andrmonitor | 4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b

Analysis

max time kernel
134s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02-03-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b.apk
Size

20.5MB
MD5

3306391950192abec178615e5dfcee53
SHA1

73d7d97fa7943be3fb1a09021579de25f101d6f8
SHA256

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b
SHA512

67e19e7dbaec8d102cd41a693a86203bf1b2ca4147d29b5d4d5b30e24969d937c1e3ef67f88ad1ecfee75fdd80ef5849ce56d10d55f9abec58f6933063932ddb
SSDEEP

393216:oyNMhsJA35z7A79L+oIv1mbgafiubcbZLbhT9i/zVN2I+TX296KpPbNiRSKcsgJk:jM6JA35z7c5KtmbBffcFLbi/zVN2Ikm4

Score

10^/10

andrmonitor banker collection discovery evasion infostealer spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	iznobhuck.ntcrxlglq

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4374	iznobhuck.ntcrxlglq
4374	iznobhuck.ntcrxlglq

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/iznobhuck.ntcrxlglq/[email protected]	4374	iznobhuck.ntcrxlglq
/data/user/0/iznobhuck.ntcrxlglq/[email protected]	4374	iznobhuck.ntcrxlglq

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	iznobhuck.ntcrxlglq

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	iznobhuck.ntcrxlglq

iznobhuck.ntcrxlglq
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
PID:4374

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/iznobhuck.ntcrxlglq/[email protected]

Filesize
2.6MB

MD5
ba8f3d6915944853db58788045adef51

SHA1
198562ac8724166ee6b9a56d47ad66ddbd9eb335

SHA256
0f5b826f16eb47718340d7331b232cb5d88cc5df249c67d32a25f3b8f3e94ed2

SHA512
003918de4c7c0f7c12f1246038aebe70e805c240bceba062e60e040004bc15ec44aad3232a6f9cbd2ef1a9a790e609192216e5577994f04374d48ec534b94422

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/[email protected]

Filesize
1.2MB

MD5
ea1666d1e54e80c67d0fd8291b2b2813

SHA1
7cef9ba94f0be6c627ca73764ddb2598966aafc3

SHA256
84db9e19f78b846657b65eda5b6c8b7a3d3a8eb76fc0a3cbf01990083daf8e2b

SHA512
751c608e201b83f4de66d668f90e0e5f54eb2866a364670b7981c96525d675a8dd46816e887c44e866416b55f37d24d754a9047b1e4068005bd8bed3191c6e64

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB

Filesize
80KB

MD5
14965d082c20a23044e848a77233ee23

SHA1
4427f87600acc8cabc60c5b8295e01a44a496a31

SHA256
ec34c20f8904ea6381733627845a6a31d933522fc762cd1b03e5368d49895fea

SHA512
780ab9c9afc1a41feba2d8474701de15b3adc29766a536c86c7927591b7fe31cbf3a91140e1136a9e87c1bb42185ec5c105f30919afa9916a753eacf79a43f26

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
512B

MD5
fe0893ada2a61978e3cc3898cf7ddd36

SHA1
a096f7b88151503a3fbb40a3005a344ba3f4bc26

SHA256
113a559a04d99423c6bf38fe6850f95772297b4d8347e8dc0a7e89b9bd08364b

SHA512
c717cd3451f3dc78feae8d67e2016c77cbf13261ac045822073bd4909bfc090a4cb53c5c0a36e64cdbb803f5d17850f350cf687e88967aafc12c596ef494897c

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
8KB

MD5
738786604779849f2387b973bb786100

SHA1
29bbc8cd1f6438a2a734ad49da4a99bca777a50d

SHA256
d6619dc1b943c2748b6ec0a1a1e61bed61ba6139510677e55722ab627bd147e9

SHA512
5c7037718baa42c0e03ac2b7589adfac8627acac2ca33e35328c05526dd1bff461dea553f1138ee8a4622df5262218a8ec1c5a836036256f072df14ac0440e59

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
4KB

MD5
720b711065cedb1551a3ba70d73b9023

SHA1
edeb0289d0f42fe9278e409dc116b3a01df47828

SHA256
f019028308b49e60c25d42d10d1a9744e6b90001e87745e95211a3fea75adcf6

SHA512
dc8f603172225c0325cabfc64b7c38b78c55cc647112789217f8bea87b00890dca3eee7d8a7f296e697c1aa58c25ee7f58bb41f8d305e5766084e115a3e524b9

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
8KB

MD5
757f8823fbf7475f621598ab1a4b2c59

SHA1
d85371e4a576a973bedd08bf3a9367551514caf8

SHA256
220ad31f24e7a82f5978e33fb99ada03e3585c53dedacf2be72359e2d3c3d50a

SHA512
39d1f13417df2a678c5d0e1e271b031186146ed9062bc10b441a7d1b77775e675ccb8cfaf77b366d55057d6aaeedeef01fbf83beafb68cf0ed791744a58aa042

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
12KB

MD5
8146ac24ef9f441bb9d8266721570fa3

SHA1
f0cf604e710362f19a60b0b47cc80d89faabad66

SHA256
d57a390f31e2145ffd5e19e23a2e41521fa46fb1606c1141020a4a730022ce60

SHA512
a4f37c6b90c1f7692588c76979446f87935f90577c159e0c6fdc5cc963c934bc1c2bf106fa4d43519494a3b6844206c07347180cd7fc5475983ad5351a266624

Download Submit
/data/user/0/iznobhuck.ntcrxlglq/databases/SettingsDB-journal

Filesize
12KB

MD5
06c0084311b01f8bb2e9df3c0e7b4892

SHA1
7ff2b93244c74bd0cd7728e74cd3b1a0b30c9cab

SHA256
0c231d244bb94dfb18cb3a250741a2308a2d9b61b5e9062a0b01d73bcc0e3056

SHA512
f3bb2d147fba9296597540ee73ab8954fbbfe457bb5ac5401ccf439b9afba951a1a8419dbcd5bb7bd6dcb29a3ce1d3b2f3433d367ee83cdc4d481f173e752e6e

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
115KB

MD5
454924edbf4e4ab76ca2b0a26aea5f5d

SHA1
f824510b3811985c521dabfa37bdad0c370519a2

SHA256
b9972967197211a651690302e25d7d2ecac765eac08372d39f5e8c24b4a298e2

SHA512
67e5716d13c6b7133eadf0290e9b3cc4dc7f51f12a952789f9af178fb80ee9db0ff2fd2a36a0157413449771f1522eba39a701b42b23921319fe4bd8df045856

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
d8d9b85813e38cf8944dae8dcee6741f

SHA1
4df0493630565537092e5103a2eac78b9c42b509

SHA256
c5b4638af9ef95c87a26acc25fd095727ae202a3b78e7484fa7e9ebcaece71b2

SHA512
62af911be5cb92df1db591c87691c2e4c72057b16bba85959cf27d0bb9efd034c3a70fe05eefafaec00a163f714d8af081b0d795bfae2325d8dce2593c2482be

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
169B

MD5
af1c0c474150daee99517bf7c9f77943

SHA1
c964c85fb6755554f714a0b531185f293fbff487

SHA256
81b229993bdf134229551be677d25dc6676dd01f5f29c315a19e593fb8437ab1

SHA512
869b7069544fc023a7fba2f6af8cf04ee0eee2968270f0d95409f76d9b64f101c95bcc8cd045d2ad051b367599a35cff5229de6c1ef00e6511696d50db6eb2fd

