andrmonitor | 90d315e1f02685be8a04b7a89da79968d6ad3275261b55d3c2877c3612400684

Analysis

max time kernel
135s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
01-04-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90d315e1f02685be8a04b7a89da79968d6ad3275261b55d3c2877c3612400684.apk
Size

20.5MB
MD5

5ecc15afe2f4f3499403c04ae8fa20a2
SHA1

7546d3959a7069eeb58f12dbd426b1de3b61cfe2
SHA256

90d315e1f02685be8a04b7a89da79968d6ad3275261b55d3c2877c3612400684
SHA512

e70ed0dd452d6ed9c9c396f9da2a96b8423bdfab097a29f5623678ed6e56d60de6b25dec7aff8544964ee45baf83efd7d7e998c970285b55140a7648c693c6f2
SSDEEP

393216:3v9/9sJA35z7A79L+bm91mbgafiubccZ3bbT9i/zVN2I+TXYRiKpPbNiRSKcsuJM:f8JA35z7c5jLmbBffc+3hi/zVN2Iko4f

Score

10^/10

andrmonitor banker collection discovery evasion infostealer persistence spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs

banker discovery

Security Software Discovery

T1418.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	xczlh.vkmonoh

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4618	xczlh.vkmonoh
4618	xczlh.vkmonoh

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/xczlh.vkmonoh/[email protected]	4618	xczlh.vkmonoh
/data/user/0/xczlh.vkmonoh/[email protected]	4618	xczlh.vkmonoh

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	xczlh.vkmonoh

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	xczlh.vkmonoh

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	xczlh.vkmonoh

xczlh.vkmonoh
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
- Requests cell location
PID:4618

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/xczlh.vkmonoh/[email protected]

Filesize
2.6MB

MD5
21156a8f064b75118f6255cc65bb4a85

SHA1
d3fcc248dc5f08df8aaeaeb1e59f37708ecd19de

SHA256
63f3015685196675f8d47ede3a2ca91d5937ae5b0b0d1b11eadcb5d74a1434c8

SHA512
c80a8f286792f07ff28c6d4aafc43375dfee92c24026285628e79a9471318e89fbdc15b4ec012ed5c92f8a4662dafc47c07c0af8a378f77a8ca9daad890c7964

Download Submit
/data/user/0/xczlh.vkmonoh/[email protected]

Filesize
1.2MB

MD5
205a360b4d45a6e4688aec7a7265dc0a

SHA1
53f493d19040d517bf0b4a842d5f7e8865a443cd

SHA256
a78f1f6aa2fb421d336ac32befa711c6702050014dad9d07074528e8ee4598ff

SHA512
3c515d0d30b65fe025629a9a2da0b7c83a95d27ce87bb54739e15b719b99dbeb11e9db0f8bce1855fdc60c872eede02327c15a6bd8f57a7de2d22edcb972febd

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB

Filesize
124KB

MD5
f15335a640f24813c9b345c99da7e16d

SHA1
a0e7fdc85b3c1420bf342676be577f146f5dce49

SHA256
6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

SHA512
5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB

Filesize
96KB

MD5
10fecb5465296a37b1a198c5276ed4a1

SHA1
8fd8a23b01db5ed716f11e19e84ac5449d448c5d

SHA256
e73d2e6dd677595d2d608e15726fd09687dcd6d7c096a7617d0e1d251b11dcb7

SHA512
f8961418ee7233143a5a1f20b159c88333e9308e4ee930f8fd64f34b5fe4d16f8878bca578e77a13fea6de3e21c275ecf05f81c641f7ef3c12880786ac92b34f

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB

Filesize
96KB

MD5
b8a3073e72a0522994a585c0794a5e60

SHA1
99c224a085af82e095aab48cb589c0a62dbd2df9

SHA256
d6c974cd41eddc0a610f8937eeff9e3fa5b9a2adfe66b509b69bd5baafe61e0c

SHA512
4f9f4ad4eca25012528f8ef458d738fd7d59d01fbd0a5370eab5ad7f62bd079d4be716f235dae5cfbfc6d70fda9db4457c58cc57a54a9c7674d7eff702126200

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB

Filesize
96KB

MD5
0f679a133bf1602cb445c972464ae3d3

SHA1
78a857a2433d7c76c9640e7c2149da5035980018

SHA256
1486987a7b93c6f9504b0e7b2a35cbb3af9dba69ceb056c658c4448a03afe9ad

SHA512
ee6670b9b9e7f65c1d558159f861161a14ad718ca91d791d23482bea1698697ce3e86e6011fc645806d0643d756612a5901a569f02d36c34267b1764eea0138b

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB

Filesize
96KB

MD5
0b876ab9b01b8375713049c8e40a5a3d

SHA1
fa32270da71e8620a6662ff6bcdc43ec1f7f783c

SHA256
22bebcda615633d16a69057e169e08a701fa1db03eed85232f8bccbbaffd1441

SHA512
97bfca89b98bfd2584e8c66ddc0b553056ed609938862fa1454078f68e06ef586e03c78406d58268d84b143d04211e0469f8ac90fb7ef6bc173dffe2d0ca1cf2

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB

Filesize
172KB

MD5
e92fbae118eaa167efcae98be4754735

SHA1
8dcf76f9357971e1d9dee2c5a630bde4d70677a9

SHA256
81465bd174aa8c94bda626603e9cebf6b594260bcac9daeb5f65d3af78fdbbc9

SHA512
3311df87492dce665d6bcdf7d3ef89c25b25a9767fa966bc1a54ebeb37f74867147a2cdbfe7a5e6a0ca9b20e476c154cbbfa93f9cec2b87987d9cc6695f900d4

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB-journal

Filesize
512B

MD5
c0d2132f4bc3fa17de7332f0f7e13572

SHA1
41f88d51c1219e4065537af47e5e3dabca1d0024

SHA256
b6c7d3717a60c7f6c9bbf9fe33c16a0a00e15efd6f00a86a540b2faeceaabc75

SHA512
e7c78e1d60b849c56c6390a608baec95663dd6b1a2caff5035582aaec12518a810545321a27bd61591ea74aa03b402397e1f8a66a0e205087e9a55bf3b9aeb2e

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB-journal

Filesize
8KB

MD5
da2a40d0ed0d39a36535e772be38704b

SHA1
b53361e4b1a2d8c5a7510a8bd08f34ad7abfc768

SHA256
d3076a5ac9e120c537982833ca3b7e274803d340dcb7dca7c82059d1df7a6fa1

SHA512
0e87136f560590b66bd07c445e4af9c0ed4b5aa8036c371dc5a4cb2be06d97f3911b06b17751b986a748a717b9757839cc7dd42a86801427a68c116d71363d24

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB-journal

Filesize
4KB

MD5
2187228fbc56fcc1ad7fe0624166c022

SHA1
1d3a8a7b884a50212567181a9e5b2e6b26f97e27

SHA256
dc9897c2ee62c21861f0dacf999063a02a26fec69908a347441c70d2e84bfd94

SHA512
3481b12af8a2e8e9713d1298babc767b1baac7b0992068c8193eb3575dceac20ccda82d3b1b829c3e64e254dc18c8c88c994c8cda322c4b5af7a0e21d480e8d4

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB-journal

Filesize
8KB

MD5
20a780e09550cfa9d3c24cd5d79ef15a

SHA1
dfa6a92fad0bbf86dfe1566f56c005a31a4c3ea2

SHA256
d3be454a96a4275ed3b3426c145381cddb7b19a7b8895f3d65eabe20a0712e4b

SHA512
8b0006b31c6d7478cea841f79523bc0ed5cb8f46045e275340dc247b10f12a375cbb58c1351115aa800d7484ddbbf28c415e82edfb95dd82469f7654f77d2d2b

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB-journal

Filesize
12KB

MD5
ae3f5875498661a3c4adcae7dfbbad00

SHA1
72abc1d80fae0f1fc8bfdc7fa3a651d996444335

SHA256
1148533565a7f4d47eb1bf3f036dec53c36ad7d981f7ed1cf63a643d44d59c4a

SHA512
065a23d96a5ba7c97465139d1bf3ca8d20aaec149f84c96e5acf2caff5d6b70f183c2fcda2a67b09542e528a7b0c2eb4187cfbb47f34f71894616e5be6e89239

Download Submit
/data/user/0/xczlh.vkmonoh/databases/SettingsDB-journal

Filesize
24KB

MD5
7dae76cccac6b411308f013fd9ac8789

SHA1
0e6e5c7c9f6f7b1930415898e65152bd561e3589

SHA256
29c216538578da462955cc9b2fceecb2bec25f569721b33e36904e4f20572066

SHA512
e3da13015a83ef74b3208112986dfd10d8bc29b00ba4c82d61754d1af2dda65c6a7163bbc1cda797fd2241fcc4cb164b2e87faf1a1fcd664594174ad8a3bd846

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
93dfaf8a6249e08800f04d10ccc26cf3

SHA1
f2d11964b1afdb90f61d37de3af84a86ff6a6562

SHA256
c4bc17560748f4ba96f543b5c203ba51331686db2cc347547d277fc10181640d

SHA512
c36d5bbee0911c06a96205c42e4fe52fffd65d75ed1d8968b2c2bcabe2b9ccc0b3228dc58f3481b9523e33010bb440eb62e90132ff5787ddb918c6ec49276e73

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
c74275c6f8cebd2e1510f9ed4a68258b

SHA1
5de002cb456a33b2e54f43a009680770d079dea5

SHA256
22dc2fb27037413dc9aab2fef27ed052776bcd68a740d96c997aa31dd8f1632a

SHA512
ded1c0604d1c6439cf569149d0e9f30d05d1ae8d7dbee2b0539c90027fe45046ae2ee6f582131055341a442aa7f8be4da73f948de88c2e5e6d1bb764f00f70e9

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
44043d55c0e6fc17f29862ef879241de

SHA1
125e530b12e3d661ce76b7b90611fc42de00c59d

SHA256
993aa777f383ca1fd92ce690ccd5e66902d7b70ddcaab87ff1267c033e535943

SHA512
8f4372ba063d2aed49909b436f8146c9ecf1a8c5ef7f1285d4650c0c80a0a22be8f034087790c6e76c96e719f5d062680c5eb4956161570403bea9cd8db672d7

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
e47874ceb145e4034f29b5e361a4edc6

SHA1
e890733f73e6783033d3343ee1d6e558eb13a042

SHA256
c9ff797c0f2bae398ceb050838db58c0fc3c2c5f2233cdbfc9e27978c0fbb8d3

SHA512
41715b55973ac0958aed356f85a10239d48751ee0749ee136f7892f92be86ce3769365c10e216ec32e3ad700b2cbd5d661dfe77cb1cc71d95c43f2998d1821f3

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
4KB

MD5
4002aa361da119d5fe12a62ad4205127

SHA1
37c238c4556c00157aa951315e3ff47add76792d

SHA256
b9ea2d2f62592c6226c839e3a33abfb2d9cb49cb92d13c11e7b86d6ea8d2e151

SHA512
55632c63bf4318c943ec2ac08b312bf636ed12961ffbe7ad8c9dff1bb0f590a7f3f1bdb99acc6474498a0aeac0fd0840b0765a12ac815ca5936d0193e7efc50c

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
2205b967fd29bfffcd355ccb41daf286

SHA1
250bd0381a502f8c24ea5fdc38e05161730ff6db

SHA256
5bee2df8d9fd8b1b35d997bb28fba403434125990df79d7b319f9e69be152c69

SHA512
38eee7553635e2977abb4a138187a41b08f3003e3722ae3108534e8aab6fa5284dedf47fb6da12c1ace95abf6346b140a2d39219bbcda0c6df9c22aae87e8451

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
c8a7b0055ccf9d4696b75881ab11c715

SHA1
017f18a6ecf2d2280216dcf84585a3b17ec86b03

SHA256
593f100148c058690d7eebcc2c0d97e250fddd2537e80e48fd08a8d030dcce43

SHA512
3772d21c012e9ebb59fae7de7dafce0cf21cdb90ce84af2101674724063247d82b8c762025087c9592baa5486c11b1ddc78bfa3971f5623402dba491f10fce89

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
182B

MD5
d98980b0fe6d0893b830b61e07e99189

SHA1
be6454f738d50bd52016f32e78b9eea3383eca37

SHA256
b6d5b54dec70266f0382357c9d169fc897de4fbc9c4e4ceaf550e4ea18de5c96

SHA512
165f29e0c687984a98379ac782de4f2d51970b78310f27dcb0091ac860b8b547b2e08d854fd4d09616d5cbdf4f2648b1c38e10ee5be3244ebf950ad3b7186938

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
127B

MD5
80aa4a4c214c39039cb42b0cb4b95fa3

SHA1
9da0b275af52fa9349b6a671ed72576aafa8bd63

SHA256
e7464a93b8ad8f26f3b2746b94d73c3d1bfa940462a2f29872a1152bf09c998a

SHA512
17a7a11ecfef28fd93ab0f974966f32accf4f138f679807af26625869ce43c240b328abc016169ca992b1d39c80f07d88fc8dea2b0a49cb218de1188656296b8

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
26KB

MD5
df65b27b490b087e7452d1f453b5e4f1

SHA1
680b896d84e8782200da3668b8a58f676e0b9275

SHA256
a73c024b10e551513fdb868916e76b9a8681e29187316ffe03c4ff03c3dac5e3

SHA512
6f050d79587ce82442693d56a5ea808d3a912e2969af222d649a25fee2c13c7adeb7b78846d9af6a516709592d805d3d015411720e6e1c98befe221489428673

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
7fb59051c78363d88281440c5efc1b3f

SHA1
005ad7ec9c38d4f59964fd2c089148a4740204fd

SHA256
802225545f7337050714e77e4534e309f16aca50ccea2fbf1862457679fed98b

SHA512
65fcf29430e37cec7d43c7299bdd7f9c4e0101d699095a51fac8861b028b1627f8ee9f5600ade90439d036c7ddc461336bc434c41eba22bcac95bf95911f5204

Download Submit
/storage/emulated/0/.am/log_1711937800565.txt.zip

Filesize
217B

MD5
c51dfcd97010442bca4924e3420bb2c2

SHA1
fa9302fbdec2c25d63dba539b72794efbc58c4ce

SHA256
98bdf933130c0e0721967ab182b5b53345157ce40f837986ed06d60a42c0e071

SHA512
d7128405b4523215dc9ce35ce12407eb5a3da18521b1847852eac104362ae71a6823d7ffdd85d98c4548e989468c2d53ef331049102feb9e329848418214643d

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
69B

MD5
8109caaec1c987d124782a4ddbe619df

SHA1
b5c835321cafa2a04b2ea5b3f4a0fef86d8fcb71

SHA256
389f919e7836648cbf50d2ae3e2ec610fe8a2a8a722541ed21a270e30c84dd3e

SHA512
7ad14d65c73bf32fbb53113d77e00ae34485e256c8840f77c0453daf41ccdbe65092685937d134f5891787d50551c24e48c7e4c1dd9ba2350a8d774029bd60db

Download Submit
/storage/emulated/0/Android/data/xczlh.vkmonoh/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
/storage/emulated/0/Android/data/xczlh.vkmonoh/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
752c337a75ddffdb8c3647b811820784

SHA1
46e9a829a15a6181d50af751dad92bbeb2b9ee87

SHA256
8b6ba800509d7a8534ac0b9c7afb795626a7d4db7c18f55fb3201f130edf5288

SHA512
86770606954d36e517a63e7a1f6a8b5980590252f65536146c9fc6c0f5d5b5d7084fca56848b5f12fa6d3c10598036075e2815819242c0240f1b1dc22b51ccab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads