andrmonitor | 583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b

Analysis

max time kernel
11s
max time network
157s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
01-05-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Size

20.5MB
MD5

5682f19f3a2723db1c7141c9157ab93e
SHA1

748ea5d804fafc742824bd4c2f9c0259822de99d
SHA256

583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b
SHA512

63884b29b4b4714a2330d43529148ee9e8aba2b3ed62dbf85f9187148f330e846de2cf8516db3d2b8b7cd5b6cfa989b2e9a00e6df89da76e0b317d2ba415d46e
SSDEEP

393216:HHusJA35z7A79L+4wr1mbgafiubc6ZxbdT9i/zVN2I+TX3VsKpPbNiRSKcsLJJ:HRJA35z7c5KBmbBffcQxvi/zVN2IkHGl

Score

10^/10

andrmonitor banker discovery evasion infostealer persistence spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5098	zufxtk.qtqhxzzsr

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/zufxtk.qtqhxzzsr/[email protected]	5098	zufxtk.qtqhxzzsr
/data/user/0/zufxtk.qtqhxzzsr/[email protected]	5098	zufxtk.qtqhxzzsr

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	zufxtk.qtqhxzzsr

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	zufxtk.qtqhxzzsr

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	zufxtk.qtqhxzzsr

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

zufxtk.qtqhxzzsr
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5098

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
124KB

MD5
9cf7e03179a00e0097bb8292c310a7f8

SHA1
8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

SHA256
b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

SHA512
1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
512B

MD5
a46abcc23530f55cc93f1d3e5bc032d9

SHA1
fb3c39c2c337b5a1aba2bb0fce8940d0d4273b24

SHA256
2a2c710ef43b74d1f50a438bd3ee61a329fad84a1bb005d24f98f2089944c28d

SHA512
b602ebc2c3922caa0e9e18a7b100c33623f2b70d2f59ffc20607c087e76598e67ef9459ffadf73261a95cdbbc94d6b104ce27bbe86b8e495c028284377af45cc

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
8KB

MD5
80577c453f93c8ede14798d81c8c00a5

SHA1
80a93a189df8fa3719f09c05085abe0c6d062922

SHA256
baf0242c2503abde00078b3c3ad36d587edc693cbcd3489f2c3d4add3ae17b41

SHA512
bfa656f73db8c9bc4cccd179f839ded27b7a7bd57ec37e86fad6e2049f3e56248f54d5aa493f8d2af3b199024006a0540015868fd22a9d426a9d3d7c2f8a7282

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
4KB

MD5
b92f33c12d9571ee569c0c71d9237daa

SHA1
8c624837d300fbe9bc3c7536530ae621426dd1d7

SHA256
66b25738aebab741bd336c33591061a539f57a51f3e4fa946df0ee269d92ab9c

SHA512
e0c688830f7fcc397840fee98da7b8566a826a968fe111f11092a6c4974b3ccc177627cae6f8347d9bac141994e5f5b3b6f7f5fb0d97a033076b927ce09b71da

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
8KB

MD5
9beadb33f9f705e0655a17578b84cfb4

SHA1
404007da272a86153672960faafd0401268581b3

SHA256
18d7379765c19c35b79a5d086d399c6a3b38c32c35a330fbcede0114b837c9de

SHA512
0852794724e0c27be9577803f3da46922784740037829bdd22555d176cd39133de76ba7a31b62bbadfc370a64f0171b7c88e8af00a35c5243de578968c100aae

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
12KB

MD5
5395d7a9aea6454fa458c489a9307e14

SHA1
2c1685b08f72af129106c0977656299cb24449a9

SHA256
4055743825994ebdf7d29f59bf3766bacddda4ad916822658b9374e10df24ac0

SHA512
0ffced8ce41d70b90e9956caab17e221ae55dce2b254b6464a104291c1416e71a4e1a3e11b0c8ce23447bd88df4ef5aca33e10e9ca2279aacd593d7ee8c803fc

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
20KB

MD5
6b0ef87f52b67049d35376e4f2a0994f

SHA1
ad50da63fea7a3ba63f25c86af4491267a95b940

SHA256
030787ec3aaf2100b972749db185001b56c956f4dde0200ed52f82856841d314

SHA512
70c87675cc8b168697d76bc441f852bb64bcda59e3e872f93f6f202c1e99fc82b83ffbc7416015a999089f73f40a4a4850807d7a3887ad3cccde778fcd94b541

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/[email protected]

Filesize
1.2MB

MD5
205a360b4d45a6e4688aec7a7265dc0a

SHA1
53f493d19040d517bf0b4a842d5f7e8865a443cd

SHA256
a78f1f6aa2fb421d336ac32befa711c6702050014dad9d07074528e8ee4598ff

SHA512
3c515d0d30b65fe025629a9a2da0b7c83a95d27ce87bb54739e15b719b99dbeb11e9db0f8bce1855fdc60c872eede02327c15a6bd8f57a7de2d22edcb972febd

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/[email protected]

Filesize
2.6MB

MD5
0c7c6b52525074c2a1aabaaaa33cd625

SHA1
161ba0350dab8e50d0988249c06b2a1c757189b4

SHA256
8ecf2f3210764f98e3713b9284bf0e3f49db5472fc0940bfd3d2624d4df5bece

SHA512
c7a872f5360b97c18a121d7e8827da32352ea7dbdd4c6ec8a80e7e950bf85c7a468230c81a7675c6815623b7b0ff2ada29584a5b0a87ce48e47ba391681be44f

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
6ce629031a213e71015b36dbcc18fe6b

SHA1
8c2dcaf0bc169b2a2cb21119182b32f65958e369

SHA256
afd06a2b7fea75b3f5a4ce8835846cb95d2e50ec87428798aafe9189868004f0

SHA512
1cba0ca71b9359dde78305ecd91248ebf14ff4402fba538777c105c5f997a1267fa62e264267cbe7cfd1561e045a38f92ba85f9220e2cd439712ab8a74b2739b

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
c74275c6f8cebd2e1510f9ed4a68258b

SHA1
5de002cb456a33b2e54f43a009680770d079dea5

SHA256
22dc2fb27037413dc9aab2fef27ed052776bcd68a740d96c997aa31dd8f1632a

SHA512
ded1c0604d1c6439cf569149d0e9f30d05d1ae8d7dbee2b0539c90027fe45046ae2ee6f582131055341a442aa7f8be4da73f948de88c2e5e6d1bb764f00f70e9

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
169B

MD5
1e1390f9294b2a340feb3f3d7e62d3f5

SHA1
c76b8f832c8d825031ad48de512052a2d30e3555

SHA256
c4123a7805e590165b10d2c5233bde9f5075390dd29f010f8fd9f2950a1862ba

SHA512
d913202d0c845cdbf7dfd57bbed1d17606d895fb30cefaf47a9d322935b9cff6996358226040765443afaba7178d1eae5f60b5ae5b6d9a43706b1193a8c98a9d

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
148B

MD5
410cb685508d38fd58de3ec35f29374e

SHA1
67ee0d37d732a38faeade168f1abc26f10aca6ac

SHA256
9e7e50f247cf2075b5b4a77a0b58603b0d223e6999fa29ef9884dca6c0ebce53

SHA512
d59ec306066e7b8dd581cf7a2592e170a7f43696ff7ba58588e05d86abfd48b531bbfe282a3b5e68d525c636c8bce9d4903809c73229386a003139eaa9d575c9

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
4KB

MD5
7b0943171ea0f48a76fe636b40108ee4

SHA1
dd121d683382bb4d0927c0b4b3619fd7da5b935e

SHA256
bf4e73bde4f64c247d19118e28e16f5dc342f795bdc4c9032b60fd060f4f1c99

SHA512
07de907c933fe8a0fdaba07724b5d32e32462c4862c77403d9f513c7d511ebe5420c56f27f0dc17c3a69cfd0abf83dd05e94859aabde9f9e68f196427ef83ee2

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
60B

MD5
1d62a1b9072b57e10a52628ab233aaae

SHA1
d4a88451f6e285fd69f6ae53399a5b3fff5ddbee

SHA256
89bfa82437be33bac32e976df8ba0e08de23c5d20f95d04428ee80c3aa90e885

SHA512
4acc9fdbd82bc18e97c0505ec1c4e2fb681916e3f6067afa44f7cc9476a4e774fba83b9f9397f72f4bc65d984a6a1d9ecbffa0f9a2903a44f697692216f99384

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
68B

MD5
a8ccd4ed589e1db63a79d301faeb6560

SHA1
8a95684543399b056d4a1c700a9bce024ebe2c6d

SHA256
87c6ca491bb590032ba4cfd4034465f1f5bf636109eea4a164a445617ad3e610

SHA512
2158737b0f3a13e85515ddf83a54e03f49d128b08370dc6298ee68e1af0e36bdd59cddcb53fcc798138efcb521d1439ad97bfd4b71c6c88f9f3d3cb9c01c10c7

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
160B

MD5
8f1f78945259db1d78f687905dd654dc

SHA1
084ec0f5062fbc7d85874e0bb73872ba2de08bfe

SHA256
dce52c432ba3902ea62071eb3e4a6c19aeab403ac8a8c3d7c84f6597ef13a58c

SHA512
050435dbbbe1d85dbf06c80a2b4b7e32ab422d8353350c0d0cb6054fc02a080bd454956167695bf4ee856d05fecfcbfd68d8f1dfdb3fe48cde2845f3580e769d

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
129B

MD5
7a09b019515e8cddfe083f70baf2de6e

SHA1
09c08b33464fcaa1bbe70fc76dc4bed4fdfb1ba1

SHA256
69e286dc8e48c6d24b9f3873b73714e413fc230b52342dce2d7b568d04f16858

SHA512
999de6fcb109cabd40b8c63e35513835c25e2833f626d6563dc7c2b18dfd8caf1dfb445cbe36fef454ed35fa783b70c7f2ebb3fa96a3bfb0c49d4968ab066e85

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
83B

MD5
826941bbac53d86e5d00e9e55cea925e

SHA1
804aa6bec689aa3fbb786cded95a5f5bb0a0e54e

SHA256
29e2e0b88aaf6f47825025253b1c3b11192c109f0e8587e0d620cd5e4e5163db

SHA512
cd75a77ea1ed59af80ce1971a43263fd14025c3ebe32e8168e97b8eeda8cd9fe2029d4fe4d7c45e608736a6746aba5e68e75e6b0b1f9abd0a639cfa43a1afafa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads