andrmonitor | 4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b

Analysis

max time kernel
145s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
01-03-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

3306391950192abec178615e5dfcee53
SHA1

73d7d97fa7943be3fb1a09021579de25f101d6f8
SHA256

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b
SHA512

67e19e7dbaec8d102cd41a693a86203bf1b2ca4147d29b5d4d5b30e24969d937c1e3ef67f88ad1ecfee75fdd80ef5849ce56d10d55f9abec58f6933063932ddb
SSDEEP

393216:oyNMhsJA35z7A79L+oIv1mbgafiubcbZLbhT9i/zVN2I+TX296KpPbNiRSKcsgJk:jM6JA35z7c5KtmbBffcFLbi/zVN2Ikm4

Score

10^/10

andrmonitor banker collection discovery evasion infostealer spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	iznobhuck.ntcrxlglq

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4192	iznobhuck.ntcrxlglq
4192	iznobhuck.ntcrxlglq

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xc9501000-0xc978f504	4192	iznobhuck.ntcrxlglq
Anonymous-DexFile@0xc9cd9000-0xc9e036dc	4192	iznobhuck.ntcrxlglq

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	iznobhuck.ntcrxlglq

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	iznobhuck.ntcrxlglq

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

iznobhuck.ntcrxlglq
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
PID:4192
- su
  2⤵
  PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
d322f29ac8d138c936cba9fd37248dfe

SHA1
66b3828b4bd2988a7455be736f2bc8e3f19d1b0a

SHA256
2c2b713a781ca67e92506bf70775714fe5be03cdf0f7b72908503aa20d6e076c

SHA512
b470fe569c4721894c1c012c8d30cfd911daa831d0ac2be981506379022edfd2ae41e9ca03d5bed9a3992fabf3689a936beb7735b6a9d51e8364cdd1604681df

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
01aee4bcda392feefaea7546630757b0

SHA1
76f10fbc9410e49be48fde57b6cd716b5b242562

SHA256
1b83ca442a8e1c42f6495e8822f39b2222d9f30edf2d0e43f1602761f922c11c

SHA512
fc4469425fca2ba691a87d110b97d7a6894f6bba8a5b800a7c741a2fdd080084d55c40ff72d2b9ee48e514f805c82d625f3c689ccd47c376c3e858d41548d62d

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
52KB

MD5
b6815b344f6926d458cea05acd052cdd

SHA1
88f524aff1d4c5fee979a203dd952427871a7097

SHA256
028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

SHA512
0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
e9cf3f2d03f3db27876c120dab4b15a0

SHA1
31d10a247b8a08d6ba693c51ae2b179724959d94

SHA256
e1dc67ba5695edf53b04c6b21f3fd00f4c4472028f21fe314c03bfc8ea6b1372

SHA512
00686939161ec4e0294a993e0cf69cfca22f20d9ab5bb9a128a27da763a0008eb3f96a67b112a332779e2d534a1d67d3c856f92eaebcf5a404135f5d93faaaf9

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
126f3b1101197273da9a09d3dce59ed9

SHA1
a775f3ad60f7928b1b8b5329f1f35577aeaf51e3

SHA256
5d9a40be0cb908caecd20002abef70a3188d718e8c593edf98ef0cda00ad0928

SHA512
2c020331722b73c49ccb5bd7303c7f3c62174628a2c512cf0c3f96f7510a78867e66d2799f6373d183e97c8b0cc696a2902e499dce4ff1895822e55abe38cc65

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
512B

MD5
f8a2005ee70ca370579d57a2f3b3b09c

SHA1
fee86e7397493253e160b1e1e78990cd0fc1625b

SHA256
3ea61c200a9fa7f953153fa6e1caf08f3f91719a178c14bb0b487ac7014181f2

SHA512
d6a89f82335a5c13ab85d67a1f56e50539a360d83057cac9180947fdbbc4e2e6bd13f487957e6ae263def166b9689c28345ce17f310df48a6d4008697523cfa6

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal

Filesize
120KB

MD5
f66f77c2f544b08c8f4f0397c2458430

SHA1
c5beba9c1320c8d75d11db764f1295360c2162cb

SHA256
c5eb31d7b31e57f1d6e1015af2701ce1472c72c2a15c78c5b64522d05fd6840c

SHA512
de247ea32ed8abc65a904260651019c36c5804b47149e1a2568966de22c065560e9f814fa32ea9e9b2fe7af646e69a1cc89603f0c704741abe493d18a258bc97

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal

Filesize
8KB

MD5
0094fc4884a0e241eb46e1f50599e527

SHA1
559a93550a18b9fbb435376f92fb6b29d7b06806

SHA256
e36ce92b483cc3751c546f1848347bea77126a60a3e9bd3f898712792e16e23a

SHA512
c2d3e55c03bc895fc1b4413d94fafafcba45f5d27832cd62d8ea1f42c2c8731ca54147e3c5dffd9f0f242e53b0d4411e2179bc1f34e33d65896de4940436b3e8

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal

Filesize
8KB

MD5
0e514dc96122fe6937c2f0e4cd1b47cf

SHA1
a31b83853e86904216ad3653ff8c896d74db29ad

SHA256
b74e59c60005ace80b6abad4372045b135c3ed94fa94a29dfbf4298833424645

SHA512
ac4a1db5f06b5a746b1e78c16caf15f9281600293976d65c0f9185a8e36135211047cc21b1f6969716b8e4baffad0302e41e4a334bebb78f019243687d73885a

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal

Filesize
4KB

MD5
9082e062ea9ede5a029fb845003952c6

SHA1
e815fe6059ad4012fed242374ad98d0b49fa8ffc

SHA256
f9133ec85d79cb9c0ee5dbba4f571338183c476bf73d5e6e7f710c6f523b6b22

SHA512
0008549db09fd350078e74698f38e05025b00ff37ae66f4e3cb02a45315efda97531c2f255781c5314ea15ae7385223cdcaed54772e76ae3c7755d52306bced4

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal

Filesize
8KB

MD5
2912067f34f81eb640ec6251c3d07bc8

SHA1
a68303ce6b37da1bb026f27bf0b327051c1d9eef

SHA256
f324a6a6e8101c13a8162fef37e3059b2d76976b9e0eb73fa19161e274ee2a0c

SHA512
7cd5266cde00b2b5de4fb3b6f5d08070a02f7e77b2952e3dce62873668889354f9b305c08c6429ae935bb0d3d494c67646a127f59ab42ba234529040bb382fe4

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal

Filesize
8KB

MD5
9478d7ff58d3f90908518f0ba3df6a63

SHA1
40062c9d7acfd462f7818310ce248f05390c4689

SHA256
86666c210d5c25a544b55b87529b0cd45d241f0a5cdf154fc7fdc16930872732

SHA512
277b4ad67b0913dc81d69abf779331f81389f3ee2cf7381f4307c8bd8de3e6305135dcc07ec75bd0582b92d2c4b4b4e89e0232b167b80fb4ac59343548cf87d4

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.5MB

MD5
031093c44a2de001c996bc4733e80427

SHA1
ab091215ae4ade9e8590ea3e0a9e039e65580053

SHA256
5d96710a35b44ac29e903f361126624c2ac1721ff01113dda66285be5481cb16

SHA512
93c07e359460596b019523e1a0f70021df2b3990dbb3e1a2d3239cf40529564d16dfbcfe2b5bef233dac7a460d6b157a71d5341a9f0c5238e6258c160989e8a9

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
d8d9b85813e38cf8944dae8dcee6741f

SHA1
4df0493630565537092e5103a2eac78b9c42b509

SHA256
c5b4638af9ef95c87a26acc25fd095727ae202a3b78e7484fa7e9ebcaece71b2

SHA512
62af911be5cb92df1db591c87691c2e4c72057b16bba85959cf27d0bb9efd034c3a70fe05eefafaec00a163f714d8af081b0d795bfae2325d8dce2593c2482be

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
a75aae9d55a44477af2c3811078e6418

SHA1
034da6d65d275ef14634e06d2624ccbfbbd4634c

SHA256
5491a7c2c086c9b4938f188bb2a5f9431f9b3d200ef25149a677d54befa015cb

SHA512
514f801a435b59bc16ff6724b537c289a882032c274f580b8fc8b4b22b578379cad670e043a82c2f92c27d3f58208ebd1c3a256e2a3777d034ffc49f544f4470

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
ce68becc41897c30d9981e207d4d46ad

SHA1
5822afc9f59dd789c9f2a1b1e2840685d5e68e91

SHA256
a96bbd6ead00554ec37f0bba7ef51ba73541888fbb3b19f0641e7b928fd90196

SHA512
e43e0755a3c3ad714a3ade95c799b04a595da92c2aa21db99170d55708a03132398f47342d2020371490e2c91ad03e2947aec0d82fa0432a8b85dd8145b03cee

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
240a20d2d8b0ba1fdb58f3f6afe8b8c6

SHA1
cb92dc943a79e6e2a89cfbec7e0b4298d46f7113

SHA256
468d34536c01478719f6f551646c54a95fc866e4c081b3b873aaff111df25491

SHA512
134a0efba8216e7cb0eabb894f7590f4afcbf2482d701f70e7fae46397d38540e53ebb0ca304948f93bb511b847be06dfbb060b5ac2c58e90389e5c8275ee2fc

