General
-
Target
ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772
-
Size
20.5MB
-
Sample
240701-cplmzawfqm
-
MD5
69a3362a56aceeae697d711b85ea1bd0
-
SHA1
05af8c183ee7934be6bb1077992be1aa79a4d17f
-
SHA256
ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772
-
SHA512
75f50d474571b4d722d623f7d74857fd831553f941bc5fe7b7b5b310ee2c8367adca0f4e32ee44ba9c5d945e76b8b6269d4197dcbd5efcea245dd6da118ae61b
-
SSDEEP
393216:/rTNsZsJA35z7A79L+piJ1mbgafiubcrZzbfT9i/zVN2I+TXu1qKpPbNiRSKcsaT:vzJA35z7c5R/mbBffc1z9i/zVN2Ike84
Behavioral task
behavioral1
Sample
ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772.apk
Resource
android-33-x64-arm64-20240624-en
Malware Config
Extracted
andrmonitor
https://anmon.name/mch.html
Targets
-
-
Target
ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772
-
Size
20.5MB
-
MD5
69a3362a56aceeae697d711b85ea1bd0
-
SHA1
05af8c183ee7934be6bb1077992be1aa79a4d17f
-
SHA256
ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772
-
SHA512
75f50d474571b4d722d623f7d74857fd831553f941bc5fe7b7b5b310ee2c8367adca0f4e32ee44ba9c5d945e76b8b6269d4197dcbd5efcea245dd6da118ae61b
-
SSDEEP
393216:/rTNsZsJA35z7A79L+piJ1mbgafiubcrZzbfT9i/zVN2I+TXu1qKpPbNiRSKcsaT:vzJA35z7c5R/mbBffc1z9i/zVN2Ike84
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1