Analysis
-
max time kernel
21s -
max time network
181s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
01-06-2024 02:06
General
-
Target
7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2.apk
-
Size
20.5MB
-
MD5
95b2280beecef198e0000141611c25f5
-
SHA1
412f94db6e1472f3157a4ff2c3f73a090474a18c
-
SHA256
7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2
-
SHA512
91609c6b985210db45b578e261e13c5de8f070405b7d81a611fc3375e7603fa8e728bfd19fb9003369488ed4e906c3f10554a13b5c50530df4de86a7e12fff18
-
SSDEEP
393216:o5pST5h6sJA35z7A79L+icn1mbgafiubcNZjbZT9i/zVN2I+TXt5kKpPbNiRSKcG:btJA35z7c5k1mbBffcrjTi/zVN2IkdCd
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 4 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
ultfp.xluluazofns1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD59cf7e03179a00e0097bb8292c310a7f8
SHA18046f1a0d32003f672b2da8ba6c7eb8f54ffcd17
SHA256b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438
SHA5121d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6
-
Filesize
512B
MD50a45d7319244072ccdce08c9eb4993c1
SHA157842d4d02d960bcea72b93b829b4c6ed7512667
SHA2562707beebb345b63f0e38a239afcedc99bd74843a0e0c30ff8a914a1b4bd98e8d
SHA51299e8f7db5e9b01c5efec3a5e3194d5d06145f88d76ba40be74d24637ab5187a2b65ebdb47a143dc6e0549e3647921ef26e825f6788d34eff76e2367bd7b5c069
-
Filesize
8KB
MD52afc01e7c78b8b50d0f26805d27b4d16
SHA1fedcd726baf82ae3233639a6c597ba883ef9841f
SHA256b91771194b0b8b113ec1abcc4792eebd38388f739296c92cea782bfaba27e6ec
SHA512d2598221ff855c3143286c4b750a95861275db6fa57eaee6d2b9b1bf659aec7a619456ea31a821ff40c1ea54707388cf1b746139ae95410cf2fc5796275cc850
-
Filesize
4KB
MD5f3704b6a1cd80390a89acc6089a72aef
SHA1d173e4e0274c487393306b859b6ec804bb5abe67
SHA256da46cd6cb64a8d03e5853fa82b1bc709205dea6abea0486f7771eec5202b08b1
SHA5124baee41e1bd3ccaa45268990f5c94285af21aa528d5b3fabf8bb731ffcefe32e952b715317c2c67a456f34b8cc54f84089c83a14f739051dbbf46cf25bb5d3fc
-
Filesize
8KB
MD5418509b5082ce26ff135652771f3466c
SHA1948f36de04f362d31233329e68c016c576d04191
SHA256e54136a0430e50779a3dea3032fe88e8a4a1a9dde90ecdaad64b48d2e8ad563b
SHA512daa07daba99f4929ff6fbecbe76e86921beda9f2924bf42262011c771de7bcb17aa1e155b3903a562919fce600b374bf3f5657236e3315042cf6cafdfd9a8900
-
Filesize
12KB
MD538f4ed606b4275ce2a43141b2be72b2e
SHA1e9a1f7f1758ff7f05ecd2000343916f84b0be275
SHA2564d27b2f943c1a21fb3e8e2a1eaec7180a4168ff43d151aa09d129157c8121f07
SHA512ddfb52df013611be18df875881c2f8f0fe62a7e5c7eab6faa44f426c3305f12ce67fe04d1b87ac365d4f6c66110d160a5674d60c4c1716d2ed1388a502c59626
-
Filesize
20KB
MD50875582c16d793ea6e4fa271061a69d3
SHA1e88cc1f0d31e4651e2c6ca425cd4629ae7811d1c
SHA256d195894069490ac30cb19a797d91a9ec123f5d01b18d47d3baee309d656024d1
SHA51250d70ee2cd1a3070442246849c46386b7f54d901868a3901b24bd16af1119c9fb9597b43fe289ac765bfdaf12a72f9b6a2b02dec3f4e20c04b04347e7c4665a8
-
Filesize
2.6MB
MD5a11095265b09ae16734bc3b64a287e71
SHA1880f31b9f8816a40960b0276447e2252194d5f0e
SHA256886111a93011a48dfb6eb6231c42864b42364bd8a71d0efc229188653dbe0a9f
SHA51281963a169cfbe9dbc6a47a5d5c52d3f25ad3b56e82ad24206b24b257f0118d52393174a4219f6b27b4cb3a2ba8eeb832e61ea5bfb2b2160cee63a895a28cddc0
-
Filesize
1.2MB
MD5cb16f947895faf71d09cb5ad792b0e35
SHA1c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7
SHA256e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef
SHA5128ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba
-
Filesize
2.6MB
MD5b6d3a4cf3c50723d4c2b606550f66078
SHA1fe6541e98b3cc04a31d269c3dd51beda11814796
SHA256e10b67c58d2778bbcafa71e34353c26a089eaef19021b8a52274708c6c664a8b
SHA5126b482bec5b3bf9f39f09164b67a416f238973e799a88245422a06caeeda73daf0aa0fa4e319384e6ac6c03c99c5808c9cba990ab5028169e820a2d8694eb7c5e
-
Filesize
1.2MB
MD51e05a2d987a9b8ace6ec423e1de9ae2b
SHA18ba9fad037667f9a091541ac11cf4e27965d5288
SHA256743e7d3660de8e672bf0d07078d8e540b1cdb17d216e63b8703fa180c97179b6
SHA5121744113900cd787eb4ee34c9fe5b72dbefd4e6c334373f6f32adde0e3de22044a2cdb1ed9a6137e4dfdb7ec53a7b77fd5d059e07976569a30e192e680233d54c
-
Filesize
171B
MD59d6c7d0ad97e3a3b2698de1324d53db0
SHA13e8cdd7e85688046ee643f839bc66692ec8e1f56
SHA2566a9d0c9bc546eb2a7d491409ee6a6908e5f3463d60a2a15f607282ef57bb4d4f
SHA512054ed72a6fbf530f320666dc0f58d6918b875cc32002cc2ab3286191ba6ab0c69bb0dcfdb98b978b3f9909a0e1749401fcea51454136a9807404c8bae817f15d
-
Filesize
150B
MD52ff3e1630927076cad00a30943cbe9bd
SHA1cb0e37f72a3c462b57c439158dc980556b887975
SHA256188e8ca8c40f41e58287d90f927c0e35019151848512b022ef0e1ed569d41da6
SHA5120bf6b0ffb4b5b5d96684073606e0aa32c7ab22edbf8d0adcf7b1f73e77570f5eee890637321f7edbe9ab18ba605cf4297b4d0a56e61bcfa989f0ab02b0fef48b
-
Filesize
4KB
MD5273bfe7998295955c38713112121180f
SHA15ff8d2c2c6ae11c81f79c024910fed2040c739a7
SHA2563f50a145bd87ce9786c483b4f9cd999177e9857978df53e582ed290c4e96b046
SHA512889ae190148d42a3bdd28a3e58ec3d15ce1bb2333f2af5e5234eda50ec94ea5b98e066a5b4afea9c8ac9d3eea50a7654ed555d539d04308c617037ce8314d260
-
Filesize
62B
MD53131605c99db7be25b4594c37e050a0f
SHA12034cdc2c6ed70db9e1584854e4059a4e140504c
SHA256440b9269f634c1cf90ad9ae54794992637344b14ebb9a38c6ac5438198da9248
SHA51223e23ec8e4876b1527775f52c8197c134aa956ce2982900462b152f638bced58b00bfa7e4a49e10cf122c0d46448b1ebf316c0a342bc3cc1b8d9b954b006ebac
-
Filesize
70B
MD56053374b8b5ec2b3500e6a661c8f91d0
SHA143060655f8bbcfcc12df5449de7d878563dcb43c
SHA256a9736bf9cfb88e8d895ddd65a215fdfcc55e8c6814c2ed7675a35338c462df8d
SHA512767dad7aedafbc72590117ca67f5fdc32d89b5d8e873f61e38e3fdf2f51d635f5e344f3e5687f7633a079d944d0b4bbcb79d03d7f44a9b90766ae34585d148c1
-
Filesize
164B
MD5c7d1165e7f0aa9e6a993bd133c9bcab9
SHA1f5b2b6acd5bfa71ede6ec9472b4c7bfe09195fdb
SHA256c7d52ffc64b3e32af4175eace24099687b7da70c584dbdc0a6b38bda6299d285
SHA512108b5bbcc06af0e0b4bd0cb643df15187ed8eeb0d1aaf6488645d2abd4d7fb0fe480e5fec7125df81c6d69f4a074beb127bf63ca6b5bbbd7000cdd7a0dcd230b
-
Filesize
132B
MD5364cbbde46632b3035d97c46d5e563e4
SHA1b4ba0983e4b48259c3ac37d200f1017cb16045c1
SHA2560b7732b3dc84524062d3ac4c330788bf5e7ecbae884661c501cf5c4b631ae3f4
SHA512898a72806d94589d3d724e83115e855e48e639687f2113910ffa3dcee84ce6e566dbac4265e42a6083d072a78647c498adab1e1908ef580035092bed8888fcbd
-
Filesize
81B
MD5b8b5f3bfc09d894b59b046a334c95afb
SHA163553f7add999d1f9279baae996086f6da7e5c63
SHA256724cec8037ad196328560e2dee682aff4e295682d738789468d8123e9d447871
SHA51230d8ca6f0c05b027d1fe1504a5c95efb8b48ab61a8da85fbe49fe5c24cd23266450e95e48cc735244e764019c6065e5b8420d615baaa39d3abc6489479f66b67