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
0746e975f3145e0281431fdcdf28c493

SHA1
4add363e1c3c96c180f6b1e2a337eb74574c3aa1

SHA256
7cf5a30fd1ccd9bf2651e8dd4cee028091f3d6627f778267def4752b4022fb71

SHA512
ecbae0ab3a121b7b9bb5fc24e1daeb319e4d1edd8fb13d13641f43360c4cd54e4d92b061b3c8a0c5897b11edf465dc6dad392deeb46d603998fd94e4cbbe05c5

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
ca9a61ed5a2c9e4400bacd1019e7597e

SHA1
d59a49797c1d646e24ce22abda67645f018cb7d4

SHA256
9aa11182e52678d2323b8732cef4d306ca6e7ff39b21a45ed2d9cd51b6d013bf

SHA512
01e723d5076773bb9b979227f2ac8a5fff4337124da7a9f794b17fcae2304b68cacb1e942ff8fa72607e4c420b6124381c4f55a1fa9a2d33cbea03a02fd01e3b

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
164B

MD5
1aed02dc4fa7bb999dbb484a3411a707

SHA1
0a0871a7eff066a16133f24046a21a9101f913e9

SHA256
c093fe7752a6a5dfb0cd9e34ff13cab4a1b63dfc88abf464828c20dd3b800edf

SHA512
13911b0e9c0894799b3019c7191a279e33787b1bdc31e649e07e01cd470c9545c9b14d3542675fae910c045647f02575e565034c11d13024b9643039f8ec58b2

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
133B

MD5
58cb70ec7565d96835736a72f4589f39

SHA1
a194b0ed0c9b63d6eb61f56eda471c34a5e94e22

SHA256
a7b2717383e04da017114247ef7b0d4f7db9947248577f3536114bcdf7662971

SHA512
0b375030a365042fa24358b0343a7f9785823c3327fd198b45c3fa0eb3601898d0c1fdb8eb4cad2d6e055b71bcd2940c042b4354bc86c959643638180f340bd3

Download Submit
/storage/emulated/0/.am/log_1709258242708.txt.zip

Filesize
217B

MD5
a73f7381ab182524595a45c57719a9e6

SHA1
45059f2c0cd5fdecc049b3bad151546d2f82025d

SHA256
dcb1c618b6ec6505ff54ca8605d869fa3904a9b3b25c4e931a20a1d2d1ed53af

SHA512
e840c0fc20c0ff37213c82db0a2225665c894e628a959c740aff048496236ef05eae5cf8ab1a980a7bea3ceceab94543662987e20717e907b97aac50fa06f915

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
79B

MD5
1409ce04befd249965476c79a114deed

SHA1
df37825daed76eedf3323bcbd5159cd0ff36115e

SHA256
31330d80a9486640877dc87231d4c3cf4131e4f85d1cae356216a0ed9554f51a

SHA512
bad9f1d63ca560ac81e84e910c8a6036e4c0220925729967c530639bace292b167af7cdbc7489207536bdfe4a7445befde173c56c89981040365355c94a1e25a

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk

Filesize
64KB

MD5
c8e37da299db67b210f45363499e6506

SHA1
7ead7e8d6716c8fa503e539503e9aad0ca948dc6

SHA256
41344508902e263205ed8134591763f0c8187737746fe3064c4a91585550823f

SHA512
0f676cc3b752238e2417bbcb73883478c32fa8fde81d7d9732193f80d0fbcabb7d49832d44fde15eb4760c3991adf2769c3a0ec38ee45e14a5a8bdb4e89d4ef4

Download Submit
Anonymous-DexFile@0xc9501000-0xc978f504

Filesize
2.6MB

MD5
ba8f3d6915944853db58788045adef51

SHA1
198562ac8724166ee6b9a56d47ad66ddbd9eb335

SHA256
0f5b826f16eb47718340d7331b232cb5d88cc5df249c67d32a25f3b8f3e94ed2

SHA512
003918de4c7c0f7c12f1246038aebe70e805c240bceba062e60e040004bc15ec44aad3232a6f9cbd2ef1a9a790e609192216e5577994f04374d48ec534b94422

Download Submit
Anonymous-DexFile@0xc9cd9000-0xc9e036dc

Filesize
1.2MB

MD5
ea1666d1e54e80c67d0fd8291b2b2813

SHA1
7cef9ba94f0be6c627ca73764ddb2598966aafc3

SHA256
84db9e19f78b846657b65eda5b6c8b7a3d3a8eb76fc0a3cbf01990083daf8e2b

SHA512
751c608e201b83f4de66d668f90e0e5f54eb2866a364670b7981c96525d675a8dd46816e887c44e866416b55f37d24d754a9047b1e4068005bd8bed3191c6e64

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads