Analysis
-
max time kernel
170s -
max time network
184s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
02-08-2024 02:07
Behavioral task
behavioral1
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4.apk
-
Size
20.5MB
-
MD5
662a29140ea32f87a19fa76996137563
-
SHA1
cd0a4bd3abbf0fe2773a9c7a7a589a0609582219
-
SHA256
960b8e06d0db96f0bfcd044167a1af9b7397c73a13f222cdcce13f4824a8ffd4
-
SHA512
511b9d8e95dc7fa26fbf385c4f8bbdd0120830d7a4a031ac6929807bf265e7edafaa4778cdae6e80e632b8f1cfd4e7fb194a776328082402fbd2d22b79174b0c
-
SSDEEP
393216:tGtsJA35z7A79L+v291mbgafiubchZHb9T9i/zVN2I+TX3VyKpPbNiRSKcsbJo:tLJA35z7c5vLmbBffc3Hfi/zVN2Ikn08
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk xspcmj.qiegf /sbin/su xspcmj.qiegf /system/bin/su xspcmj.qiegf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/xspcmj.qiegf/[email protected] 4341 xspcmj.qiegf /data/user/0/xspcmj.qiegf/[email protected] 4341 xspcmj.qiegf -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser xspcmj.qiegf -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 11 IoCs
flow ioc 19 anmon.name 70 anmon.name 66 anmon.name 17 prog-money.com 18 prog-money.com 20 anmon.name 31 anmon.name 32 andmon.name 47 anmon.name 54 anmon.name 67 anmon.name -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground xspcmj.qiegf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo xspcmj.qiegf -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule xspcmj.qiegf
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/xspcmj.qiegf/[email protected]
Filesize2.6MB
MD53bca1a576ba29bd493e42938a489aa5d
SHA10e5d4bc3a7daf6864fb3076e6c1e9685e254efd9
SHA256b1da8dddf686b15b020b54c3509896b4a96b080604cd9d9cbf302e4beee473ce
SHA51239a80b04bc764b98d47e035fb46ad89607bf599110bb5f62dc394f50e2c329fe913fe4be70b2a7879be3e2d7650eb9322f026e4996c62a45632e4045cc71bdc0
-
/data/user/0/xspcmj.qiegf/[email protected]
Filesize1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
124KB
MD5011cd6a11afb071cc79ef5019e0548e2
SHA106456658c8ad8e29492347ea80b83b0cd1dd20f0
SHA2569b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97
SHA512ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30
-
Filesize
96KB
MD583bb06feb5e5482d592ef49c49bc525b
SHA145f447eecf561ed5784d3b8518ff6eb5a44529a8
SHA256e7c006515ba7147f66fa87b46b060d117bb3ecc706236b3295fdbc779471442b
SHA5125aaf78896cdc61cdd276ec0c8c996c1ae67c88eb40c99984479495350009c1cdc0129d4cdb186c5c68cc7a7843b1187c86a8f70e1cb516c672da7768014f4bb2
-
Filesize
96KB
MD5a3fb3318e23154384ef316ed901ac45e
SHA12df7706038a6389bdc80578922e8163ca45f4dff
SHA256a8c1dba62ea2ad7ca35c3e52cad907e41141cad86a4a028fccc9e7ec03386fbb
SHA512d12d975caf74cd465a2062a35838daa5e03a0f5936773414ed25c3a0e85dbfa5740ef0baeed7daea16dd498b97c9c20c369fa94ada3b504f71a3af63b8296475
-
Filesize
96KB
MD54a9ad716164b2a8dc4557317be026576
SHA1da5395e4413cd45a3601c9e706969c8e6bdfd831
SHA2563f74b13d11b94c366468a42a43c86401f3e5402eb66bc6093adacbae59a54e4c
SHA512a4ee9e3453fd2a8891625d0d81f27014a2678f0d4f3a9daaa42448b814aea77c2aefb2afacd5638df63205da8f8fa53966714913231a3d99ddf151008b792885
-
Filesize
96KB
MD5e37f396e149df7cb6540764b333f2f3f
SHA193686979bd60ad8ab166d45640b248e87fc3288c
SHA256db42d4338fd7c82046a9459a198e0840ff2efd931e390a3e39024142443e6d01
SHA512624904432496c628326e309779f5ada532f18c8f8879b091ba4372c6d3c51eaebea2e2a9fd3ae2c8f6bb8b46502d3dce65b07b4f3f7c482918fe09a14eb8e77d
-
Filesize
96KB
MD57e4864547844dc64c7fdfa30141f5d60
SHA1031d5824f68ca0d7e85fd3a90d69ddb1cfb67feb
SHA2561d6792317338e2eacc25df3c24b3621521d867443d793fc2de80cfde7d41f1d1
SHA5125a088b950b1936d7f17cfe705ad113128e3e700e8e4f915e9942328818a95c9014fc39436518941848d8e5ae0f9556249e262f588714e5f08c765627d8852034
-
Filesize
512B
MD58b71623dfc41dda99fd56129d7352959
SHA18ede50aa21e0447ee414277f8ec9fc0a0c0462fa
SHA256cb0df13496ef220f09ec90f755c4ef98b4d4f038521bf9894d28a0a6c6d0a554
SHA5121e5aa0ff3b3c4d96620def637a4d4112e76f1b24c89bdd30a5d49eff1d3c6722ad35cb8565203047252136c49c13a0b00bec83c91832885c1dce143d8f6f8cdd
-
Filesize
8KB
MD57c573f5f737f267919f76e8dee1abe74
SHA1935a140891a9aea95ad69f112a428b3fa9295071
SHA256f76cb3926677194c2c0ef484720827760b96dad187a45442dada27c66fbc50dd
SHA5121c055f33daae60524da454b29b7d0979ba445a225fd89f6a5b655213d24d34ffe8fbabe14c7f46ff73bf59b17f4152f1c7eb22e74044e7b7ec3ce9d2d35cf857
-
Filesize
4KB
MD52c89abcce09ca01c983a4edb610ce5d0
SHA1d62500970465ec04ccd56307173583a034eda977
SHA256b92bc2f0c6f05766c6037a0af2fb85f12e84d5c29d5e4c2b23524746438260ed
SHA512eb87dc6610195d965bd6b28a94ab5c2491a6815560c2afa7649e1e5884536ab88510ea4ebee733fccce62ad6dbf7e162bd78b9fa76a510ee2cbc09c436fafd1e
-
Filesize
8KB
MD538fde895907d67332225395b122bd929
SHA1e7cfc3410c2f3ea49e8e9c0bbd01cf891e9a8186
SHA2567c9a915e280daa5dc6f4394f775efe302dc4e8a55310424392e058b3a1b5dd7c
SHA512b3182f8538eccd4af1743d7e46a5824a444f0c7df3882660b85c7f3fd8fc6294cd8d0de393d1950f4e67df9601979aafc13774fab8196a175fec2651e28b9c04
-
Filesize
12KB
MD5a938b288c8de73c8aecf0a0b3d91eec5
SHA1d0f229c1dc4c48cd87f1270c49d1a24a4bbe1383
SHA256303a52478acc6e17c4956230783a096a6f9afb4359ffa2810b51567e9e1aa9b5
SHA512d6c394a944d017d80a64ffad6249a003c57e23b6fb796bd3334bc93e2b1290331c0f03e1d9e5cc7dfa7736d396f6805caa826303fd90706ae28400127718cae3
-
Filesize
20KB
MD50aa782776f5341a36dbe8ebd516648a2
SHA191c658af86e5baa709136c7d7a06423ca61f30c4
SHA256da853af2fede24734066750f396a3e15482626cd3f2d2b562884595590fe4a21
SHA512047a6fd7d6c544b79c47d923f3a51298eb11e91b716fce04e963489921d8a4a47f2b8c6c55dbadc8f8e242cc90454264e9848c83148d21004713fdfc4ad808a1
-
Filesize
2.6MB
MD58aa5d8f3622ac78fa2cc58d58c87dfaf
