andrmonitor | 583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b

Analysis

max time kernel
143s
max time network
155s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
02-05-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Size

20.5MB
MD5

5682f19f3a2723db1c7141c9157ab93e
SHA1

748ea5d804fafc742824bd4c2f9c0259822de99d
SHA256

583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b
SHA512

63884b29b4b4714a2330d43529148ee9e8aba2b3ed62dbf85f9187148f330e846de2cf8516db3d2b8b7cd5b6cfa989b2e9a00e6df89da76e0b317d2ba415d46e
SSDEEP

393216:HHusJA35z7A79L+4wr1mbgafiubc6ZxbdT9i/zVN2I+TX3VsKpPbNiRSKcsLJJ:HRJA35z7c5KBmbBffcQxvi/zVN2IkHGl

Score

10^/10

andrmonitor banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/zufxtk.qtqhxzzsr/[email protected]	4247	zufxtk.qtqhxzzsr
/data/user/0/zufxtk.qtqhxzzsr/[email protected]	4247	zufxtk.qtqhxzzsr

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	zufxtk.qtqhxzzsr

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	zufxtk.qtqhxzzsr

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	zufxtk.qtqhxzzsr

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	zufxtk.qtqhxzzsr

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

zufxtk.qtqhxzzsr
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Requests cell location
PID:4247

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/zufxtk.qtqhxzzsr/[email protected]

Filesize
1.2MB

MD5
205a360b4d45a6e4688aec7a7265dc0a

SHA1
53f493d19040d517bf0b4a842d5f7e8865a443cd

SHA256
a78f1f6aa2fb421d336ac32befa711c6702050014dad9d07074528e8ee4598ff

SHA512
3c515d0d30b65fe025629a9a2da0b7c83a95d27ce87bb54739e15b719b99dbeb11e9db0f8bce1855fdc60c872eede02327c15a6bd8f57a7de2d22edcb972febd

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/[email protected]

Filesize
2.6MB

MD5
0c7c6b52525074c2a1aabaaaa33cd625

SHA1
161ba0350dab8e50d0988249c06b2a1c757189b4

SHA256
8ecf2f3210764f98e3713b9284bf0e3f49db5472fc0940bfd3d2624d4df5bece

SHA512
c7a872f5360b97c18a121d7e8827da32352ea7dbdd4c6ec8a80e7e950bf85c7a468230c81a7675c6815623b7b0ff2ada29584a5b0a87ce48e47ba391681be44f

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
124KB

MD5
011cd6a11afb071cc79ef5019e0548e2

SHA1
06456658c8ad8e29492347ea80b83b0cd1dd20f0

SHA256
9b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97

SHA512
ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
96KB

MD5
acf773c6084ac42964ec60b5f688e12a

SHA1
cfdd55ec8d68b105d35f83ddfe7701477fb0cfb5

SHA256
24bef2607014a67af8b75d6ba613eabd9582a0fc497d52d16d116d5b03c02dc0

SHA512
9086b8e86020d4fec0c52da73f0b8d65583e30bf699a5a292aaf4df97b1ef68da1e9a3a3348333d8328bf2fa524c62d6e43955bc2bffc2255cff3990c88b2036

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
96KB

MD5
f2ebe41dcaeb4a024f29472331c63df2

SHA1
0cf1244b9abb5c6902f3169b31244abd63001daf

SHA256
bdc098f13e4e47885269269a5898ca2cd99deeb983e297a1223d8daf369cba2b

SHA512
45cf34646b732ea7849d80df45dbd58a0d950d5f890bc9150289ff21f04654c8d19d33ccbc0edc7b56740bddddc3649ec210214e07719e124323bba42c1661bb

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
96KB

MD5
2f4021a1216c8c47bb441f3f4f265815

SHA1
e666280b2a390369b1e1d400adafd59525fedcf9

SHA256
ffe9b8abe2d7b796fb8a11fe758383f1e1370db13911918b004ff21f3932d0f9

SHA512
4f671a7d48d614c70c99b316ab11a467882fe582df5d9f04b1237d4b5a01fc9fa8367b44dea73c58158bb00c1c48c5e3d8064857d7405dbd92269ab185e492e6

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
96KB

MD5
ea8e7442d06564ee8708ad2a6f75b934

SHA1
4f16ec117c588b264b904cef8493a9f39a4b08da

SHA256
a5b8872d18496cfb48eb214e636ca07275e01c3139f78cde37cab3470b079579

SHA512
8a9540447a80926ab5fe00cb7d3ba7c68b34d3264830d497e3b9350a120b61a966fa84bb4162ff40096c9b75b028cddf3521a6b217ac5cf7d8bd2aecc9b25220

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB

Filesize
172KB

MD5
5478be841922fd6783a1fdf4a8abeb6f

SHA1
24ca4913e843e283623027f7f88a7ec4c62670df

SHA256
af9c29264502df7af7dac3289da4aa0af017f5ba2e69d6bc9b33c06f15dc0d36

SHA512
0d7a78376828cce9781956b56359b56b5371c048d6f66b78f0e76c3563b1ec2419898de1a68fb09c21730d186ae0879ccbf0f94c5eb0aa4510fd658658baf045

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
512B

MD5
49285df3f305a5dde63ebe9177ff1c4a

SHA1
48ae0d611c88265250621064705aaeb56208e661

SHA256
f1f61cc410a7a67ccf584460cc27abf06c7ba163f93bd5019ccd08ea052ab2f9

SHA512
04c974c18a41acd1f64a77a9152b72478d1845e127a365df9c9b73c287b699b33277bd84fa9cf2746acde0f1113c5f653dd19fce60d468b1bc71ee332ca60231

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
8KB

MD5
a247ca974f9bbc4d6cf79e524842b3d1

SHA1
6712923b75c364efc2befa9e12c9d2548c93cc18

SHA256
2c593ca4b0c9cbeb106b0c8701f928dc762fbf6f6918cc810308fe4f740f926c

SHA512
5224b8fe0e1c5b0c6a9ba847cc908ec0a92b1c5a2fdcb5d47fdb299c43f71bf879a1634f1594bc3916a434af85db31654c9210bdc7f185fb86600268d744b321

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
4KB

MD5
fe0b7e16cf8a02a0737b1c425a72c827

SHA1
f23404e75ad69b452375d370985b658b2a8fc08d

SHA256
1196faa178bc3a87c640f147afc4ef2e0ee2cf5c18ea3959eeb548b91fb051be

SHA512
c52ff54c6a34ec549da8db44b15f9ead5a14d7764d0f17520b27f01643eb1c97be43ec930e66d70b8c9575adce9b674dcbd675949b450012c0de86460feb42d2

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
8KB

MD5
c15be62ab1aefe1765592a60bc6a2762

SHA1
1f7b56fc221c413bb6719441e13ce7071678c236

SHA256
5ffbbe58c3d46d09b739d90022fd92030f8c474643cb423a4412e33e538c38f8

SHA512
368ca58f661c21ca05e6eb00633262afa13fa138f697dae954b33faaf7f9dbda1296622c6a52e8620d179d5586964dd181b3a8fc3ec01437d70ef0a428e93c9f

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
12KB

MD5
8f4a4fb0a542b5b172578b40cfca37d5

SHA1
1d22efb5ea34121a9d0b43e97af11437926fee81

SHA256
f6ea6bc056104be8cfcfb0a64bd4d65a8fb3e1bbf4dc506d306958ea3280d4b4

SHA512
b995d85b085fe44924d583349cf9d33f231a382c45644f72085ceb92fe6f887b8c0f8380d0b16c84ec40a6472b3bbfcbb8ae6c215e71e6fa77931a2032904247

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/databases/SettingsDB-journal

Filesize
24KB

MD5
77df106bb4e1231979b4c2f77fee2abf

SHA1
cf61ecc79c36f89a030b24c62475e1daabc8ce2e

SHA256
4efd725057ef6ca6482ebcb4ec389c47e6d4594a5b798232c79093270f89787a

SHA512
5e2d1750272ce2148973c382550bb0116d2916fad03c7d10c4eb7cb454a02c0cf349a99382a6c5ebb56dc416071005303ed54456e364db1283ec3d55eb4b6a89

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
6ce629031a213e71015b36dbcc18fe6b

SHA1
8c2dcaf0bc169b2a2cb21119182b32f65958e369

SHA256
afd06a2b7fea75b3f5a4ce8835846cb95d2e50ec87428798aafe9189868004f0

SHA512
1cba0ca71b9359dde78305ecd91248ebf14ff4402fba538777c105c5f997a1267fa62e264267cbe7cfd1561e045a38f92ba85f9220e2cd439712ab8a74b2739b

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
c74275c6f8cebd2e1510f9ed4a68258b

SHA1
5de002cb456a33b2e54f43a009680770d079dea5

SHA256
22dc2fb27037413dc9aab2fef27ed052776bcd68a740d96c997aa31dd8f1632a

SHA512
ded1c0604d1c6439cf569149d0e9f30d05d1ae8d7dbee2b0539c90027fe45046ae2ee6f582131055341a442aa7f8be4da73f948de88c2e5e6d1bb764f00f70e9

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
5338691d494aacc1ee645d862827d308

SHA1
43e300011da251140892cde94ce86e199d20e730

SHA256
095b2cf3e5418765ddd09abad7281c9ac4da143c81163c951412f0dc44bb08b4

SHA512
cc8c5a90c9d13255b8d900f117324cff74bcbc7d43267684f4b5c61c4f65626c53d3b7de08d72a6e116d49905e567af5f192b9d1cd0a4c39615b44aff2971f67

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
d86adb3c3a76ba1d11ade41f631e256e

SHA1
5d38812d1f9743fe971dd60d925ffab5a1006a13

SHA256
5066bad794d17ea688f49b18ec38c6dda1b5c0ec81a7103054e406ea5dcd4e7c

SHA512
ded3f6beb796da1ba2d0146217e21eef7834f9ebc95de7d78c293a5b77607ccb3581acc2e9e71afb2149c3f64acd282617981bad15cd4a8031bc79327169d283

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
4KB

MD5
ec972ff156606f351df01ae7a603ad46

SHA1
431cde834e3aa9e202f5240ff215b20a0baf9532

SHA256
bc6983598ae65fd2c03182de2f5562cd7d8f69268dd277b403417b83da47add5

SHA512
86025280f35f9e36777f649f31fd26838018184f0c3c17ac172a1d6a619434582302259524192aa5ce02d672e71ef1180ac9dfb453056e2b542bede5226415f6

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
fa3411fc4d951a6e20954a1fcd7c9a08

SHA1
c6750513138ccc49c13c8091ddc870721427d123

SHA256
610fc1ade6c6fff45e405198f6146b811bb6cfca90736f41f5df4b8e153f0a9d

SHA512
5f5cc9152a12de16ae11a0cfa31929794f4fc52ddfea0e0f032c5861373ff6133586c162f98d4c84f75f60c836043fd177f027c963077b1b5aa43361b2666570

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
1554a3b2cc07cbd543958e3f6e2259f0

SHA1
e641b79e982dbff0a4b72e463bd1cb518ae34cce

SHA256
111fd00bd34bb7f3c3bac56a29df43c3bfce7f9ca198ef572cfb5136c19063f4

SHA512
a0a232dcab6861d98324ef70d1eed0c115e7c7badbb344c14103e64d4039dd12f2f9c952b774c8945b3f6f92fde0946e7c58c1d1a76ac774c36996e3cc48136d

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
188B

MD5
c02701e79f397f9c37f13b90a0400f69

SHA1
dcec32253505c4134b81f72e01f46dae9ec045ec

SHA256
f0d9c72cbf53cda10d0e069c2a3671ce3a762b04a07c241eef433ffb1f804377

SHA512
41befcd599a148bd533533914211617ad03199f6db6e569ca111ae6ce74610fb9be3ba851c3d3642f07a7aba6209e96037646185e1e3f4fa7713a5f66117492a

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
f7ca5ac2c49b9e2e9e0008083495fc29

SHA1
2573f9fb36601d2a8a4dc3da0350bb4f2aa7df08

SHA256
d905bf64965f7850e501dd2ad8b8104c4d9a3c49e2a7429112bd79c5f06b8dd7

SHA512
062d54d7a2b4a5bf86b0c48417fb35d22500854f7f2149bb935afbe41996d72a01fb172a729db8c23ffbc7dd14d6dacb4712d05dfcc349f9da5ee3c58927566d

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
27KB

MD5
58d4a4700df89496aa613558550511e2

SHA1
15b6ec1665f89a364cdb0aded9c5c0d1d9eeaa80

SHA256
1daf1bf9048b28855f614d996797a0797bf35a391a1ea1881c7c96ec03361126

SHA512
217382d00ef9a65e68945f0fde7e38537b4818b74608757c911602deb1f8f5c423aefc42739f4f7b9d7534ff15bcb22f2acf0172bf4f36f82fe8eb101a80a609

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
f72a73af9009f86317b207e62cfe1057

SHA1
522141b09a45c4f149db3d2a072c7f80e85c9a14

SHA256
fae35a39e7cba76f71239fd935aa7b9f4c291298a4b507b3c10f629721f2854e

SHA512
d38013433678887ee4081a9dd92dd99831a44dadc89f923b04fa32fd599198f9264288e7df9ceaa21ff45b4dfa98df5831013a35ab81563f6639a2f5ef5f5a91

Download Submit
/storage/emulated/0/.am/log_1714613127028.txt.zip

Filesize
216B

MD5
397d721c4d90791b02bf68b9091d8e3f

SHA1
badef23bd3d60acc163121ad1eb6c155fa885700

SHA256
cf93e9f3ce55daa573d56894166d30bf3a77786098ebccbe2c990ec1e6dce08d

SHA512
d6ab309da3f3b2fec8c51acd9f6e5759cce6f628852ad2732ee89b62ff6c10b2aa3975e414fb1c259ec8688ab4c59c9e00b7ea3701efcbbabf1c64cf9fdb8472

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
83B

MD5
826941bbac53d86e5d00e9e55cea925e

SHA1
804aa6bec689aa3fbb786cded95a5f5bb0a0e54e

SHA256
29e2e0b88aaf6f47825025253b1c3b11192c109f0e8587e0d620cd5e4e5163db

SHA512
cd75a77ea1ed59af80ce1971a43263fd14025c3ebe32e8168e97b8eeda8cd9fe2029d4fe4d7c45e608736a6746aba5e68e75e6b0b1f9abd0a639cfa43a1afafa

Download Submit
/storage/emulated/0/Android/data/zufxtk.qtqhxzzsr/files/Download/mch.apk

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads