Analysis

  • max time kernel
    317s
  • max time network
    335s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    01-08-2024 02:37

General

  • Target

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk

  • Size

    20.5MB

  • MD5

    662a29140ea32f87a19fa76996137563

  • SHA1

    cd0a4bd3abbf0fe2773a9c7a7a589a0609582219

  • SHA256

    960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4

  • SHA512

    511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c

  • SSDEEP

    393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08

Malware Config

Signatures

  • AndrMonitor

    AndrMonitor is an Android stalkerware.

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Removes its main activity from the application launcher 1 TTPs 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 18 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • xspcmj.qiegf
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4472

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.238
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.16.232
  • flag-us
    DNS
    prog-money.com
    Remote address:
    1.1.1.1:53
    Request
    prog-money.com
    IN A
    Response
    prog-money.com
    IN A
    142.132.131.208
  • flag-de
    GET
    https://prog-money.com/am.html
    Remote address:
    142.132.131.208:443
    Request
    GET /am.html HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-length: 0
    Content-Type: application/json; charset=utf8
    Accept-Encoding: gzip
    Host: prog-money.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:10 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Last-Modified: Fri, 24 May 2024 22:02:34 GMT
    Accept-Ranges: bytes
    Content-Length: 17
    Keep-Alive: timeout=5, max=100
    Content-Type: text/html
  • flag-de
    GET
    https://prog-money.com/file-log.html
    Remote address:
    142.132.131.208:443
    Request
    GET /file-log.html HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-length: 0
    Content-Type: application/json; charset=utf8
    Accept-Encoding: gzip
    Host: prog-money.com
  • flag-us
    DNS
    anmon.name
    Remote address:
    1.1.1.1:53
    Request
    anmon.name
    IN A
    Response
    anmon.name
    IN A
    142.132.131.208
  • flag-de
    GET
    https://anmon.name/monitor_checker_link.php?ver=20240720
    Remote address:
    142.132.131.208:443
    Request
    GET /monitor_checker_link.php?ver=20240720 HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-length: 0
    Content-Type: application/json; charset=utf8
    Accept-Encoding: gzip
    Host: anmon.name
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:10 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/files/com.amon/MCh.apk
    Remote address:
    142.132.131.208:443
    Request
    POST /files/com.amon/MCh.apk HTTP/1.1
    User-Agent: AM/20240720
    Connection: close
    Content-Type: application/x-www-form-urlencoded
    Host: anmon.name
    Accept-Encoding: gzip
    Content-Length: 0
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:10 GMT
    Server: Apache
    Last-Modified: Thu, 06 Jul 2023 22:25:11 GMT
    Accept-Ranges: bytes
    Content-Length: 65911
    Connection: close
    Content-Type: application/vnd.android.package-archive
  • flag-de
    GET
    https://anmon.name/monitor_checker_link.php?ver=20240720
    Remote address:
    142.132.131.208:443
    Request
    GET /monitor_checker_link.php?ver=20240720 HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-length: 0
    Content-Type: application/json; charset=utf8
    Accept-Encoding: gzip
    Host: anmon.name
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:10 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/files/com.amon/MCh.apk
    Remote address:
    142.132.131.208:443
    Request
    POST /files/com.amon/MCh.apk HTTP/1.1
    User-Agent: AM/20240720
    Connection: close
    Content-Type: application/x-www-form-urlencoded
    Host: anmon.name
    Accept-Encoding: gzip
    Content-Length: 0
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:10 GMT
    Server: Apache
    Last-Modified: Thu, 06 Jul 2023 22:25:11 GMT
    Accept-Ranges: bytes
    Content-Length: 65911
    Connection: close
    Content-Type: application/vnd.android.package-archive
  • flag-de
    POST
    https://anmon.name/common/api.php?tp=SendData&type=0&count=0
    Remote address:
    142.132.131.208:443
    Request
    POST /common/api.php?tp=SendData&type=0&count=0 HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 126
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:12 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1697
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:18 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    GET
    https://prog-money.com/file-log.html
    Remote address:
    142.132.131.208:443
    Request
    GET /file-log.html HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-length: 0
    Content-Type: application/json; charset=utf8
    Accept-Encoding: gzip
    Host: prog-money.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:19 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Last-Modified: Fri, 24 May 2024 22:02:36 GMT
    Accept-Ranges: bytes
    Content-Length: 26
    Keep-Alive: timeout=5, max=100
    Content-Type: text/html
  • flag-us
    DNS
    andmon.name
    Remote address:
    1.1.1.1:53
    Request
    andmon.name
    IN A
    Response
    andmon.name
    IN A
    144.76.58.8
  • flag-de
    POST
    http://andmon.name/log.php
    Remote address:
    144.76.58.8:80
    Request
    POST /log.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    ENCTYPE: multipart/form-data
    Content-Type: multipart/form-data; boundary=TQ34KzFp4N5p
    Host: andmon.name
    Accept-Encoding: gzip
    Content-Length: 1098
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:19 GMT
    Server: Apache/2
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    X-Powered-By: PHP/5.6.31
    Vary: Accept-Encoding,User-Agent
    Content-Encoding: gzip
    Content-Length: 109
    Keep-Alive: timeout=2, max=100
    Content-Type: text/html; charset=UTF-8
  • flag-de
    POST
    http://andmon.name/log.php
    Remote address:
    144.76.58.8:80
    Request
    POST /log.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    ENCTYPE: multipart/form-data
    Content-Type: multipart/form-data; boundary=CeD1qXOwZhhB
    Host: andmon.name
    Accept-Encoding: gzip
    Content-Length: 7755
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:38:19 GMT
    Server: Apache/2
    X-Powered-By: PHP/5.6.31
    Vary: Accept-Encoding,User-Agent
    Content-Encoding: gzip
    Content-Length: 99
    Keep-Alive: timeout=2, max=99
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1355
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:39:07 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:39:48 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:40:18 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:40:48 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:41:18 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:41:48 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:42:18 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1274
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:42:48 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-de
    POST
    https://anmon.name/common/get-settings.php
    Remote address:
    142.132.131.208:443
    Request
    POST /common/get-settings.php HTTP/1.1
    User-Agent: AM/20240720
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 1275
    Host: anmon.name
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Thu, 01 Aug 2024 02:43:18 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=5, max=100
    Transfer-Encoding: chunked
    Content-Type: text/html
  • 142.250.179.238:443
    tls, https
    1.5kB
    40 B
    1
    1
  • 142.250.179.238:443
    tls, https
    1.5kB
    40 B
    1
    1
  • 142.250.179.238:443
    android.apis.google.com
    tls
    6.4kB
    9.5kB
    27
    26
  • 172.217.16.232:443
    ssl.google-analytics.com
    tls
    1.6kB
    6.0kB
    13
    12
  • 142.132.131.208:443
    https://prog-money.com/file-log.html
    tls, http
    1.7kB
    4.6kB
    13
    11

