147b433377e0ca32d1eed3c7af97fdcf721

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
f16a81f680fea450a719fcbfebbf66bb

SHA1
c657322346356913bad5523fc6f261415a8f6acd

SHA256
f623093da1cde5b7f654d287eb1843d9b82158e4047af10485d11b455fd7d032

SHA512
255a906c52744791b80f9ea7df83138dd5db45bdf61a465e2cdfabc93d8c2121506e4985b1b4071b571f244ea5d9fd95a0949a74a7626df4c350c09cb6728259

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
512B

MD5
c109d16fdbab9c36a1884e526b52b711

SHA1
a97c4688a5080cd247c17b1546ad244efc70a23a

SHA256
c6a74d7a2116ea3b26b51b2fce7cad8041ba558975e87ec9b7129ac2c6b21f31

SHA512
d78a15c9ce732c43dabdb5f872d27ac4d106c045ed91d3d1fb872119dbd1f182e8514b0b58e1b7eed13fdd480ae911f0bfd2491b14747b5124b326e0398d576e

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
8KB

MD5
7c06edfa02b7bc6f98a2979be0635464

SHA1
71209bdfdb37f8bd4f2f9d368ad8170cdcd5cc8a

SHA256
4337052b7258f0747b6d4494fc84455ad853dfa3c177aa30348834ff4c287bbe

SHA512
ab5606aca4302f4f4dcde996e926f8123ce0f912c84c4054e1b10482c012645e4c9c129433af2e3a71466aa4f428b930927b9f6784725e7035d3c2b31459dba2

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
4KB

MD5
4eaddbde69eff2026e1ce602c665c8d1

SHA1
d6b7445b4de5409fef49a7162dddfacefeb5e44c

SHA256
7b1b8214d0fe8427e77ec3d0af53cc7c1435b6a71bccdaee3813fe43070d574e

SHA512
0dd1b38744bd8819ca9adf68322747f168d06583815b75a96ddb53c2ddbec688eaa444d2be65a155918f3e00fbca73cd800633700c2795c40a660b5305f1720e

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
8KB

MD5
ec717a21e4992117b0575e36e62de3a4

SHA1
54e845612c7345bff7344c0b2e91170a97d7a48c

SHA256
578c80a2baf6d34f23ff3d1a64e93c0560bb9c926bcc93d99fb89b4e768d6931

SHA512
32c093dfb151424446452d035a068a8886e0659430e843ac56ebe2209e2d68f7143b8d1475eaac1cee8621b43b28c6f3d5efbd2c04fdc793282e8d35d696b5d9

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
12KB

MD5
79ea9ecf2565b161f1c7d9a35375b7d1

SHA1
ed69f657a8ebce13b80887f66352c215ed0d21f1

SHA256
be1ae036aceb9bccb306c6f408bf547510739538ef1fb4d8c1260ab0b8056b17

SHA512
9cbda5b75ebd9b21f284e7ca0fef7947ae70479f9f5eaba55f75aa2b1658eabaa76b782f61e2cbbd6380a0a250171098ed43d09ab9cb45a9922d06d7807edbcb

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
12KB

MD5
8881ccec9df1cc5f7f714704c3e435c1

SHA1
2e00d6cb6d3d6ceec1052faf53e7ba87c67393c2

SHA256
e61aef9a703682191b16185bef885168029d6b9e7425cf8bfbadaa0d5281e173

SHA512
e10a378848e21e22f393b4d66d4601b27493f5940193cdf210ecf7f0e650e347916e5ac1762c969828154d8e7917c1c52f6efce43086abf63df35151c37aabf1

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
561KB

MD5
18c31c89c82036a96fdcea71509b3022

SHA1
ae51fe896e83873aa1e50f9183b0c23d7ee1081c

SHA256
47558c2c4d98ad2fddb213f7ea239494580d4b1f3a3d90dc3d0a0da0e72ddc87

SHA512
591e4f9c7e81416a58de885bf6a2511fe75084f066143aec0477bd69f77da0339b66ae1a5ba744bb9e4d1f6f724ab0b7e136770fd70be72c40ffecc7b330c90b

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
253KB

MD5
6a913c5188edce2f9125333f3a634dc2

SHA1
bbdca951a68cc7f69914c1f8d819278fbdfa7ab7

SHA256
70d001c542ba2dc0956e430069ecccce9b53ad5e5443a336e39b81b66abce457

SHA512
3c9cf609c812788eb1a12d7598f6246489a12f9ba99b3d52de82c420ebfe2cb74d4bfec8c4229d14fa25ab5bff7fa3fce3e95171ad69f0aeda3fa425346eb1d1

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
48b4e4e208964dba1f296ef41867a1d5

SHA1
bbf2cc536a9392971ac0950b14c2e99e709cfdbc

SHA256
a6d190550616cf9e4f38dba1d9ad13ea4ff4ff1e40929f368c62ea0ec5cd24e9

SHA512
b1910fbcd4cd521504d3f9dd2958fcae1b4b3b0f72b3b954cb9f098fb7a9b1ed730b9bb554a1499d64bde83a058c245255de6efddbe7f00fafa16c71fef810dd

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
180fb9f0e8d74a08d8df1dfae574cab3

SHA1
55bcf080dc1901c94987d0873ae8082f1e29c06b

SHA256
6eb85a89bdf61d862c4b01452543fef99e6f95ff98529c2454928c2fd27a1f60

SHA512
f251e7ee71b6bcb75c41326c68ce1d66c21db27b1ed2e7bf871586b8158a28668efca7888009a11d1ed20f2a55c06b54da3611d148f3f5adb9b341578cdd21af

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
224692fee7b93e9991b92bb7ba9801fa

SHA1
fcad7b9444e89bd61259cd4c08dd78f92acd0c91

SHA256
53d71fb8e9cd979f34393bd2915ad6b00d8008b5f05d05859e018f6fe94f16cc

SHA512
16c4122ac3dbfcf81a2f066d02716bf6371fb9035b431d43435eb43d0a3461c9fd3092fbc0108a5a30111c62055f2e2dbeff6d6aa430f567f94b9d9d0a578200

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
51071f1640a278b046759a1126f26fb4

SHA1
930313c95f6ab36f37fe77f2675e57914dd693af

SHA256
553a1b8aab8f04192353edb2aa2743f8088d46a9df2a779d9b8549c3d1fad2c9

SHA512
1c8650cf3560a3b25496164d192d324a2632c54ef54ca3d1a95e7b53f3bc940ffc23118254233d84e595480aaf49e626ba6206052d7ea8075cf4a9f750f4b3f2

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
e3fe2a624dd0a4c5b1307481f083c33d

SHA1
9a3721e3ebcb7fd5bf70286e2802cfc64bbb476a

SHA256
63674a22b3d3708fa6d1f5512ba7139cc2bab63f89e7eb4be3739d974133cef2

SHA512
e41cd95287585c7b80ea6b8303aa7ba293db897d2ddd42668a5ffa268e0a124b74af779719c498f7191ca82540bcacbbbc7df34266ccbffb2b2d92948042f338

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
194B

MD5
939112db9464e50f9d617abf6f4fea68

SHA1
28d92c164c7e483e39ba91999c88ace7ba5be856

SHA256
90741e12b5d41c44992fdd385264faf8d07127a25e61fa6473b3c3c3270edc49

SHA512
f417499b15279880de99c01a79d8544065fbaade2d194a6ff0c6391cd563089a17019950acca25c44795ed0623935a3e6f9e3c7391ab97bdd3c473a8a9c76bb3

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
133B

MD5
6aca2cd8935231251c3bacc4eda3f809

SHA1
3df8a3d54a3fabcfbd830e6469e5bee1143f64c1

SHA256
1b374b21c35d37f5232a4bbfa269b05f278ceaa7ddf9c910fe1094c206e81ebc

SHA512
00c44810da55f755c998fbb4a1bdde9ebd690572b8f94c0167530a4ff16a8e9e15b8fe51a647fe0bf0c04dfbc9152211b7860ef57cb506274b1cc7e39f7f477c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads