andrmonitor | 960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

Analysis

max time kernel
304s
max time network
314s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01/08/2024, 02:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Size

20.5MB
MD5

662a29140ea32f87a19fa76996137563
SHA1

cd0a4bd3abbf0fe2773a9c7a7a589a0609582219
SHA256

960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4
SHA512

511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c
SSDEEP

393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Score

10^/10

andrmonitor banker collection discovery evasion execution infostealer persistence spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	xspcmj.qiegf
/sbin/su	xspcmj.qiegf

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4944	xspcmj.qiegf
4944	xspcmj.qiegf

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/xspcmj.qiegf/Anonymous-DexFile@1796898644.jar	4944	xspcmj.qiegf
/data/user/0/xspcmj.qiegf/Anonymous-DexFile@2791401983.jar	4944	xspcmj.qiegf

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	xspcmj.qiegf

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	xspcmj.qiegf

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 27 IoCs

flow	ioc
6	prog-money.com
55	anmon.name
26	anmon.name
48	anmon.name
52	anmon.name
10	anmon.name
35	anmon.name
45	anmon.name
51	anmon.name
66	anmon.name
7	prog-money.com
36	anmon.name
60	anmon.name
9	anmon.name
56	anmon.name
42	anmon.name
67	anmon.name
44	anmon.name
64	anmon.name
132	anmon.name
8	anmon.name
11	anmon.name
25	anmon.name
39	anmon.name
86	anmon.name
15	anmon.name
16	andmon.name

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	xspcmj.qiegf

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	xspcmj.qiegf

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	xspcmj.qiegf

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	xspcmj.qiegf

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	xspcmj.qiegf

xspcmj.qiegf
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4944

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.200.40
DNS

prog-money.com

Remote address:

1.1.1.1:53

Request

prog-money.com

IN A

Response

prog-money.com

IN A

157.90.2.159
GET

https://prog-money.com/am.html

Remote address:

157.90.2.159:443

Request

GET /am.html HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-length: 0
Content-Type: application/json; charset=utf8
Accept-Encoding: gzip
Host: prog-money.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Thu, 01 Aug 2024 02:38:07 GMT
Content-Type: text/html
Content-Length: 17
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 15:04:36 GMT
Accept-Ranges: bytes
GET

https://prog-money.com/file-log.html

Remote address:

157.90.2.159:443

Request

GET /file-log.html HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-length: 0
Content-Type: application/json; charset=utf8
Accept-Encoding: gzip
Host: prog-money.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Thu, 01 Aug 2024 02:38:15 GMT
Content-Type: text/html
Content-Length: 26
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 15:04:36 GMT
Accept-Ranges: bytes
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A

Response

anmon.name

IN A

142.132.131.208
GET

https://anmon.name/monitor_checker_link.php?ver=20240720

Remote address:

142.132.131.208:443

Request

GET /monitor_checker_link.php?ver=20240720 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-length: 0
Content-Type: application/json; charset=utf8
Accept-Encoding: gzip
Host: anmon.name

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:07 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/files/com.amon/MCh.apk

Remote address:

142.132.131.208:443

Request

POST /files/com.amon/MCh.apk HTTP/1.1
User-Agent: AM/20240720
Connection: close
Content-Type: application/x-www-form-urlencoded
Host: anmon.name
Accept-Encoding: gzip
Content-Length: 0

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:07 GMT
Server: Apache
Last-Modified: Thu, 06 Jul 2023 22:25:11 GMT
Accept-Ranges: bytes
Content-Length: 65911
Connection: close
Content-Type: application/vnd.android.package-archive
GET

https://anmon.name/monitor_checker_link.php?ver=20240720

Remote address:

142.132.131.208:443

Request

GET /monitor_checker_link.php?ver=20240720 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-length: 0
Content-Type: application/json; charset=utf8
Accept-Encoding: gzip
Host: anmon.name

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:07 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/files/com.amon/MCh.apk

Remote address:

142.132.131.208:443

Request

POST /files/com.amon/MCh.apk HTTP/1.1
User-Agent: AM/20240720
Connection: close
Content-Type: application/x-www-form-urlencoded
Host: anmon.name
Accept-Encoding: gzip
Content-Length: 0

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:07 GMT
Server: Apache
Last-Modified: Thu, 06 Jul 2023 22:25:11 GMT
Accept-Ranges: bytes
Content-Length: 65911
Connection: close
Content-Type: application/vnd.android.package-archive
POST

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

Remote address:

142.132.131.208:443

Request

POST /common/api.php?tp=SendData&type=0&count=0 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1739
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

andmon.name

Remote address:

1.1.1.1:53

Request

andmon.name

IN A

Response

andmon.name

IN A

144.76.58.8
POST

http://andmon.name/log.php

Remote address:

144.76.58.8:80

Request

POST /log.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
ENCTYPE: multipart/form-data
Content-Type: multipart/form-data; boundary=4XTqXpkeH2IE
Host: andmon.name
Accept-Encoding: gzip
Content-Length: 1098

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:16 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
X-Powered-By: PHP/5.6.31
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 107
Keep-Alive: timeout=2, max=100
Content-Type: text/html; charset=UTF-8
POST

http://andmon.name/log.php

Remote address:

144.76.58.8:80

Request

POST /log.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
ENCTYPE: multipart/form-data
Content-Type: multipart/form-data; boundary=yb0tq69ibEv3
Host: andmon.name
Accept-Encoding: gzip
Content-Length: 7914

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.6.31
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 99
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.228
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1397
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:38:54 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:39:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:39:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:40:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:40:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.74

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

216.58.212.202

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

216.58.212.234

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

216.58.213.10

semanticlocation-pa.googleapis.com

IN A

172.217.169.42

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

142.250.200.10
POST

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

Remote address:

142.132.131.208:443

Request

POST /common/api.php?tp=SendData&type=0&count=0 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:40:55 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

Remote address:

142.132.131.208:443

Request

POST /common/api.php?tp=SendData&type=0&count=0 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:41:05 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:41:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

173.194.76.84
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A

Response

anmon.name

IN A

142.132.131.208
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.206.84
DNS

update.googleapis.com

Remote address:

1.1.1.1:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

142.250.200.35
POST

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

Remote address:

142.132.131.208:443

Request

POST /common/api.php?tp=SendData&type=0&count=0 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:41:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:41:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

Remote address:

142.132.131.208:443

Request

POST /common/api.php?tp=SendData&type=0&count=0 HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 360
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:42:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.206.84
DNS

accounts.google.com

Remote address:

1.1.1.1:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.71.84
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A

Response

anmon.name

IN A

142.132.131.208
DNS

g.tenor.com

Remote address:

1.1.1.1:53

Request

g.tenor.com

IN A

Response

g.tenor.com

IN CNAME

tenor.googleapis.com

tenor.googleapis.com

IN A

142.250.187.202

tenor.googleapis.com

IN A

142.250.187.234

tenor.googleapis.com

IN A

172.217.16.234

tenor.googleapis.com

IN A

142.250.178.10

tenor.googleapis.com

IN A

142.250.200.42

tenor.googleapis.com

IN A

142.250.200.10

tenor.googleapis.com

IN A

216.58.201.106

tenor.googleapis.com

IN A

216.58.204.74

tenor.googleapis.com

IN A

142.250.180.10

tenor.googleapis.com

IN A

172.217.169.10

tenor.googleapis.com

IN A

216.58.212.202

tenor.googleapis.com

IN A

142.250.179.234

tenor.googleapis.com

IN A

172.217.169.74

tenor.googleapis.com

IN A

216.58.213.10
DNS

translate.googleapis.com

Remote address:

1.1.1.1:53

Request

translate.googleapis.com

IN A

Response

translate.googleapis.com

IN A

142.250.200.10
DNS

youtu.be

Remote address:

1.1.1.1:53

Request

youtu.be

IN A

Response

youtu.be

IN A

172.217.169.46
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1316
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:42:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.213.14
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.213.14
DNS

m.youtube.com

Remote address:

1.1.1.1:53

Request

m.youtube.com

IN A

Response

m.youtube.com

IN A

172.217.169.14
DNS

jnn-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

216.58.212.234

jnn-pa.googleapis.com

IN A

142.250.180.10
DNS

play.google.com

Remote address:

1.1.1.1:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

clients1.google.com

Remote address:

1.1.1.1:53

Request

clients1.google.com

IN A

Response

clients1.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
DNS

yt3.ggpht.com

Remote address:

1.1.1.1:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.193
DNS

i.ytimg.com

Remote address:

1.1.1.1:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246
DNS

consent.youtube.com

Remote address:

1.1.1.1:53

Request

consent.youtube.com

IN A

Response

consent.youtube.com

IN A

142.250.187.238
DNS

static.doubleclick.net

Remote address:

1.1.1.1:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

172.217.169.38
DNS

googleads.g.doubleclick.net

Remote address:

1.1.1.1:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.2
DNS

tpc.googlesyndication.com

Remote address:

1.1.1.1:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.187.193
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

172.217.169.74

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

142.250.178.10

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

216.58.212.202

semanticlocation-pa.googleapis.com

IN A

216.58.212.234
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240720
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1317
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Thu, 01 Aug 2024 02:42:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html

142.250.200.40:443

ssl.google-analytics.com

tls

1.5kB
6.0kB
12
12
157.90.2.159:443

https://prog-money.com/file-log.html

tls, http

1.7kB
4.8kB
13
11

HTTP Request

GET https://prog-money.com/am.html

HTTP Response

200

HTTP Request

GET https://prog-money.com/file-log.html

HTTP Response

200
142.132.131.208:443

https://anmon.name/files/com.amon/MCh.apk

tls, http

3.5kB
73.4kB
47
58

HTTP Request

GET https://anmon.name/monitor_checker_link.php?ver=20240720

HTTP Response

200

HTTP Request

POST https://anmon.name/files/com.amon/MCh.apk

HTTP Response

200
142.132.131.208:443

https://anmon.name/files/com.amon/MCh.apk

tls, http

3.9kB
73.4kB
54
58

HTTP Request

GET https://anmon.name/monitor_checker_link.php?ver=20240720

HTTP Response

200

HTTP Request

POST https://anmon.name/files/com.amon/MCh.apk

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

tls, http

1.6kB
1.3kB
11
8

HTTP Request

POST https://anmon.name/common/api.php?tp=SendData&type=0&count=0

HTTP Response

200
142.250.187.206:443

tls, https

857 B
40 B
1
1
172.217.16.238:443

android.apis.google.com

tls

8.7kB
12.8kB
28
39
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

3.2kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
144.76.58.8:80

http://andmon.name/log.php

http

10.0kB
1.2kB
10
7

HTTP Request

POST http://andmon.name/log.php

HTTP Response

200

HTTP Request

POST http://andmon.name/log.php

HTTP Response

200
142.250.180.4:443

tls, https

429 B
40 B
2
1
142.250.180.4:443

www.google.com

tls

8.4kB
10.6kB
27
38
142.250.187.228:443

www.google.com

tls

1.5kB
5.8kB
12
13
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.9kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
172.217.16.238:443

android.apis.google.com

520 B
10
142.250.179.226:443

520 B
10
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
216.58.204.74:443

semanticlocation-pa.googleapis.com

tls

4.0kB
14.4kB
15
21
142.132.131.208:443

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

tls, http

1.6kB
1.3kB
11
9

HTTP Request

POST https://anmon.name/common/api.php?tp=SendData&type=0&count=0

HTTP Response

200
216.58.204.74:443

semanticlocation-pa.googleapis.com

tls

2.2kB
6.3kB
15
13
142.132.131.208:443

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

tls, http

1.6kB
1.3kB
11
9

HTTP Request

POST https://anmon.name/common/api.php?tp=SendData&type=0&count=0

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
173.194.76.84:443

accounts.google.com

100 B
60 B
2
1
74.125.206.84:443

accounts.google.com

tls

1.9kB
7.6kB
16
16
142.132.131.208:443

anmon.name

tls

5.3kB
197.0kB
76
151
142.132.131.208:443

anmon.name

tls

1.2kB
4.3kB
13
10
142.132.131.208:443

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

tls, http

1.6kB
1.3kB
11
9

HTTP Request

POST https://anmon.name/common/api.php?tp=SendData&type=0&count=0

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/api.php?tp=SendData&type=0&count=0

tls, http

1.8kB
1.6kB
11
9

HTTP Request

POST https://anmon.name/common/api.php?tp=SendData&type=0&count=0

HTTP Response

200
74.125.206.84:443

accounts.google.com

100 B
60 B
2
1
74.125.71.84:443

accounts.google.com

tls

2.1kB
7.5kB
20
16
142.132.131.208:443

anmon.name

tls

2.3kB
10.3kB
20
19
142.132.131.208:443

anmon.name

tls

1.0kB
4.1kB
8
7
142.250.187.202:443

g.tenor.com

tls

1.8kB
8.1kB
13
15
142.250.200.10:443

translate.googleapis.com

tls

2.4kB
40.2kB
25
38
142.250.200.10:443

translate.googleapis.com

tls

3.2kB
83.5kB
40
64
142.250.187.227:443

468 B
9
142.250.187.227:443

468 B
9
142.250.187.227:443

468 B
9
172.217.169.46:443

youtu.be

tls

1.1kB
7.6kB
9
7
172.217.16.238:443

android.apis.google.com

tls

1.8kB
5.9kB
8
10
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.250.187.206:443

www.youtube.com

tls

5.3kB
41.0kB
49
68
142.250.187.206:443

www.youtube.com

tls

1.1kB
7.6kB
9
8
172.217.169.14:443

m.youtube.com

tls

46.3kB
1.5MB
357
1224
74.125.71.84:443

accounts.google.com

tls

8.7kB
254.5kB
108
209
142.250.187.206:443

www.youtube.com

tls

2.1kB
8.3kB
14
14
142.250.179.234:443

jnn-pa.googleapis.com

tls, https

12.7kB
40 B
6
1
216.58.204.74:443

jnn-pa.googleapis.com

tls

7.5kB
101.9kB
63
108
142.250.179.234:443

jnn-pa.googleapis.com

tls, https

12.7kB
40 B
6
1
142.250.179.238:443

play.google.com

tls

2.0kB
8.6kB
15
17
142.250.179.238:443

play.google.com

tls

1.2kB
7.7kB
12
9
142.250.179.238:443

play.google.com

tls

9.3kB
14.1kB
38
54
172.217.16.238:443

clients1.google.com

tls

1.8kB
8.4kB
14
15
142.250.180.4:443

www.google.com

tls

2.1kB
27.9kB
21
27
142.250.187.193:443

yt3.ggpht.com

tls

4.8kB
79.4kB
55
87
172.217.16.246:443

i.ytimg.com

tls

2.0kB
27.7kB
19
27
142.250.187.238:443

consent.youtube.com

tls

2.1kB
9.6kB
15
16
172.217.169.38:443

static.doubleclick.net

tls

1.9kB
6.3kB
12
13
142.250.200.2:443

googleads.g.doubleclick.net

tls

3.2kB
7.8kB
20
24
142.250.179.234:443

jnn-pa.googleapis.com

tls, https

128 B
40 B
2
1
142.250.180.10:443

semanticlocation-pa.googleapis.com

tls

2.0kB
6.2kB
12
14
142.250.179.234:443

semanticlocation-pa.googleapis.com

tls, https

128 B
40 B
2
1
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.7kB
1.4kB
10
9

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.250.180.10:443

semanticlocation-pa.googleapis.com

tls

2.0kB
6.2kB
12
14

224.0.0.251:5353

4.4kB
19
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.200.40
1.1.1.1:53

prog-money.com

dns

60 B
76 B
1
1

DNS Request

prog-money.com

DNS Response

157.90.2.159
1.1.1.1:53

anmon.name

dns

56 B
72 B
1
1

DNS Request

anmon.name

DNS Response

142.132.131.208
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.16.238
1.1.1.1:53

andmon.name

dns

57 B
73 B
1
1

DNS Request

andmon.name

DNS Response

144.76.58.8
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.228
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
336 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

