Analysis
-
max time kernel
172s -
max time network
190s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
01-08-2024 02:14
Behavioral task
behavioral1
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
-
Size
20.5MB
-
MD5
662a29140ea32f87a19fa76996137563
-
SHA1
cd0a4bd3abbf0fe2773a9c7a7a589a0609582219
-
SHA256
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4
-
SHA512
511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c
-
SSDEEP
393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk xspcmj.qiegf /sbin/su xspcmj.qiegf /system/bin/su xspcmj.qiegf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/xspcmj.qiegf/[email protected] 4351 xspcmj.qiegf /data/user/0/xspcmj.qiegf/[email protected] 4351 xspcmj.qiegf -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser xspcmj.qiegf -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 12 IoCs
flow ioc 66 anmon.name 23 prog-money.com 25 anmon.name 26 anmon.name 28 anmon.name 32 prog-money.com 53 anmon.name 65 anmon.name 24 prog-money.com 33 andmon.name 52 anmon.name 67 anmon.name -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground xspcmj.qiegf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo xspcmj.qiegf -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule xspcmj.qiegf
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/xspcmj.qiegf/[email protected]
Filesize2.6MB
MD53bca1a576ba29bd493e42938a489aa5d
SHA10e5d4bc3a7daf6864fb3076e6c1e9685e254efd9
SHA256b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce
SHA51239a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0
-
/data/user/0/xspcmj.qiegf/[email protected]
Filesize1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
124KB
MD5011cd6a11afb071cc79ef5019e0548e2
SHA106456658c8ad8e29492347ea80b83b0cd1dd20f0
SHA2569b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97
SHA512ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30
-
Filesize
96KB
MD5464ff24df17ca510dcb1e7f69a261cae
SHA119f601b833c9c25fb5c35f2d1abacce010b2e426
SHA2569121242a749612c5539be57072f3d270cf827eb0e5caff11504341007bf0a302
SHA512fbd1e5f155778f21f2b13c28f11898842819ce5407d1e4d0938c9237b7f0dda9408db1638f10521e79e66bf0e065411febfc82958b34624245fbb1714e062341
-
Filesize
96KB
MD5e4cd774ba37942cb15595d44b421e642
SHA1145ffbcb7016e440b195ab62fdc92c0e72ff99d3
SHA256fb23e2796918dadbfdd29313e47674fcd3689a12f78751ee94ac0d5df62883df
SHA5126c892769f23057926d959608779855078d9de12c5566a321dd4958b318b140e69500c47fcf824302e95ce165bbad554a2cfa5f460217677b7cd7d81937b7dd0c
-
Filesize
96KB
MD5f2dd8891b54b63ba05e843b767d0c10e
SHA14a01dcb5c4a7f8d0eae52b5bd94afbae4847c389
SHA2561113b8493dc4216d5a86ff02eadb73d24f3f233895de78aec5c06e7d5bf552f6
SHA512cf997639aa7427a78476a739366c5cc50368648ff59802bc689aea8843cc03b2d44d580196b975c6f5063f9a0c1184339a73e480bfa1913d4927c257665f3ed2
-
Filesize
96KB
MD5d97950ae441282737adf814369a17da9
SHA1fda6fd4b650e2aeca91806dc3f29f97debee789a
SHA25677fe31071b5999dd18075fbf21dd38cc7ecd93fc3fa603a540457efada82b8ef
SHA512f71a6a076eec952e9f01c76111931c5bbc118b8f49d712962e8730e7cb2de5521eb87c6bb70932ffdf5bfda591c2fc0da32a727a304530b8511b866bfaa60a43
-
Filesize
96KB
MD5e50e1b82e9786a60513f70280e225ff4
SHA1383331e114627ab5322b921a5ffb32182af592ef
SHA2564dccea5b40b544546277c1af3df1093b2a900123a1a7009f5885f093573314e2
SHA512422e4e91b3164dab04288567726ab0d22c911012454657859d67af41a212cfbb15bd11ebfd6edf940d13ff352e3411f88c2ee7175e4b0bbc466ab151ea2b5648
-
Filesize
512B
MD520077fd85ddc119d57f19a342911c53d
SHA11696f7987b14b8dcfb533777c90311446612f7cb
SHA2567356013a7e6e77efa16439637638314981656c114475eda42d5b8846c9d8fa20
SHA512caf2dfcc70be23a5fb88e97b423d79e0893ccf6deb13ec68b3687d57e7d04786d4403b95026a440155bf90746ceaf2fd93a2536a92631965831ac816b6740965
-
Filesize
8KB
MD5dd53617f1c456d3c15031fe9c06244c4
SHA17267817e6d30dde94b1fc3c2f2debe510a3a07aa
SHA256d1298edfc9bf9d4326cc2a6dd6cb7294b68450c4a9d21b07c1539bf9ef60d0eb
SHA5124ef175a1d34bbd7e2108e1d85fb0fb7450fe6b548f73c7e0f3a9e7169dd39d6350da8482b9b1cc87203c8a37fe9af9739430b34117730e6cab0484fad68044fd
-
Filesize
4KB
MD5201b83517e430f1baac6200247371f56
SHA16a5c93fb214bb65f58c6f27505758b85801b45ae
SHA25630cdff0d1ae9ed519307482a313e1b951e6ef5e34b47bb6a176130aa3026933f
SHA512c2562cf4d7712a7f0a5581a6e1819708528d9dd3b94165184349053bcd98d7da27926cae2c81859655c622c03ebaf3091aa08728b3eb4fdbc1a7392ac961aa24
-
Filesize
8KB
MD5a09a5f39f1f372f6ddcef56b6a46b852
SHA1de3596821bf873351ce2dcdcd4987b91da0b01ed
SHA2565a949b5806c31674914ab6bf71db6fac6eec7b2dffe39663e839ae30742c4ef3
SHA51270270ac16c4acf7a3e219d1b5ffc1c96caf64c30ba66e5c7c2018c96241f28a162869878f21770e92d99521aebd339730b26efcbb0c149d5a89552ceb81c2949
-
Filesize
12KB
MD5e117dd0c730f99fc72708b2cc8db65bd
SHA1956cf874e0dd35fbfb24293d936f8a16b4cdf1f0
SHA256be82cf2c7bb4f955b75f1f7c04a26ac33ad380aa4b3369bde1121f18c0e1c230
SHA512a7527636782e9bec80561d15652723c2b0264f04927094a4ea48d218fbf674a3df21540e5b08eb2a1fccf893b233d2e33281b0f77f77e0646caf28e01cc10a0c
-
Filesize
20KB
MD58d91efde62a81c713be2f1c48be60a65
SHA15c77817f96dc1e00121a169eddb398a2eb15e09a
SHA2560c97ae447a1f9d9131f8c9d85411748e97bdd85caae495f051e919a780cd5518
SHA51205749319b53fb1e39197c635469258ecc15c5c03d20105c75628dca6ee74593c053a29e7340cc2bc06e006e509d9342caa90f1ebfb453e7f2c912d1608cd9a10
-
Filesize
2.6MB
MD58aa5d8f3622ac78fa2cc58d58c87dfaf
SHA133071f0a26c21320a749a25a5e94a694aaf346de
SHA256db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326
SHA5120ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD587136aea34931c7ef43344bdbe817559
SHA1e2817a4b507be787d329939a953a4ce9e342ff8e
SHA256e18830981b51b4e2541204c15878ec1818a5c6c4f97704ec4f4e2612cc60fdb0
SHA512f6dc5c500660280bfec4c3b3be17d9a42d6635f6e650702c8187316d222ef8e86da23387766853192ee2f800a1f4d2d962895946d6a31782e16ea9b5bb55c56d
-
Filesize
152B
MD53ddcbdce63b917c0f5c467fb368d7577
SHA15a9f8cc156ea9527f24cf9644ab0f4d38cb091fd
SHA256dee291ea50ff798dc7a3084286ccf308e79cfc82a737130ed6d5d7bf258edc9f
SHA5125bb2433da477ee27c579058e62ae31bb01ec9e435808765eccff092cd5eb336b4367be3172447f290e1a9f7e11095319419062c52ade54ef5c97cb8343108242
-
Filesize
4KB
MD50720ae01fed2b8fd5ef3e29aa08bafda
SHA1521ca0f2966091d744dbfcb6c1acc8bf92a139cb
SHA256bb0338881f36e37a377e8aca73a8382754355e4e2ee62b11e16131d4280bb063
SHA5120a3416b790a0f620d8f2d1e2e16fea3766993844fe5794b45ef057173d0054fd72b326cabef8bf6c553e53cc6cf4b070f82e5c73798b7c10377253fafc15a340
-
Filesize
64B
MD5239af2b569a6a8a9c385f70da66c511d
SHA16c6a4bf974e71dad4a98c562432a9de74223cde4
SHA256057173ea85eed5e6e2e6c78b013c80c5e0fff0b31e9090078646a042c9e32843
SHA512c3b37f135cbf978742a04eb510ad82e920cd4ccf3f10179cf4762c12d8c0e75e4087622485eb3a49ad7e4864f8057aff56f78c75d07ef7c938fd0cec6e9d68a3
-
Filesize
72B
MD5db85ef454fe55973db539bf6e8322e14
SHA1c644c495ac96ecd15e394b1f045e0205c86c5a21
SHA25630c8ed38032cc03a6585abc7c8d6fb25a3042a3a0b290b67136baabb1d6ec817
SHA5129e196afdd966b0704a9d59dda64d1f04deb0a23a0f05681cae53b73a27f966240173e10f6160b39b002a17f057b5b0f6d307219d01aa985a0cbc7c72bfb9b058
-
Filesize
183B
MD56f50391c2c5badbc46b8060b514cdd7e
SHA10bcdb3ab5626ea3e237d9af20516217619a975cd
SHA25672d60954562bb0881a1bf6ce8ede10ade42d6c94115fa3a32f2b683c8bec4493
SHA51296b9d5842b4271b678202d6f5198673c764d2c324fb9c651871d1b296e990fd4e0f44a33d20c6e369c25d225e37419885a05733507babdfe7b61fdbfaf616e8c
-
Filesize
129B
MD5d35cbfe925c333cc11da774f16d2112c
SHA1e4c88a0e3fa886dddc7faeb67aa2dbaa996ef68f
SHA256307fd6e23dd036d2c785dd1f14512b428f0f188327898e8540fefc9632abfbb4
SHA512011f95fe896e52fda88166275d126342d3b33b810009bda120bcb3d3683a31ba7f4f8776f7ad05a8e9a5ef8939c89b15e18fc7a1799e5ca4910607133cc01ab1
-
Filesize
22KB
MD552762b89c11da6b2e102d7ee1d28b5a6
SHA198e55ce177f2a2e7674fe7322d1ecf0966628e37
SHA25660f82af813454a5045f8adf1de42212ee936054a80b166dc6eed89a00f0c7a61
SHA5124e7fbca81999b6ffd5d99061ecee23a0eea050e1199b4f0d336a12b2f709fe0d5493c78cd6202ebaa5bea9541dab989491014ccc2231cdeb4a9d6acd5f214b2b
-
Filesize
6KB
MD56ac01f1a6a4bbe41fd7bb1692f0484ad
SHA146583b76448f3cb8a85d4034d752b766875a7d97
SHA25693bf3209db7ea4a7cb3dc53f6cb2df8c2fc5e8d331cc436d2f5f829a0d832409
SHA51262126d2800534dca3b7c2860b5a003cda4ac61c3c91e29a25696fc1fc3ef60400a4e93d08cef14182ccad0b8bace32b23a312c26e3d4289e2edef4c69352367c
-
Filesize
220B
MD5c71dc5137636614af58fef4eaad98449
SHA139ca2c74da4786c8b89060dd61889e0776cc1a9b
SHA256254bda6c00f007624bc117d05a07487da519b7b404301bb3c2fbc1ab85fc1d5e
SHA512b65bf33c3432d5fae828edb25b1cf36c2c6296c388e25bf8a5f0909fa1c4038b30a8f5a1b7091e2a3ba110da821a3ddb88849bf2596a128a475c8ebf2ca196a7
-
Filesize
64KB
MD513684d2547f64dabfe299d1c6553a05f
SHA1b000477d2cb51e917f2ebce3a8c53745ba7e0fd0
SHA2563cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0
SHA512e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217