andrmonitor | 4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b

Analysis

max time kernel
140s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
01-03-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

3306391950192abec178615e5dfcee53
SHA1

73d7d97fa7943be3fb1a09021579de25f101d6f8
SHA256

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b
SHA512

67e19e7dbaec8d102cd41a693a86203bf1b2ca4147d29b5d4d5b30e24969d937c1e3ef67f88ad1ecfee75fdd80ef5849ce56d10d55f9abec58f6933063932ddb
SSDEEP

393216:oyNMhsJA35z7A79L+oIv1mbgafiubcbZLbhT9i/zVN2I+TX296KpPbNiRSKcsgJk:jM6JA35z7c5KtmbBffcFLbi/zVN2Ikm4

Score

10^/10

andrmonitor banker collection discovery evasion infostealer spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	iznobhuck.ntcrxlglq

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4464	iznobhuck.ntcrxlglq
4464	iznobhuck.ntcrxlglq

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/iznobhuck.ntcrxlglq/[email protected]	4464	iznobhuck.ntcrxlglq
/data/user/0/iznobhuck.ntcrxlglq/[email protected]	4464	iznobhuck.ntcrxlglq

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	iznobhuck.ntcrxlglq

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	iznobhuck.ntcrxlglq

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

iznobhuck.ntcrxlglq
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
PID:4464

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/iznobhuck.ntcrxlglq/[email protected]

Filesize
2.6MB

MD5
ba8f3d6915944853db58788045adef51

SHA1
198562ac8724166ee6b9a56d47ad66ddbd9eb335

SHA256
0f5b826f16eb47718340d7331b232cb5d88cc5df249c67d32a25f3b8f3e94ed2

SHA512
003918de4c7c0f7c12f1246038aebe70e805c240bceba062e60e040004bc15ec44aad3232a6f9cbd2ef1a9a790e609192216e5577994f04374d48ec534b94422

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/[email protected]

Filesize
1.2MB

MD5
ea1666d1e54e80c67d0fd8291b2b2813

SHA1
7cef9ba94f0be6c627ca73764ddb2598966aafc3

SHA256
84db9e19f78b846657b65eda5b6c8b7a3d3a8eb76fc0a3cbf01990083daf8e2b

SHA512
751c608e201b83f4de66d668f90e0e5f54eb2866a364670b7981c96525d675a8dd46816e887c44e866416b55f37d24d754a9047b1e4068005bd8bed3191c6e64

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
64KB

MD5
75e0314dabc4ac332350f81dd08aa736

SHA1
2686e38548e656a00a15c758e6d305a29becbad8

SHA256
75f8f83c32523eddbb6d5180f88fdaae8fe6f0641d2a02ae77167426cc54d2f7

SHA512
d2dda1d12bf04e72e2b7c910edfc790574a27d87da698438b3fef232944e16195f98a90c956467457b1bbf62256198936d6be066f6795932d68192ac8311b4a6

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
1db3f592f8b380d4b68491a846201727

SHA1
6ef426988ab6b2e1dc4ec27c2b4188d80d27b7c1

SHA256
ec2119fc57e3b07886cfb2ad742d09ae4426ffdc26dbefb75638734c9a9a7ac2

SHA512
66a900eb4d76728df8b1ecef8f0b6016495e9f4af5cebb458444efb0dcbde42bcc402e2f1e3f5e258f0018e689ba27adf9c92224221b0c41f40233bdfe29fbae

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
96KB

MD5
d8d5fc96582d19c8e2177dea015c0212

SHA1
39a1373275863e943ac6dafb2f61d59f0b4fbe3a

SHA256
86b6b59216db8bcb561b9d6753b3776dcf92684c92e6bed1b31c6c763adf15fa

SHA512
2f757f2111202f7be1bf6e18b9dc65ff19ca5b1a9dd7b1ba8e314bc9632440e97817f5cba72beb90580d3133b3448869442db8181cb973997d8b79d9f367a217

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
512B

MD5
f828268e100a9ebe10134f4cb65e84fb

SHA1
2b9b048e45a02982c28ac9e336f7878105c88a28

SHA256
d509e37bf79710c213fd749056bc9f18c959c3109351da942457da6dea0b902c

SHA512
98b022e5b1c4095fa0072f07374a31af89966ddad637629603113de2c899cd4ffcbd649edcb49429cbf28f266187b93be814d6b9995d8bd45385d1a81e7dc866

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
8KB

MD5
4e0aa79a6110588e30c113284df30f89

SHA1
e28d684419993a75c6d6a7be1fe7f9f647d62a84

SHA256
c578a1aa0da9189c89d91caa320802a3f4e28c42a5a53cc9e2721c6b6feb2da3

SHA512
5d0b2799909bd4ef6c2076fdd1d2aae2e7ce5a4fb8cd4c82d2f25a649e89c11e4ce1cb8d98d0d3f98394496056c292919054e363627f53ae26c6333ebbf47cad

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
4KB

MD5
ac9cfa1528dfeca9bc77788373c88c2d

SHA1
d9fe298d88636bc9665e7a4163837652978caae8

SHA256
369ebe3b3813090900d9878a53a4cfa151fcbcbfe0824c427220085b0289c5a2

SHA512
6f6cb01bddeb325407fdcb43f52e8c35d434f27e7ca4ca5d3215267821683d3304ee4848579d60f319a411646f1662662c5f219a3397ec5f2b261e74029b1748

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
8KB

MD5
8ff97e89d03e1a5223a5bdfa420817ac

SHA1
42d169465a914d19b4dfe5e644289fc89186bb35

SHA256
597d91e1501c905afdbd66af30865399689d768f4595b2743801badf4bad16c0

SHA512
d851f00d8462123bb8e3fe8854eb85a9b94d8b218309569f8e68757264fd299aaed12caf5ef24f6abf8d8072dfee310b8673be2e2c6e5417f31062d394bd23ec

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
12KB

MD5
e01560f125a34ddbe6516b129c1dd6fb

SHA1
fe90ed33bee71d9b6407a18852e2ee04fbf292a6

SHA256
69b74af0a15d58bff5935b0c7632669a15047619e0ff86a85fce88b99174a5c6

SHA512
6d387bdcfbbbf3cd5793ac441f2004b57176d9559a87baa6d1f07f19c4ab56f4b65946b9574c10445cbc0f09bfc51324156059c60759bfde9028957129bc0ecc

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
12KB

MD5
681e1226880f0dba00d86fc0d39bc0ac

SHA1
12ee3a55b0b216b3d01737a8a4962f6ec200f487

SHA256
9ef098cd60a30f21dfd23d56c50038cefff4c0f984c20b1ccbb42f4d5161cad3

SHA512
08b18b17cbe2e836eefac9202e81fa952d1ab9b80a8cf406c42a4a464df3f177bf79efa1961b41931354e2b23c6935eeabc3194e16f27c71d438e3d1892c8a5d

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
1.4MB

MD5
9989c97cf3d6ac0b29eb2b3cdb7aee11

SHA1
e83dc2c68eeb2bb8e4d83c984f00db2659a7a63d

SHA256
5d31343a43c1ecfbeff6166380347facd4135dab6701655ef21600e32f81328f

SHA512
845ca7c1c0ed33e2ef1f6b265a0601b1d3fe52b6f78ce9b78ce1fbdb86959c8b85800b40f516c0a67391736c49cd2faa9e930e0706411b67e56888d0e3037c74

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
976KB

MD5
3c27ed45ccc8ab4dc086c05c820d158f

SHA1
70b732b9ec32df150655a89098596d33d775e301

SHA256
472600690fd4654057e7c1c67b536f2b1d4ae33217f3e5fb3367c859f7749555

SHA512
fcf39137f5e526fb61eab63f56b932d118389052867837f2c2f53ef0da0a12fa4c1ec18cb980c25fd84fe7fcb913bef66adae059c5ccb5806d3c8ade83203a2d

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
507e59a62231dbe41640e6c05fed53e2

SHA1
6ae824320b8b8e8c1dc1e2703ed8e35d3d840fd5

SHA256
a69248ecfdc379c62c8bff16b7a076a647742d3c6f6e7ba9a0e2e3fca0520ce7

SHA512
533096c071e473db444df0ac347ffc612b074b8c58fe448d03d31a1e61f187a8f774fee18a991b34c1fadd14e4b0b8bfaf427636858d1d7d9a6b5d90cf86c841