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
148B

MD5
b6477295161268e03177c16ab20dad68

SHA1
89b073ec109dca1f178823491d289e4fa3b3eb3b

SHA256
d4a282c11b89fbb3276cf11e872040683cabe78c5240d8fceb237e2e8f8d559c

SHA512
fa5894bfa989c68642da89da3ca56c8eca63b2819416b2c293e4ac21b4567f8f7021a8ee27252a260ac1890e19dc0aa8d99153ca8a960526b6602a37003b376e

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
129B

MD5
fe0fb0f1315341b1b0d3034ff0e00d20

SHA1
91024699d47067a8f33990bfdc27f325cdce158c

SHA256
a485c63df5f24949b0c7c17ef681c86f0179bf3eedb69a9d0f4d8861f8e6596b

SHA512
fa2937d56a538760d2912db62ca4fc7734e6a54fdc857ddbe17352e7d3d3ba848606f261dce9d75cc6ee4614cd2f87374cab3a25eb78b9ce40e6f81d868ff16f

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
60B

MD5
100a286aaebbcbb02855361111403b75

SHA1
91b36156d857310c924a8af34d3bf5a2958937e6

SHA256
b13212341c977f20d658a60d30618935d3634b757b06c225c1ddfe663d022668

SHA512
3daf5677cc26ce14d1a0166d284d7c751e20d6ad1482c1b732853be4a4198edd6146505e6085fb1409aacaa1f34653fb671942dc84770ecea239c3c40f584ec2

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
68B

MD5
095c4199cbf46aa30df228c080fb0bfc

SHA1
f431b29f451e32e1ddb6012334324444046299d0

SHA256
f207b4da7b882d29a17d9a5f5c152c68281621c94e88d5d96620df5dedca13aa

SHA512
43d87fe3b963c89efcef8b101da6b0d5ead41f1c9d32adc7f782306adb6d5418e7803f89755bdcbca924e7ab1801fa51679ea14a304affb58ce5df7fc37a62f7

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
193B

MD5
fc22b502223753c8800b18ecfeb048b1

SHA1
319aba85cb5bdc916fa37b8c9195fccab863ca26

SHA256
fa01d61878aeeeec2920dc5b39f26ae63d9bd34c2d62878446e4b54f37662034

SHA512
928a0542d620a665523159a050aedc2c5dfcec87acda3fab524a996c95b3d54fb0ee3d911d020b87bdf0b1501045ef141a5ad299b21a019878a5f7e1c51df329

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
132B

MD5
e37544c5ff484f7cd454a009477bfdb9

SHA1
289810ca0c12cb52c966e60145afa0f756970af3

SHA256
0e723a008c904905c204f14b03de694282acb5ae4e746be95e63aa669a8c5e69

SHA512
c10b0bf73a835c0b47bbcd05cccea657a1e113da4881040ae351ab177fcc557cc0872b9e0c58801264fad51e84eca5742c928282aad7ecbfb4776ec8a59627b8

Download Submit
/storage/emulated/0/.am/log_1709356316148.txt.zip

Filesize
216B

MD5
c1fa194484c002a94bf4742379c582b8

SHA1
13370698495a012d3193cf3dc82dc374e21b7104

SHA256
e0c67a005c9db87d962970952cd88c7b8f6ae37385dc13c0bc3a78dd316f83d7

SHA512
9eb9ae788d626b9086f2f21fbe8f6eb763dbbac3707cffeae3dd0c1ae5a8c5755d59f824abeaab7117cd894effc49794b1edcde41c70adf2375746a412635ae8

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk (deleted)

Filesize
12KB

MD5
d54a7ca534028e6381b57ce628b4df4f

SHA1
07768ac1346a440e453a5805116a266c9e08860d

SHA256
d94f7d7a857f17ce48f90d2a0822018df5a7422fef5d5ba7b2d62ab6b8c3ce95

SHA512
7afffb9d2d725a3525b7ca295a493d62a8597c8f53261e809c3a6dc62dd7481e61b8d8d29d52f1566fe486870695a4c0ee00307f1c5cf92099d1e7eb67976ee9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads