Analysis
-
max time kernel
150s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
02-05-2024 01:25
Behavioral task
behavioral1
Sample
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Resource
android-33-x64-arm64-20240229-en
General
-
Target
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
-
Size
20.5MB
-
MD5
5682f19f3a2723db1c7141c9157ab93e
-
SHA1
748ea5d804fafc742824bd4c2f9c0259822de99d
-
SHA256
583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b
-
SHA512
63884b29b4b4714a2330d43529148ee9e8aba2b3ed62dbf85f9187148f330e846de2cf8516db3d2b8b7cd5b6cfa989b2e9a00e6df89da76e0b317d2ba415d46e
-
SSDEEP
393216:HHusJA35z7A79L+4wr1mbgafiubc6ZxbdT9i/zVN2I+TX3VsKpPbNiRSKcsLJJ:HRJA35z7c5KBmbBffcQxvi/zVN2IkHGl
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
pid Process 4310 zufxtk.qtqhxzzsr 4310 zufxtk.qtqhxzzsr -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process Anonymous-DexFile@0xcd971000-0xcdc02110 4310 zufxtk.qtqhxzzsr Anonymous-DexFile@0xcdd49000-0xcde73958 4310 zufxtk.qtqhxzzsr -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground zufxtk.qtqhxzzsr -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts zufxtk.qtqhxzzsr -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo zufxtk.qtqhxzzsr -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver zufxtk.qtqhxzzsr -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock zufxtk.qtqhxzzsr -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo zufxtk.qtqhxzzsr -
Requests dangerous framework permissions 3 IoCs
description ioc Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW
Processes
-
zufxtk.qtqhxzzsr1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Requests cell location
PID:4310 -
su2⤵PID:4347
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD54c0ccabb25100a908b9db06434a6af8b
SHA1555d9ecfa42e17aec483e1c05be0fc1362db9e66
SHA25679aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304
SHA512b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb
-
Filesize
96KB
MD56074f1069dc0f162de7bb7c90f5bb2de
SHA1813777be5bbcf4096124475a163c5936541516f4
SHA2565a7317599325a503de5f72d57ffb4be24fa011c783e27fd5f2e4f6c0e4a05198
SHA5124fbba9531a5eac90b2d374ce375f4a2bc1d637d2584821a0fe962de6a516d91d3b52b20f15e7e16d7e86971e0f32156fb8a90584f2ed8f7150273874c72d70aa
-
Filesize
96KB
MD52f217f9e4736bb667431fa1908a7b4ce
SHA19b602fc01b0d92c8dde217b1ba698839c5ae1cf1
SHA25677ac0c9d8b711ae036386899e867f6569429304e99fc601f66535f80d84f0692
SHA512ea7f9947a8b48379e344e9f106704de5aa2faa612e81a56d2a20c102d414935a38cd17bf738bbe7212db3a1983e61ce96b4286317ea0c4d76b6b928c651b5d0a
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
96KB
MD5da546579eeb40176721eba65c3a741eb
SHA1a70619fbd820b1015e390cdf6e5fa084e9f5e0f2
SHA2568f42876092377396b34dc102e419b1824ac2cb576257f2af316fe2ceff0f7902
SHA512a093d743a32ed038178b67116b761e13d9db65663ae0fa7eb6073468ba10a9ee46b1c5fdcf02285f873e4075d94201fa8e6919745255d95a7a51016e599cbb38
-
Filesize
144KB
MD5670236136ef95845f8fe7f68a16dad5a
SHA1ee1f186e47642442e79244ef60144a3adff89e6a
SHA2564adc5630fffda362fbd95d2586e51ee462881fd8514fd1dedb3b7f7193f5a7c7
SHA512446a33d3a75bfe1d1f8f54f97b298aca4b9da823863d0c4f0800cd5db9d05d728074d99ec1c93b45e6af2af2f8a79650350439b2351f94895e365484b7c87c04
-
Filesize
512B
MD52227a38d4140c769cf4913f2113491ba
SHA17025b552fad90b4c1a5cdb2a8c8f703aebd1f200
SHA256ec8065ffde6d179d5975bc3d9733d53dd39d1dba6f60457dc05da99b1a94299e
SHA51203d5a567593d618a541806cf6dca61925d815fd79604577fc0a2b8ff4e5112fced25f3f2a7c4b14a1e60b0b5bf3accd1d62a3bc547cef9f5e9215eafd708960f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
414KB
MD5b05360a4e24fefa3c308b85a20c533d0
SHA18394dae722247cb3bb6c00898083e43f789e0ecd
SHA2565d9e5fbbf453f2440af799ce52a5205ae2b30fbb62baf663ab4b7d9f9d1f48cb
SHA51242c678602755eb1a6948a5eb53c7bd1eea62bbdbef135d897d480e8016602560dd04d4f9a1ea6fba1e0cebc895fb2563e8c95595bc91d345e6bbc29a9c389337
-
Filesize
8KB
MD5869a773595341b4a357adc7ad9e73429
SHA1b90aa483f08b19167841b75efd0365d8023f88b5
SHA256aff95eecff6dd9949f4e55bede89a5d2d4f937ffd075cd02e13cb92af79d04c9
SHA5125ef0ceb84bc53ec7746d44f894758079460c66d0d451611970101683a1eb438ea3bf909a3bb6ce1b98be4a760a051464f7f0e468bf416da8123736f5b71208cd
-
Filesize
8KB
MD56eacbc1e4170dc859c0ec340879ee957
SHA1e9893280f7059f4bd5879e85531115ef79f373f4
SHA256af7731bd25959e0c615856ee9bf6076bf32a8fc7c57c3fe6cc133ca7cead0fc5
SHA512065e5f0b7453846483965b46b12bc8d0ff17f291d60827303f9b0e7442b6fbb61f4ded34aa1878f016d7d8d2c174609c5b4602aabc076b83c42c3095b1843e06
-
Filesize
4KB
MD5838a530f315b9d4e1d5b923930fae93c
SHA1a0da96c86f3ab88dffe1691e5afc0e1eb66b3543
SHA25626a96231fc142898f93f61d47258cbd0ba27c9d63fa7d4c304a4785a5052bcf2
SHA5123dc72c4939b088f6478caddae390ba7633bf9e851fc3955425a86933879c7e89f68da12be79f21bf4ee8d4a6e88d66c86eb40611461ff604e76476ddc9d9b658
-
Filesize
8KB
MD5c42e89503be6af809f34a75071b83823
SHA17ee99e05a97b7a75f1e4f3f9f1ae4dd23699da04
SHA25694e82934f9539bbdd8eb7e77a07c637203500bd9a762c7dc0c8a667f2ed65d4d
SHA5127eac2ec2a1203e1d98958147a7babe36de810a20ef5304f5fb5fb30eb7e74378226db440b25437194e1218b91d706aec42efe5c45a8c91acaebd09dc554208de
-
Filesize
418KB
MD5ec434428f8ced75baa974cada01d51ca
SHA1580da61a51f407796b8c6865b7deeaeee86d4e2e
SHA2569e36725b663ab9c593fbcc0375fee2605b9118114f2f5236273748b00967cb80
SHA512fad7088b3ccf7928b7862f5686eef5d1d03225a8ac71fa032833bf34c64db76b12923d13a01d2535a20641064c53136a703cb8d7c41397bf858fb949e225b9a9
-
Filesize
2.6MB
MD56ce629031a213e71015b36dbcc18fe6b
SHA18c2dcaf0bc169b2a2cb21119182b32f65958e369
SHA256afd06a2b7fea75b3f5a4ce8835846cb95d2e50ec87428798aafe9189868004f0
SHA5121cba0ca71b9359dde78305ecd91248ebf14ff4402fba538777c105c5f997a1267fa62e264267cbe7cfd1561e045a38f92ba85f9220e2cd439712ab8a74b2739b
-
Filesize
1.2MB
MD5c74275c6f8cebd2e1510f9ed4a68258b
SHA15de002cb456a33b2e54f43a009680770d079dea5
SHA25622dc2fb27037413dc9aab2fef27ed052776bcd68a740d96c997aa31dd8f1632a
SHA512ded1c0604d1c6439cf569149d0e9f30d05d1ae8d7dbee2b0539c90027fe45046ae2ee6f582131055341a442aa7f8be4da73f948de88c2e5e6d1bb764f00f70e9
-
Filesize
170B
MD511e59049fc9e36d26fb8edf7709740e4
SHA1d72ffc1cfa54a0ad1681e99d125a5d229143458f
SHA25641175769b1122aad54b76aa077408a3a590614930235af136b643a72867162ce
SHA512c14bd9b2b3cde0b218cd2aebdc5437d206fb9e6d4861a4481f267359e5fa8fa9e1ace3b87c0106dbb7c5d1b5f239969786ae161d029555b61eb44811920c4025
-
Filesize
149B
MD5f802b732f90c7a2633357187c256935d
SHA1a22499773bb50e044f79c43c5140d7d5fd2b950c
SHA2561871bfc3fa77d1a9a2c9afaf05196cbac97c398844537079dfeb56140cae68e7
SHA512524bdc9d8e7784ed3fe98dc6bb6d868bbcfa60874cc2e3c41a5f378bfda8a666ec4ef991ebd3a03d075cc117e812142a201baaa78778284a3e50193a9e7542d0
-
Filesize
3KB
MD50e6919c523fe59bb6fe989186b0741dd
SHA18c95e77b2f4c5739c59c0519969efdc1bc6d7a62
SHA2568b0cc0aae67836893462c842c1319abb48d48bbcdebdea73908a9718237c5832
SHA512ba1bdb022aa0b9626272ebd26f6d615737ee0beacc92ee5bd82726f0168f4d4c46ffac3d353c3a630b2d1bebe1ca3d505fbe5a705cadd59f874e5beec6f2566d
-
Filesize
61B
MD514365832d301df3e9b6ef7b21c657e93
SHA1dba06bfdcf14a2479c4f6197b3d7dd0fb5d98e0a
SHA2569005b4881bd613b4f73ee3234898965542a900f7da0ce639c0f3e45a59f73eba
SHA5121a7a5e2c1a8eebdcc95b9fdcde2fcce0052f685722ef269d47e601f09c19f73d3b88472996edddff6a1616c3f06569d3506fa216155a2b5f3351eeb9cb08da6d
-
Filesize
69B
MD52bf48b13dc574cd174d458b19658c568
SHA116000a376034d367dbf421cc92cb57337013a2cc
SHA2568288dd7c9280de8a6db2dcec195b3f765ac8a0668df4b49817c070803b7cdeb0
SHA512028b985039cfc7b317df60f53b3abd016af0d6810512164eea57abed7d6eb8c4e3f109e08062e082c9a1c5982211ac98ed9b9642bd7f1ec1db36f20175b7435b
-
Filesize
158B
MD5f1de34ea05cfe4b3808226bfded15bef
SHA11b5c632ccdcc01709cb1cd0f73164e69c4af5a5d
SHA25694b4a0046cc9998aa3a66460263c58e4f5fa645314ab0fbca9e0d73e46630218
SHA5124eb8bac4b448a36528d6b187223adaea5e5f9998fcc5e4e8bd7cf97f3122ff0e71e276c51ff7d00a2e0e73d38299229a3c7b0a0122eda582a9777eb47162dfac
-
Filesize
130B
MD55cdc3c6dce75a8886be2d53710722ba5
SHA1b5323df7d4accf86f645bcce7571ed8a574c938f
SHA256a7a80a6d545053c4bc797d05eb0070a894198c8f4727716880864bdd52c74bd4
SHA5122df62b9472553f9876e3496cfc04443fee8d5340e7af7aa64ea3e4d1d4b929386203af5b9e765304f613514e93df4fccd63d52f699d06201d644dff3872009ba
-
Filesize
26KB
MD5f60165fe36dfdc5ea5abbf3d5f2f62d2
SHA14f3cf8a27c6af5d36757a92e1ac006c38729d991
SHA256711ce236c659ecf0df524b681fcefc3ecb3a27e6d1883f26503aacccf934d38f
SHA512e9d008d3c1bc47a515d7bb323d63efe453afb56c5ca07e95ba81b9b8828696c056a3346f6e144c965d7b8ff691d74e8cb221abfe43a48343c05738bda70f7f17
-
Filesize
6KB
MD5d992f7924dbfb4ebd8e0b354eedbe3a3
SHA16946f9b2fbbd5082f9f5c55a6de97ffe2702089c
SHA2561d067490ebad00f21548156a45b4975e6efd1a813dd07d5e4e0ce957e9510869
SHA512d34ba15b571accc9a899f5e46358d17d0306ab5c0fc598f58054790ee93a0d0a0b1949e14b78fc1c9a5266fba2eee2888dd18322a4073d89a1627caa04a8befb
-
Filesize
217B
MD51f6998b3249dd30e40a8d3d37fc58e28
SHA1d677e6371011ff438d75c8427af97d57034a4597
SHA256a50014788bee876483676188526d2767e489821e55a68713eec2dc512008584a
SHA512865af4b724dc7ab2d8be1ae7c5a2354f3b93ef56fe13396201147f96bfea8ca5f0ef79df1443f0d3b5cb6861978d63d681fa4f05513a614b0b351f9e27727cc9
-
Filesize
39KB
MD5b8cc1d0cbaea87bde5807dd249ec919d
SHA19dd70fbb0c83a59d0fccbeb881bc25b34285cd42
SHA256dcb870a7be3d6ce1086b6ba14101f1d3710a2450638ead593de468a77d10fb50
SHA512261aef3232aed406c2d1c96a9a365068594ee7dd4750bca8acc2659a5529d9bd11f981d688472448e642c4586ea5fe048d09c3dae5207c36193bca897ef14d6c
-
Filesize
83B
MD5826941bbac53d86e5d00e9e55cea925e
SHA1804aa6bec689aa3fbb786cded95a5f5bb0a0e54e
SHA25629e2e0b88aaf6f47825025253b1c3b11192c109f0e8587e0d620cd5e4e5163db
SHA512cd75a77ea1ed59af80ce1971a43263fd14025c3ebe32e8168e97b8eeda8cd9fe2029d4fe4d7c45e608736a6746aba5e68e75e6b0b1f9abd0a639cfa43a1afafa
-
Filesize
64KB
MD513684d2547f64dabfe299d1c6553a05f
SHA1b000477d2cb51e917f2ebce3a8c53745ba7e0fd0
SHA2563cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0
SHA512e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217
-
Filesize
64KB
MD54d48683c7d94ce23efe44a67a1c3ae39
SHA1bb85e13bcc11b6fd12ada7d2d97cde39d55dae44
SHA256725dd06122d50279501c5c2a9c3ea55280ca6d25c4bcd25b9e2ac4aea2ba965a
SHA512fcc32c08b7987c16f79a5cd5030de9f023e75f766c7cd0c54bb6d8f0bb806ecf8f3882135ab1f032b92d3a7f84aab0896069a1e8173af66a06f3f4ee0e269e1f
-
Filesize
2.6MB
MD50c7c6b52525074c2a1aabaaaa33cd625
SHA1161ba0350dab8e50d0988249c06b2a1c757189b4
SHA2568ecf2f3210764f98e3713b9284bf0e3f49db5472fc0940bfd3d2624d4df5bece
SHA512c7a872f5360b97c18a121d7e8827da32352ea7dbdd4c6ec8a80e7e950bf85c7a468230c81a7675c6815623b7b0ff2ada29584a5b0a87ce48e47ba391681be44f
-
Filesize
1.2MB
MD5205a360b4d45a6e4688aec7a7265dc0a
SHA153f493d19040d517bf0b4a842d5f7e8865a443cd
SHA256a78f1f6aa2fb421d336ac32befa711c6702050014dad9d07074528e8ee4598ff
SHA5123c515d0d30b65fe025629a9a2da0b7c83a95d27ce87bb54739e15b719b99dbeb11e9db0f8bce1855fdc60c872eede02327c15a6bd8f57a7de2d22edcb972febd