216.58.204.74

142.250.187.234

172.217.169.74

142.250.187.202

216.58.212.202

172.217.169.10

216.58.212.234

142.250.200.42

216.58.201.106

142.250.180.10

142.250.179.234

216.58.213.10

172.217.169.42

142.250.178.10

172.217.16.234

142.250.200.10
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

173.194.76.84
1.1.1.1:53

anmon.name

dns

56 B
72 B
1
1

DNS Request

anmon.name

DNS Response

142.132.131.208
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.206.84
1.1.1.1:53

update.googleapis.com

dns

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

142.250.200.35
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.206.84
1.1.1.1:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.71.84
1.1.1.1:53

anmon.name

dns

56 B
72 B
1
1

DNS Request

anmon.name

DNS Response

142.132.131.208
1.1.1.1:53

g.tenor.com

dns

57 B
312 B
1
1

DNS Request

g.tenor.com

DNS Response

142.250.187.202

142.250.187.234

172.217.16.234

142.250.178.10

142.250.200.42

142.250.200.10

216.58.201.106

216.58.204.74

142.250.180.10

172.217.169.10

216.58.212.202

142.250.179.234

172.217.169.74

216.58.213.10
1.1.1.1:53

translate.googleapis.com

dns

70 B
86 B
1
1

DNS Request

translate.googleapis.com

DNS Response

142.250.200.10
1.1.1.1:53

youtu.be

dns

54 B
70 B
1
1

DNS Request

youtu.be

DNS Response

172.217.169.46
1.1.1.1:53

www.youtube.com

dns

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.187.206

172.217.169.78

216.58.204.78

172.217.16.238

216.58.212.238

216.58.201.110

142.250.200.46

142.250.178.14

142.250.180.14

142.250.179.238

216.58.212.206

142.250.187.238

142.250.200.14

216.58.213.14
1.1.1.1:53

www.youtube.com

dns

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.187.206

142.250.200.14

142.250.179.238

142.250.187.238

216.58.212.206

142.250.180.14

172.217.16.238

216.58.212.238

142.250.178.14

216.58.204.78

172.217.169.78

142.250.200.46

216.58.201.110

216.58.213.14
1.1.1.1:53

m.youtube.com

dns

59 B
75 B
1
1

DNS Request

m.youtube.com

DNS Response

172.217.169.14
1.1.1.1:53

jnn-pa.googleapis.com

dns

67 B
323 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.204.74

172.217.169.10

216.58.201.106

142.250.179.234

142.250.187.202

142.250.200.42

142.250.200.10

172.217.169.42

216.58.213.10

142.250.178.10

216.58.212.202

172.217.16.234

142.250.187.234

172.217.169.74

216.58.212.234

142.250.180.10
1.1.1.1:53

play.google.com

dns

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
1.1.1.1:53

clients1.google.com

dns

65 B
105 B
1
1

DNS Request

clients1.google.com

DNS Response

172.217.16.238
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
1.1.1.1:53

yt3.ggpht.com

dns

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.187.193
1.1.1.1:53

i.ytimg.com

dns

57 B
297 B
1
1

DNS Request

i.ytimg.com

DNS Response

172.217.16.246

172.217.169.22

172.217.169.86

142.250.179.246

142.250.180.22

142.250.178.22

216.58.204.86

142.250.200.22

216.58.201.118

216.58.212.246

142.250.200.54

216.58.213.22

216.58.212.214

142.250.187.214

142.250.187.246
1.1.1.1:53

consent.youtube.com

dns

65 B
81 B
1
1

DNS Request

consent.youtube.com

DNS Response

142.250.187.238
1.1.1.1:53

static.doubleclick.net

dns

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

172.217.169.38
1.1.1.1:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.2
1.1.1.1:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.187.193
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
304 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

142.250.180.10

172.217.169.74

216.58.201.106

142.250.200.42

142.250.187.202

142.250.200.10

142.250.178.10

142.250.187.234

142.250.179.234

172.217.16.234

216.58.204.74

172.217.169.10

216.58.212.202

216.58.212.234

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/xspcmj.qiegf/databases/SettingsDB

Filesize
124KB

MD5
9cf7e03179a00e0097bb8292c310a7f8

SHA1
8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

SHA256
b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

SHA512
1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB

Filesize
96KB

MD5
2ed4c38fb0e20b20dba8213671024cfb

SHA1
4bf83a07b994be92a004fc9fe05f3817c2f65184

SHA256
9ee1273c7c7064ff86cba228a6faf61a201ed13b2a6c71745716ccfbfd78b7c5

SHA512
6b1a9e1a95c3b13c5da4183b46bbe2e1bd18dd67418597eba4e75fc8e9faf6a91040a5d44e0794ca0cc50fc34311434c6d27c5929f25489eb468c3ac574180a2

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB

Filesize
96KB

MD5
254639f9bcfbfaf2062503ed7e53fd54

SHA1
03333625dfb103f0eab652bf463783f9a5735280

SHA256
6c618ef45f1fedefe564a99fc26bb96b7b5e92ffb403097980834f95490ddfa3

SHA512
74f9ed166ccc9aa0de21f7bb16903f57f4f16367b5eb2c267a88ed26b8e148e62dab25d0c66814757154dd0d19df92f930d02b0fd837567468fe3e38e46d46ef

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB

Filesize
96KB

MD5
272d9a2e6d13866fcc358ef7d595199f

SHA1
6ece6a85e31ad33696ca71db4c89de74925ccb06

SHA256
d794f20f4e8f482a92e454a6292879bd89f3e8e56c3b6925fb4d0328573a16c8

SHA512
92e04e401fb3917cd598c8b3f3db2695db75d1fda3b0afe167cc91c64e42f051bb00bc61525a791fcb0911bc30e06b02054c38efeb1f918b26bb1641ce0031c8

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB

Filesize
96KB

MD5
006b896d29597da602652582a6b7b4e2

SHA1
ed671273d87c7380a3f6e65f74dfb33adb96a56c

SHA256
7e9957adfdd5195b346965e20164fdfabff46c415651eb6f6403978ba78b687c

SHA512
642d6779d692f9456fe318c51723ec7ccb38edfa9e0cebd6abfd9abf43d1ffa43f8fec9a97e212edb9c055d892ba704364f7063f031a9f8aa50bdcc9c05ae1cb

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB

Filesize
160KB

MD5
e47b443701d9c868f469bd67c73c2a60

SHA1
a66d64f0bebb8b8013d82010c66b13ac37705528

SHA256
5cb5ee52841ea4dec403064b311398d79dd072c1e1b2bebd9baaea011eeb03fe

SHA512
2bd825a94e21e4c41ec4be671695c27e897f0cddc825bf1d66972d7ee81f5e890555571d633c596d84c3eb02fcc804010590346611a4f168d01b2aa038fe7c0e

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB-journal

Filesize
512B

MD5
8a1d4ff6f8a8e112a82c094ea8b1b0e3

SHA1
556918378138cd192014d3b8fa13302631145e68

SHA256
b296794da739bb39898dd1e909b76cf68eb5945334ab620e550ac4ae02690add

SHA512
6743012cfcc256c8a2fc1e42d84cd0ea4c94ba8e10f7cfc2543bc0661956bd390919b89cb05af0ce746319db9e839764fac33d811dd4213b6e58dbc5f74383a1

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB-journal

Filesize
8KB

MD5
b25b027d7a128612f8eb7edfba24c14d

SHA1
4633c87dbaf4fab1e983ea0247913b4b6953e343

SHA256
968cb77ea198abf6bbb25e78c7bc3071974f6f5fb0c57c7bf98e5aa139d5da91

SHA512
f00b01acd13fb377e1377895c2d7b26887d29c35fa81f3febbc009a0dbb5d1ec5c5a4406040152c5ef2b36ded90cd9a2c3e321ae89f0bf5a026bcd9ef6bf23bf

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB-journal

Filesize
4KB

MD5
a37305f2436b493f9b84deae1c0eece1

SHA1
7fcee3b69bb968231c45c912c78aa31c713f6e8a

SHA256
c7d306b17aff7b26d8139ba3cac734469b6207a4d97f2397e358506b7d87706a

SHA512
f7044e3cfffd48cafed8e3b53c53dc31c55af7d8abdd35a3f5a8e12e3d745a0d7d1a69298b58ecd5e7b93fdc3bf841d697550dca7a4b84e0d965d0e69fc2b05b

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB-journal

Filesize
8KB

MD5
c3d4d029a00f6a0525c448510a148841

SHA1
f992b5e85fa1c4f50498001225a1ab2a1efd57e8

SHA256
1435f10f67e0f6ab061811623c252fcccc52850f7f704b2be464946bf2796847

SHA512
bdc4cdcc1eb7a1b47e4859dde3979b661583f3f6a9662eb7658a2ba4969219085e9e7a9deed6e119572d0d08bad3003845f303fc2ddb480ff2ea81d1eb6d7f8c

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB-journal

Filesize
12KB

MD5
ea3f31bb2f0bbe6fb7102d0ac23e00a4

SHA1
f8b4843c54aac4f5dc191119279be5a76a922b72

SHA256
ee5bffa3dedcc919237b53cc923573ba459c05ddf3c85d1e6c30b1ffdfb974ad

SHA512
21f4ed73f602c497fc387530841b51a63b0ce52b4a84ba4885db4d773e5a67636f8b274c613e6178afd1eeda967955b8c99c3f28da16e12a3a8746bfe6f62de5

Download Submit
/data/data/xspcmj.qiegf/databases/SettingsDB-journal

Filesize
20KB

MD5
f93cb376357ca1e1f56811ca4e9ae536

SHA1
1d77e99d96de67d21023a41e65e7eec4d6e6be64

SHA256
a7add416127b33a77cce331bcf4944a33e5218778ad0c6e499015f7e20b61a73

SHA512
ebe39ccb53216188c39bed4d90ee60de22dd491abdeac8c3b089a66ec3118e2cc828c087a2dc3c41fe8f5f91bf080bdaf0dfd773259db8cc46b2bb02c5102e90

Download Submit
/data/user/0/xspcmj.qiegf/Anonymous-DexFile@1796898644.jar

Filesize
2.6MB

MD5
3bca1a576ba29bd493e42938a489aa5d

SHA1
0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

SHA256
b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

SHA512
39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

Download Submit
/data/user/0/xspcmj.qiegf/Anonymous-DexFile@2791401983.jar

Filesize
1.2MB

MD5
336921950a9f279733cd787f1203d73d

SHA1
cefc36a7c17909054cf2a507b34f545af96c0e36

SHA256
c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

SHA512
6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
8aa5d8f3622ac78fa2cc58d58c87dfaf

SHA1
33071f0a26c21320a749a25a5e94a694aaf346de

SHA256
db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

SHA512
0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
51112e0a7f7962a8e02bc885025414ef

SHA1
40622959af4fe349d8881c885b9b30441de8804c

SHA256
2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

SHA512
f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
173B

MD5
8ca0dfa10d01a66c4060db732b85fc46

SHA1
8745295499e482415e1f72098518cbf75243cc4e

SHA256
a52b3e558ecd5a2580732f7fe61bb9798b872b0885bbed134944dd444514d866

SHA512
9e9ce651f26475d43326a28bd7f303c10b0753c5445dae8504821925bc07970c956b3a4356fac53de411aa1d0c2c78cf6ab1604b101cb1301eb452f58677c127

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
152B

MD5
dc9294b6f5a76270b3d324079a16e944

SHA1
42d329ce4b8b79145d180b67368e6b57752fe699

SHA256
0cff07f0d27a2a4b3ff10479a1cc64e0ee966814fa93b6e527cceae4368c5701

SHA512
65cd78e35a8b3ad03c009aba8ecad1a4be7f0c13293387e3a0be567339ad8919788dfd3d4f98b5bbcc1f497b0b016f590c032c3791bc8f9fdc4fc0133e628705

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
4KB

MD5
7fe514398aa20ea73f1d4e8ba835d0e9

SHA1
3cfa2f4069b136436f73b848792997a0b85454bb

SHA256
ba8a2577916154297dcae3061ffa8da6ac2753365e5fec023d3334a7d19c4bc2

SHA512
835a247052053a2fb5e7db31193d30e16d314a290ca22d99d6ab7987842febf07ebfa8784c81662eef3b702a7c070d59f135aa82a68ec36de070f5999ce1a50f

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
64B

MD5
e1a5e5084577113916a9d1c8a121206c

SHA1
92c93aed49ab7acb55a1aeef4a96281f7842f169

SHA256
c8c7981ba2a49fd8880b53e2228de3b9defb71bc2a4297aedf71e150df89c6a9

SHA512
016282c4d699dcccb1ab01fe59b1365b6b6749c297e584febddfcad494833530e5262634039fe2d59cca134661e872f0c80a0413b1a7946bf002b2a9d33eea95

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
72B

MD5
968003083313e238794808089ba71391

SHA1
ffc1790620e4fd382c2f6fc8383fd0465a592e86

SHA256
092527e1d84742d0376ba15b18e6637b5fd1026dcff8e4c5b72a287a051c5d4a

SHA512
34b8717fffc7061f40258bd1d92137f643bf7384849297c41f0b2aff158d6e2b6c4ba4b09eeb1ad6e6e10ee4ff6af6a0c211d5ed813a553059610963244aedae

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
156B

MD5
ebddd3fffbcd8e60c23d61957933e55b

SHA1
550ddf64df14e7a8c4bb1c56463123d369525866

SHA256
10defc9d6d0480b0163c2d3e02d02e7227592c6c8d8c533e035ebd82dad19a55

SHA512
ebd5fb539ed6e5fc7076e018762011578568635bb0ad27b40284606018085fa8b678d0fc2502d476cae42fa21d84542eb769b0cc3aafbf8295018a17ed276a09

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
129B

MD5
aa7ef15280f7d3713bd6b1f6b1966084

SHA1
19353a23ef3ca4ba96ce1098b17a976ada464b0f

SHA256
80d86713ef2fe37a198b39002b1dc48e2b9f6f24d44878cb8d1591d36c4e83a7

SHA512
32f25f646778a07afed4d45e146c4a15868fc868434356770f4aaa7dbcbf712717317876e346c3cdfce8405a007dba5090a2f3dd3db780b7af158335273c3be1

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
27KB

MD5
f438ff5af29a8b353cbf497eaa6e6220

SHA1
0bf35d084e42c5612f0690701e780de2d8433c6f

SHA256
49abdd2bbcb54f6f199679a89ce7d6877f6ad5d5672e86f5bcc9ae527babb5f3

SHA512
8b279c59ed88fb586cee62d234a2eb2fc86ea9641238b6b9253e993ac7c039caddbc5b3f603613f8f1b54d7d316edf0149ef84162d0a421d9d450d108c9e219f

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
2a0bf36264673dc90ba51561c80eb6f4

SHA1
88ccab96722bbe26a6d300d2fbdc6ac1d3ee2384

SHA256
b01795d47b09eee67cfb26e41801e71b0eacac3c2749b74b2a1e952e5fec1aa4

SHA512
c61dfd5f5fc9c6f0a7feba10f0e5fd8fcdf8c81915cf34aca2b181630b9f6034af28b7d83787badacc9314b36286b94eafe53af7b4203858d29dcb4751e192e9

Download Submit
/storage/emulated/0/.am/log_1722479876381.txt.zip

Filesize
220B

MD5
92cbd834c95bb48b860cfbc12992c930

SHA1
8c492aecd9b90094c4412f6281f650187eefc4a1

SHA256
7b4c78cf08bfbb069e722a66da0abe848b52080dd7e830c8d2bc2a8a7ff6940f

SHA512
ce4bbfbf719f027e3a180c408b59100cd2d9ace56f37b8eba5560b6edb2da50671f6c1ba9275f691d04cfb5ad7ed7d59dd823110a86344601ffb57758da10aea

Download Submit
/storage/emulated/0/.am/mch.apk

Filesize
62KB

MD5
d98f3f26a11ae6315131da68ba59aa79

SHA1
1fb42fbc17421e687787b7be5e051c4a3bb0afef

SHA256
4de635c69244dbd1f41560eaee6751967f98d0011714cd07f24b8dea57cd30ed

SHA512
aab7c373de637d9ffddb2e2531b7f3d9af0ec7e237ad7759affa506b88583e1f03b23066215c99c909cbaf5024a61fd2149ee6737a5e137b3423378d0d6f5c9f

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
72B

MD5
fda9182e3ed7babfe6cdfb2fc79f91a4

SHA1
63c41d4facdb15262581b9096fef50492c48c801

SHA256
d09df77525b05a62e89c70cc207651dd416cf2b9a73d0ac5b37db77e93325803

SHA512
8554dbe745a8b52ee7cce25f4cd6ed4a92601223b616ad8357bcce09a9907b09dab3042220d2c41649b3b70b409124c1c2c8efac855c10d8c347c662bb3f98d7

Download Submit
/storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request