    HTTP Request

    GET https://prog-money.com/am.html

    HTTP Response

    200

    HTTP Request

    GET https://prog-money.com/file-log.html
  • 142.132.131.208:443
    https://anmon.name/files/com.amon/MCh.apk
    tls, http
    3.5kB
    73.0kB
    46
    51

    HTTP Request

    GET https://anmon.name/monitor_checker_link.php?ver=20240720

    HTTP Response

    200

    HTTP Request

    POST https://anmon.name/files/com.amon/MCh.apk

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/files/com.amon/MCh.apk
    tls, http
    3.2kB
    73.3kB
    42
    56

    HTTP Request

    GET https://anmon.name/monitor_checker_link.php?ver=20240720

    HTTP Response

    200

    HTTP Request

    POST https://anmon.name/files/com.amon/MCh.apk

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/api.php?tp=SendData&type=0&count=0
    tls, http
    1.6kB
    1.3kB
    11
    8

    HTTP Request

    POST https://anmon.name/common/api.php?tp=SendData&type=0&count=0

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    3.2kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://prog-money.com/file-log.html
    tls, http
    1.4kB
    1.2kB
    11
    7

    HTTP Request

    GET https://prog-money.com/file-log.html

    HTTP Response

    200
  • 144.76.58.8:80
    http://andmon.name/log.php
    http
    10.1kB
    1.2kB
    16
    8

    HTTP Request

    POST http://andmon.name/log.php

    HTTP Response

    200

    HTTP Request

    POST http://andmon.name/log.php

    HTTP Response

    200
  • 142.250.187.196:443
    tls, https
    436 B
    40 B
    2
    1
  • 142.250.187.196:443
    www.google.com
    tls
    11.3kB
    11.7kB
    33
    39
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.9kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.250.180.2:443
    tls
    135 B
    40 B
    2
    1
  • 172.217.16.227:443
    tls
    135 B
    40 B
    2
    1
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.8kB
    1.5kB
    12
    11

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 142.132.131.208:443
    https://anmon.name/common/get-settings.php
    tls, http
    2.7kB
    1.4kB
    10
    9

    HTTP Request

    POST https://anmon.name/common/get-settings.php

    HTTP Response

    200
  • 224.0.0.251:5353
    3.7kB
    11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    109 B
    1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.238

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
    86 B
    1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.16.232

  • 1.1.1.1:53
    prog-money.com
    dns
    60 B
    76 B
    1
    1

    DNS Request

    prog-money.com

    DNS Response

    142.132.131.208

  • 1.1.1.1:53
    anmon.name
    dns
    56 B
    72 B
    1
    1

    DNS Request

    anmon.name

    DNS Response

    142.132.131.208

  • 1.1.1.1:53
    andmon.name
    dns
    57 B
    73 B
    1
    1

    DNS Request

    andmon.name

    DNS Response

    144.76.58.8

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xspcmj.qiegf/Anonymous-DexFile@1796898644.jar

    Filesize

    2.6MB

    MD5

    3bca1a576ba29bd493e42938a489aa5d

    SHA1

    0e5d4bc3a7daf6864fb3076e6c1e9685e254efd9

    SHA256

    b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce

    SHA512

    39a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0

  • /data/user/0/xspcmj.qiegf/Anonymous-DexFile@2791401983.jar

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    124KB

    MD5

    f15335a640f24813c9b345c99da7e16d

    SHA1

    a0e7fdc85b3c1420bf342676be577f146f5dce49

    SHA256

    6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

    SHA512

    5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    183e5504d0fd94e458acd4df46842353

    SHA1

    6b1220bb3ef372f9208aec106d74ffa33dad4c5c

    SHA256

    5c4af264700455ecef224518aef1396cee7c371e8e93fb6b411336ad4343a277

    SHA512

    7de8d77d313fbd4760df0952327a2f306c602574d9fdcbdce7c2d1daea7853c88f909b4e6aeccd93689f0cdb42adefa27d27efbba8ced4c14a579b8d7e28c088

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    d4b0a2bae91b82a9314907b0bae6fc9f

    SHA1

    094b502dd758e388a203347505b0d342cbdedc46

    SHA256

    293cc29670d871b0c121bc08fbf6d5bd8394bf0c398dcfdbddb78dc7aacba8a1

    SHA512

    e5e40d4823a6a1830b8623e985950d856e87312d47cb62be0a1781645c2bf77ae5a88b016ffb558f1824389d4577b3b4605f2566838f11b34fdafddae669eee9

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    5cf55a4f6e2f7e6ab87008a9d61a1f5b

    SHA1

    8b3ac467c06d1643d7975876b76ba04439dc2142

    SHA256

    4826498bfb2941195749f24e65adc9d60f6debb6417d0e8901072d4a4b894a96

    SHA512

    9af9fcd0df61655a3cb3d3370832260c489222a7e2d2506d5499ae3a5dc3fa6343bd6b2dc7dd8d348880e748e00027f0bee5facce5f0afc83133428f1e02e652

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    96KB

    MD5

    300ae4baadaa708d22ebb9dae6b01104

    SHA1

    7c2556085379f83e4ea70b0dd7c1dfc390ef6d28

    SHA256

    c59504feea550d2c25166d3fb37f25898c75f509e48475fd038f90955172c09a

    SHA512

    bd53dc5e6477e443ade0c4dd8faec5216315dc195543e46575d7f6c42dff0423b7002acd9455d359eab1f0679efdef6d1326151fdc3b0b369dfeb9641777e82f

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB

    Filesize

    172KB

    MD5

    856832983f514c6944e01a98ca7ff61e

    SHA1

    b28f93eed4f8b324874283206678582b3f28bfa5

    SHA256

    321b1369d1cf521bdb79e458fa5f196bfd14afd55f5b7d129eb3500233ad28c4

    SHA512

    e54c20a62d0226e5bdbd65139b6967be515b3e94dd03f257b2a12b4f7a055d5849bb27ed4d51fa2ae54ff47cf2c474689089a07168aae50badc2c10008cc4364

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    89aab6c6cca2d942dde1afd4f3f736d3

    SHA1

    ad0d7c815bb8d3bd266d44eee9cd7769a1a0a384

    SHA256

    ccfdcf4f242b013cb077919c299322d8ecd6ff924d0a2b7a490ce6047d0af619

    SHA512

    7ee3b934a8f9a927debffe0d81abe00770f3ef8a4dfd90c78a2a7440dc7baf5898b33e57b410eb819de77ab1d99831a3a9dd41048fa6ec324039b324f9ba38b8

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    1ad501bc07ab137479470d5e5f22fce7

    SHA1

    46ba56d9bedfccd54c72106aba1eb1896e3a55a8

    SHA256

    8fc42ce85e89cc7c767e531829cae15a79e81dee53ad4f0188c60a9585b37c7a

    SHA512

    29dffa1b81cfac95c2ce1b254d8b53dfa86b45dde87bf40d8d0456590e63a2efe24a9b8d38823c8c64e0654c57fc3ca65669f079862a58b20130054578d094a8

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    3f0feacc5fa6436015f8a3e69160bc0f

    SHA1

    a3b6f58c2c73c99c26f93f4d6d765fbe94d8e8ae

    SHA256

    c71b7de79779c9d85267120baef20a91220a32730a40aad2cdf76adb4c2094aa

    SHA512

    221af4a4ba7a4234f4020050e672a525cf78a459f22cac7683d9d34b264a5b7bf039cf3df4faddc3619b99837b9e1747f96ff985e39f420214b89cdfac727544

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    14447d3fa4314d016eb33087393e4aa6

    SHA1

    85d61f57cb53dc766167e5a42e3cc16c83b1bdd4

    SHA256

    f097e6b3c95f7e10d4606d71686622e66a36cf997c609485f6adcee6110b5972

    SHA512

    0ee431a3295a828b3a24b75a602485e7a9535d8dfd4b22fcfaf3a4ed3403f1128ed71bca6a5f729dfffd776f4073b93e2ecf818fee94841fe6822b7262a23b25

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    c92e56281f8a7c538f71a8f0e0fb5254

    SHA1

    ae4c1b779543b9242bf0cd61fb058463d88d660d

    SHA256

    b198c59c692e6f78d3c7c3b9d0a13b85f3af6767132c16ef4e3c68e68ac7b677

    SHA512

    63a55aeaa14d16b30558b7b7aa34d76baf77539b73945be4783b1d32c4bb608e8b3f8069659b308f1dcaf7cbfa2eba7d3321aeb0327cefe5dd95f6581224197b

  • /data/user/0/xspcmj.qiegf/databases/SettingsDB-journal

    Filesize

    24KB

    MD5

    b59909c93500e1843a79d5df80b5c6b1

    SHA1

    49cdab1fc3ad9a55631adfb5f2d30d19e8f62c2e

    SHA256

    7a53bcfff686b1e03ac73e91588373a2140f3ecbd9798ec4b061f3b360dc3496

    SHA512

    d1fa1af66c12ae23d36eefdcab2aa9add7713f2f3ac10a3868a58569f075f3264e5f0db23d21a4aa0ed09678f91d33f37e291be2050436cd1705ff9de987632d

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    8aa5d8f3622ac78fa2cc58d58c87dfaf

    SHA1

    33071f0a26c21320a749a25a5e94a694aaf346de

    SHA256

    db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326

    SHA512

    0ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    53ac7873171e0776b129b1f74ae0ed12

    SHA1

    1eb47347f3033110c4dff24489f153cd4712c194

    SHA256

    b4e8b2a82a6accc9a34752abd6fe3814bd0f896eea7cb5fc176bf82b9d9b4d19

    SHA512

    eff1fdf80c716799fce0d01ee9bfc50c4489faf46d201b0b6a298d47e322a1752abda9c24fd916cf09470041a68f467cfa907e74c05c9feadcaaacfe25803ab3

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    4509a619c3164f94cee79c2253583933

    SHA1

    24633f6c765803900efb0bc06923f439f09cb482

    SHA256

    2ab51fd5ce12c4fded5ed6f8ffe3f051f6202a5c98639960279c5314e970c769

    SHA512

    388a464e296be8ad3cecf37e5b032600f3cbb324e9c7344b522334a8ad6ff0119c9b6926808def728556d4b16a937a96738367e80a580bb36359189c61875a70

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    fc3e046fd764b0f7898d4726ba68555e

    SHA1

    a7d88d1adb9bbde30eb5ddff1d1ded3a08954a75

    SHA256

    e199badee1f1aaf35c5fb47b5d3ef8ddbdb7c12c93a1767227d4accb26fc86ec

    SHA512

    34159c322f997caf8be18b763ad1902fd1e476ea62e51619a39e71191424338cb7c040acdb87c750a7050ea6125d14df3fc760a5ad693b63f605b03171ce95ba

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    343e3828fec966a1c62bb07f822f7dc3

    SHA1

    4e9da114485037febffbc126ae79c70e6a0cb5b4

    SHA256

    76421e005c25bd267135306cc0bdf2201258df59c92eb8baf4ee8d515bfda450

    SHA512

    fb7b5dbd7d65286849d832e1dbe97b264b170e843dc2863019508b7bceaee06f8adb2ecba37b652f6532bf5d8feec36c4cfffafcd43b80bde6f17a73abecc31b

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    6e468ab338dbce9d9d950add065efa7c