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
74fba797353b8c9d63bd08a5fbde6157

SHA1
38ee7a06d1f60e5a3ab78738896433afbb73a8db

SHA256
75825107fa5969765e6458f886aed3fa60e77e9ec0032186cfc2fdbda2cbfe8a

SHA512
bdac696d3451974f49bbda70a454578256e3b0ebd865e98e201dbfb1523c8f3b8593693ac3cde96745aa5b6d5a243db300341b9fbd96a44e1189e447d30cbc87

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
6f7e786e6a7ddd87b7dffe14c4e2afaa

SHA1
f3225c0dd757ce93fafc9be64b2e33c6d1e1dea0

SHA256
c40988304531ca4e72664e3bcc90f389cc9abd23a08f478905052980ef00534c

SHA512
8214ce5da161f7d7da42e562e988f7ab4cee0aa930860b04105a47f7ac7c8022a82fd6edfec37664a55da9a9fd3aca40cd0a0ead9a220c1e7a1a9dbaf1670b49

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
e465bd22a890ccd8089eed38c4faaced

SHA1
fb6522292c51f017df9f826c2502bee3ad674169

SHA256
58906174e4cb163b96398b924aa56a48e0aebe926bd39a7ef4b9fe9412921d34

SHA512
ad5476d730b5aaa8930751d96efad0f73f93f668e67b916c671cc46dd85e513e47ef09fb1efc96f0507417ad5a21ab2f56f6bc1a0a03c4029e86b7a52be8bb8c

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
4df987bb1705f08d14f20e1c8772de81

SHA1
eb9fbdb39b85cb8099bb18883a746d5538dc47e8

SHA256
ba479b1bc1ca93a8c44208334e998e76879924b2500ac783f88b0ef9a139ca83

SHA512
1be1ecbf6827f0263c891ca5a7377a8c09e0495ff55fd0ef6c29fb1f8d02ee5ea200e677b145e4649f501c6ad6dda80f508762976416f205792acb367214387f

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
194B

MD5
e480b36019f149af6631661943321fed

SHA1
61cb111d067a8845d8a0c95166abd83c9b22129b

SHA256
ac66a62e2bc9d21fbfd2e2bae24df86b08c5f0261d135e651bed2b0fc01c8d6e

SHA512
9f238e244e5e27ea5a4b80b882f2acc9559a481e52d4418121c144bdc0547cd490ad7f6a785edf76d4823726d6a68080011d0198dfebb6f7011db1de3ba0e062

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
133B

MD5
a844f921442b7fe652a7717a04d9a845

SHA1
db28e6ace957f93c835554b7d4e95c1c3a44bb8a

SHA256
ff7c6c170726e8110f1c45bb1e3d08caca243ecc7ea75943efbbaac796fa2a1f

SHA512
20df69c7f0258b5b7e0f8b9e8a1546d909d2c9110d051479e9a8cf499dab74c4f64cd916926f01a2e67bdd9d6e1940c66b8873f7a262dde88f5442e6fc37dfad

Download Submit
/storage/emulated/0/.am/mch.apk

Filesize
56KB

MD5
88f8203172a57a166f7e4cae04000764

SHA1
54baf3444961f0c72ce4330ea1b5dad112b03281

SHA256
5385c3bcedec00eed7b032bf48be63c16417cb8f9346d25d177b1e63f863b7f5

SHA512
803b8b13deece00260bb4d488e1d98053e3b52ab2d00fc741ea04be8bb0425d6d0503de7b9bfd64b8665f6cff7ab386e0ba0ccbf66d869780812b3ffdf0cf2a2

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
998dc47dd0a65a8312500814baaf245f

SHA1
62c966ffe305aa31ec6cfc0505a2cd92fc33ad7c

SHA256
57093b43d95bfcd7c15e132010ed470cb8a12f96e8faf5c8dec0e91ee1e39623

SHA512
9053d4b643b54fa14246ef727f82da2d1aec1012df15296cc552207e31a94a0945f544928d3cfdb1e9c35c0ee8c985eab035ad9746c61a125c9b1ef7e40fd480

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads