Analysis
-
max time kernel
170s -
max time network
190s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
02-08-2024 23:36
Behavioral task
behavioral1
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-x86-arm-20240624-en
General
-
Target
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
-
Size
20.5MB
-
MD5
662a29140ea32f87a19fa76996137563
-
SHA1
cd0a4bd3abbf0fe2773a9c7a7a589a0609582219
-
SHA256
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4
-
SHA512
511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c
-
SSDEEP
393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk xspcmj.qiegf /sbin/su xspcmj.qiegf /system/bin/su xspcmj.qiegf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/xspcmj.qiegf/[email protected] 4376 xspcmj.qiegf /data/user/0/xspcmj.qiegf/[email protected] 4376 xspcmj.qiegf -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser xspcmj.qiegf -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 11 IoCs
flow ioc 66 anmon.name 19 prog-money.com 53 anmon.name 65 anmon.name 30 anmon.name 34 andmon.name 51 anmon.name 67 anmon.name 20 prog-money.com 21 anmon.name 22 anmon.name -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground xspcmj.qiegf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo xspcmj.qiegf -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule xspcmj.qiegf
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/xspcmj.qiegf/[email protected]
Filesize2.6MB
MD53bca1a576ba29bd493e42938a489aa5d
SHA10e5d4bc3a7daf6864fb3076e6c1e9685e254efd9
SHA256b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce
SHA51239a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0
-
/data/user/0/xspcmj.qiegf/[email protected]
Filesize1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
124KB
MD5011cd6a11afb071cc79ef5019e0548e2
SHA106456658c8ad8e29492347ea80b83b0cd1dd20f0
SHA2569b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97
SHA512ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30
-
Filesize
96KB
MD54bf3ce18088063574be865da51add144
SHA1cb0f8a554d7daeab3a202a1620c3e685600065f5
SHA2560b891bdfee4b0d54f4d1393a07904b29bc9c25b06f2f5f3ba07730a2ab10706e
SHA5129252a6bfc65fe732a9d9e318686de63cdb4df259ed2760d2f9a4680ef1f2dab7d98e983b59b844c36ba667ecbd7e9e54d286927f6486cb4bc8ab351d4fa37d07
-
Filesize
96KB
MD53ad74fdc4297d22b45866e95ed8b5c8e
SHA16a9631d614893b8ff25e83b04056b9214a8c2f61
SHA2569fab6073ffb9dc81165ae8493073c54f5963556623681845d9a3e46b51e79855
SHA512ae146864fb035acc28f6badb7f00b29065a1e6725cb62a34649ba3a6790f1bcfb4938242271659941b8e39d381fbd3d541ff1053d42f0f1cf64f3549e02a90a1
-
Filesize
96KB
MD5bda02ab61240a42b71edeafa5935c4a1
SHA1982eab5930c451869bec75920d57bf2f2a87b599
SHA2562ca2e770a33992a81e5eddcfb609dfa028e6bd6286b30a252311f84f35590b40
SHA5126ba4c415e7ae03154029e04de5a73ed565b478ed0aca1234831a9277ef34d4559ede578e1ba42555301692c0c1fc363936940c6cb74ff42e7395737aed6a4da7
-
Filesize
96KB
MD5998e34a92c984d5b7aa0d4e90839bac9
SHA1914baa1dd36ad4c4291367b244ddfcc5e8d7e0f0
SHA25649afd97486f0aa5b0dbdb466188e2491c6ed2d87fb3eb3638b0f24297b5610fb
SHA512d410bf43d89c1506614e1e9f3c3c70d4f398d210ec01a2e6faa6fb192717d2710b75828ae409c406d32ec48009023d2c04183e1520fce754327f748230b751b7
-
Filesize
96KB
MD517999b949a0e972edc5b3795aa504f98
SHA13e43a7c7aadca297bfe1a507bb8bed88b7f69da6
SHA25682dcf5d4060c8623fa08f4d3fb6044e423b698e1a1c4df9ff13a583d4dc6b174
SHA51213b62890f250beac09855120170084b9528e1da624aa4e908108ad3792cbb741db6d62c58154ad67a44885567d8f9071984449d79b1c7868895511bd9f6a6819
-
Filesize
512B
MD51c12f1fd5b747db84512a5858e626dfb
SHA1afa545b5451612564b1443c89ee94076d8d54696
SHA2562d427f4f674f1de2ab6ba5de043bb51a64bcef3c37c65e2bbc8fb5123629c989
SHA512cab1d96330e4c37db283fce452700844aa5a56b38fe7707fa2825539de58f7b0053d7a4d1b588aedd761a0e57a2af764fa818d399e50c45fa0bedda80d4c9d11
-
Filesize
8KB
MD5928c89984ade3ba2e93a12a9acfda8a4
SHA1b3b33d2550f3665400a5d2323626bf29dc4cf4ad
SHA256eee211b7839264ec95fb6e47f13205f0ed03b5cd595f9f118a363451565e5f4d
SHA5127e79282779486198474e397edfc189b4effaa117c98af19014fe9c34aecc66b3eab6641432ce7b2d88c66519e6cbf7511241fa8b20abe49470cffda8264f2f14
-
Filesize
4KB
MD5354bb0806628078c3bb0e8058ba956c6
SHA1d1f85315d37cd228269a1f13dccc344f85cdebee
SHA2566edbcaa37b069a250856b1c20ec6b0dd490b1dff2bc992c37a7fe43d0e0366ef
SHA512d5e8655673f4bf21effd6cb79cc4622ef712a26664005d2f9b834b0b20881433e63fd6c9f899b356d3db90a293d5b8432a5981e33d5882dcf4f521a8f9f26748
-
Filesize
8KB
MD53e5ea28bbf9c2e9ce268021c946b1641
SHA1206ac0ef96a1c2ddedd691712898792413097644
SHA256141c5c6c8628fa5bce55e318936a169097c59644bcadc2ca0369b89da7491926
SHA512259b997eae9cbca6185bc4d6ad0aae3e508b93894e408f1642670f1155f4d9270122214f94378b8880e0fe74e1ac21b37a5fe76e319be89f790dd5b8471b895d
-
Filesize
12KB
MD5fa53ca38f5d372139e2de6f151f83fbf
SHA111e40539ecf9f226d432a3cea24d18bd36b172e5
SHA256a5b8156aa6e603604e78b481047a95b1e82fdb51cafb75a9c8d438fb8f217f2f
SHA5121bd27b8a8e55be108fb1811eb7842f3b5d3d8549359e31c43697595f5169b1291878dbf60ee751af2270a0813365c491e7d07e0a3e310733477dc59befbb9ca1
-
Filesize
20KB
MD576eedfd2df458c245bb0a9009540dcad
SHA1f6c882ffcad450ddd0c91e27567744dd7ada7819
SHA256e59396401bb65816cb3a784b22f040d4b121c8f70ae94acb0436a5665e71b890
SHA512af3e3f4c67fc514f5cb4cc7587b356e1975a42471041681fef152d8e02827fadd2cbf342f8c728ca2b841312ebf849e5c03fb59e6d65a881519d1858485c96d4
-
Filesize
2.6MB
MD58aa5d8f3622ac78fa2cc58d58c87dfaf
SHA133071f0a26c21320a749a25a5e94a694aaf346de
SHA256db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326
SHA5120ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
172B
MD588a3e79acd7bd069bfe1656fe0dcdb7c
SHA15cf87895a1895e6e9301a3ca5d4610584e09ee97
SHA256eb24b9187307a1e0dca48d22603bf14c2bdc2ffe6c6da5e2cd0038b3a34990b8
SHA512b1598ebfd268059ab33742d71c86158884a511aacdcecf999914c856d5f04b652dd66b8aeab8e3384b62ea38cb215c78336975bb76c64da39e9136a4e3fae8c3
-
Filesize
151B
MD5c6c546e13dfd2a0270206d5acd6d6908
SHA15f142c502a78b848f11453d37371dca8e8b244bf
SHA2563e54a60d042eee4045816a9ff080871293d8df17de970556c16bddb39004c3c7
SHA512bd80aabb46f2a7067952e7f534d7fe375e9d029a6c0ac75deca7cb2b197ccccd43e57757293c244e8d1ccc7a3f1d01148836be46b530279803099439556bb44c
-
Filesize
4KB
MD53109cba1d07172daf2e6d3b0d5cb3e7e
SHA1f6b32b03abaac8378272a24a49f6856031fadcfa
SHA2567a33c702fbc7e291311f5620314758746668ef244b0ac36b72916578c4415ea3
SHA51242f78835e433468155c2779e02610a95f8d64888cc078531bf7e75fd8c865251bdb5c1fb431c47f05c3c369ba5c7e7f48be2e844c0a46c3d644c12c41958d63c
-
Filesize
63B
MD5f4bb7e5358e154c8902b59b1b6539871
SHA19f928c07e6c20c11432cfd7bac7c78236a00def8
SHA25635eceb7a37656a4aac66d961f77c1e2b7f9731a90bed4d1023c663e63aa18819
SHA5125d9cf223e476c0ff55995f6fd319cb3cdda374c191000efa314d8456136d35d354925c95fcaf8a3a9319e8779dbea781290d312698c8f4fd2c70eb030c5e1e77
-
Filesize
71B
MD528db1c7469576497418dada2efff944d
SHA1f817c41c07d6622c4d89604b8ac773b44eee3884
SHA2567a966d3695454f2785b850bc41bfb52c34744aa6993ebb1a0918b2072cfc8b6f
SHA5124ca1b5891582447a1da74bfcc29d486291b9fc66b1ecbe30201025686d8474062381bd546162b3da7a131f0afaaeaa1ba8937cb5d3b35c14acb75ffd534d8777
-
Filesize
182B
MD5ab2e9ae2e24f2a46ae9ced9b897cea60
SHA17cba1c10bb0d0f88d7f520d05ecbe9181c48f870
SHA25677f3e46b8ffcd4cb0e48853f133eca1946619b4174fca3d759cdc8db6068596d
SHA512b0ae5c129a31d22397ec0524f3984bed0c2448cbd4ada9f424e27300bd9ea4e1034f9cb1ef9fba583ac90f85cca03f5feb6df28cbec2401730dabaf0e1a88eb0
-
Filesize
128B
MD5c7d467b0eb65d5b4cf8dd4fdc15159d3
SHA115412677a95be11df58ceee951886cae95234db6
SHA2564a03ff1c33d39de8b0cb6be25ab7eeb8bc6c8d3caf779950be3b5d2c20dd4814
SHA512415efa8eef306ca252a02310a749814469d5be9e30865dc380075cc028021252257855100765353b1e37402d6b7a4068a689c77fd9377b270f05073dcc3bde7b
-
Filesize
22KB
MD5b5cb77769af23c8a9b0c18543eba6b99
SHA17eca62b5a3e0ebcc69875f571923991194b2dbff
SHA256f77fdb6fd9ae59763798b948ac3f51e211fc534a230448543cffdb9cd5440866
SHA5121c652595149fee5ee23765857e23216dbc90a8f883b6184744c62670fe35dd9910e39bb559dc3fb304f7e328e56d59b349fffabab2785a164d7a658ad03f03b6
-
Filesize
6KB
MD55d6d407abfb3a4353b1cac8f271f4869
SHA1f12315d869d0d68c3150c2c831415ccc6d7accc0
SHA2569dc8261d1528c26aab8f02966c1b58cf83a0dc847844983c966a594576a508b0
SHA51247b2447e6466c0850b2af60395156ce7d100be1cad73dbd2c3aaa3cca368be230f245f2698bf0f2172d8cd0c3da4adb79efa878e61982e429d9c5289b94d0680
-
Filesize
219B
MD52d79369885f2693365e1cb5f3ee5e720
SHA10dbaf1579078e130662a905bffddadd931cdd09a
SHA256a97699b880afdf7caaa362652360796275a58aef50b8ed882c08cc4863ce0123
SHA512ba394d5b47c4f820ee92cc58b26cf4fbe242457514be2054aa4c5356583c4a3876bf880abe3f9a9c0436d42bce0b22fb1b4afa178ae7a39e2dedde33eb51518e
-
Filesize
64KB
MD513684d2547f64dabfe299d1c6553a05f
SHA1b000477d2cb51e917f2ebce3a8c53745ba7e0fd0
SHA2563cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0
SHA512e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217