    SHA1

    42628799478f9bb463cb6dc3bb37d06b9a370143

    SHA256

    d853e5496e18574d60376843f925d837f2fca54b9fcb426c84c57ae3dbb54c6e

    SHA512

    4b718790f213b5be943f3d08e192456f5ef1b0f5a0bb5cf8af8b3ab20f3807cc3c3fdfc67905abe9d4d601f3e4a22c6f7af7cfc998d498bc0796bb91fac7f752

  • /storage/emulated/0/.am/log.txt

    Filesize

    183B

    MD5

    038c03c651a57d77f901a071f2ee512e

    SHA1

    199d51ef37d4b14f43d18d299f7d6c1b21f9a631

    SHA256

    619d45c2e57520768a73f7f29584f66f53cab43c20349638263a0a6554d84da6

    SHA512

    ffd68cdbe4d10b6df1c377bef6a0c45d1689e3a09f7c2bc6230681aab578f3fcfc14f2113840fb36c8ee0eeb7e71cca011bcddc1215535e7f1ce61fdba11ade5

  • /storage/emulated/0/.am/log.txt

    Filesize

    129B

    MD5

    3774261589fa7b4e621554714a7f0660

    SHA1

    b884d52f8b254eb92d00e72e6b14eb3176a171f1

    SHA256

    a2f145529474a89cd9fb6c69b4c3e8ac3f3d2d53bd8709cf817fff4884920db2

    SHA512

    99593fadfba4ab8592b9b0775bdb80db4b994435f115b2e4f470e017a9b0cef1a120c27e5a56b47c7f35c474f1df0e42a56b62429efcb683317ad12fbee14c9d

  • /storage/emulated/0/.am/log_.txt

    Filesize

    26KB

    MD5

    ff965d775387951c7f18a93c2067c2f3

    SHA1

    eff5378cd939020ba94ce201cb728700fdf479ab

    SHA256

    11610acdfc36987d2b3ef4588355e68a6cd597f0eabe56a6eb50abe0eaccdfbf

    SHA512

    1178af59744430a4ab59444c743742d56497787ee9513194f9aa418b6518e7aa7d75b2348c73fecc7af684d4280395eb5f30dd16eaa5d9733235b8f8ae182f5f

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    931fb84d5861b9e1e2ff5de2b6d80b30

    SHA1

    a5d0563c02717926a786bc288c4682936fcaa61e

    SHA256

    019096825266b2511663d085706ea602a72f4d7779653458738799f5b7907813

    SHA512

    49cf4d6d311eee64bf5094ab80e725d3dc2dd828fd3b5bc0a4efadb0402042c857943c96ab223d1dd67eb6435d8ca7c27ff93789c7098f58ac05fac90f6c7563

  • /storage/emulated/0/.am/log_1722479880642.txt.zip

    Filesize

    220B

    MD5

    bbb39c968f56c70265befe50de5c2c88

    SHA1

    eee03fe2e9e8e94125a26e16caacb990757c3cb3

    SHA256

    4a9444047e72689f7a302b26a3b6b1efddd908d7d38d56678b31a02bffbbb01d

    SHA512

    59dfe93fb3ade241f455f23d7ba102dd1dd7b75ce22b230c60e61e0d088e4c95fd0e2ce0ca5c6ada7b261f16a321359d121d4ab75ccc2e4d3f35dccc5b6683bc

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    72B

    MD5

    fda9182e3ed7babfe6cdfb2fc79f91a4

    SHA1

    63c41d4facdb15262581b9096fef50492c48c801

    SHA256

    d09df77525b05a62e89c70cc207651dd416cf2b9a73d0ac5b37db77e93325803

    SHA512

    8554dbe745a8b52ee7cce25f4cd6ed4a92601223b616ad8357bcce09a9907b09dab3042220d2c41649b3b70b409124c1c2c8efac855c10d8c347c662bb3f98d7

  • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    13684d2547f64dabfe299d1c6553a05f

    SHA1

    b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

    SHA256

    3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

    SHA512

    e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

  • /storage/emulated/0/Android/data/xspcmj.qiegf/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    f540eafa12b7f9a3b403441c7c2d84fc

    SHA1

    6345721340f2a83a66bae0936f71abb63e14e3b5

    SHA256

    c98ab979afa6372430e3fc44722144207ce9d48ed4ffbe61417caf5683cf2116

    SHA512

    8d84a4a7b932f36446db461e128e3eb9afdc9d240ae217047dd0d048d6990e5563a17a93928b6e59c6b984466b416f0731ca4c475773d19c8d56ff0a0cdd1169

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.