SHA133071f0a26c21320a749a25a5e94a694aaf346de
SHA256db50acab3ed87a8cf5df819c8c88e3364f966dd5279d1f3a3f8e3154ab8cc326
SHA5120ca20d27a1e8511ef0d588d15fe4c6f443a706af90d414e94d4d7e021080309f574892c327054c9b072a6a8740a9ab88e774116d2d815ed839ea7f813ef35251
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD55a59c657f396d09d60d7f1ee1b447305
SHA1625fbafe27d2335f93023e840b5adc875244e2bd
SHA256fcf092684795bfec3920dd5ba2e8bc54d3f74e0091034ca22637ddad3111afae
SHA512f6a1c4905e0f0fbe115e76142182bd7d1003cd4eb78dcfaeea40ac5722abf8d3798119bbe10e30a83cf5710cf31a3be6f454a1ecea9e1eba1119bcb41c3559b6
-
Filesize
152B
MD5e1ffc12599cfa08012cb3f61e234294c
SHA16d517d409819e9aa8661aafffbc672006416c4e4
SHA256c993632a2015069ba0fa5896a92aa791e94a8ed8ef0a4471003d23833f938177
SHA512a685fbf402857ce3be502ff47f7eebb737ecff90fdcf57fb4f78bf83d3d2a5cb7b1030976ef9625e5947d4f48c12e13646e52dad210dfe8e5464d331729b8fc7
-
Filesize
4KB
MD561e4c350d4e8355da8281a9e2afded23
SHA1ab8a444173933ae4c31bb1465a046cc504f791d3
SHA256cde3be8c677c63a08d0cc399cac84a9de46458ae8951b3dfd05809260f0e4dd7
SHA51270bde08c86da60a73572b1983b74a501f3563ed475166c79805d8cf34ed9d4605e8a30e362b3835f9faf5a08fe9351bdc8a877507a9d08e4ee48467c781fda09
-
Filesize
64B
MD5efdaee919c7106a93caed55cc7460687
SHA1a7a37b19efb5bf3811b2c6c130e1f69f869263bc
SHA256b551feb96df0e0508b333be71cb081f443617fadae27ee042d80dad15c5e97f1
SHA512a4db4813176ecda7fdb72576fdc8a556e387bbed00bfca70a5ced77ac723bb978a06f0bedfdcc81e7d47873e62a946fe9d526dfd70ef73fa09a49868303484ff
-
Filesize
72B
MD56fd6130d0d5d9b6cbae95e931c00a78d
SHA16d075658af9dd2f183991f4cf4f348325a570d98
SHA256424f3e1416734dadbc6283c6b00a15b5dd02107ca1f6b292907f74194527b2ac
SHA5128a8f23fc06edd04fa2a0b2af647795b03d2cfb6353d157c442bf9f22231f1d13d0ad4773137ea886fc255c3eb33cdff914ae9e4bd423d8649d9a59674795412a
-
Filesize
183B
MD58247826ec513660efa4c86bdb12998a9
SHA181fcb34e84172f6809bdc2a37b0ff228734b018e
SHA2563f1f05e4b1bb60d4a9be6ec0878fcbc262252f4a76c44a0d1a1d9ea7db8453c3
SHA5124ca31a9b9d7a266b6aab13fad683f53a2358e98d006b5144752e2482290d05ff2c6529f1c6ac16e91ca284b9297b4d67000befd507aa81b4af9e6719d77a1c3a
-
Filesize
129B
MD53c891d7480ac23d2c9b4d7e39e23502f
SHA1cbca88c807cb5ab97e4dd2ac3c0e712c25092b83
SHA256b60cc1e140ece70162c1fd5c33ce162e74ae58762500a62385b582bf0e5e1795
SHA51200d9815c81dd16b48c7fd3bfa4a96a09950d26afec34b305ffe9d614da305344c2b9a6a8774685e90118f4b746675c5d77fe1a6d9764f91528c52a95b35abfd8
-
Filesize
22KB
MD5eb2e169ba556fe9a79fdca51acc15b20
SHA1074b054826d247d83ffd95f3147289ad00ed6027
SHA2563d0d053f9291fb759224d05b5a07a06f6b171a8121b3d05b43a94db8cd0c802c
SHA512d71706c9218bca892dbc5c286ddc0cb62a22c7741c08261edc21afa43e2632bffd4d6bb0e924ca83afb0259fe5210c52fcd8ceefb3280e5464e4c870b352873b
-
Filesize
6KB
MD5978b222ae70911eeb6caeb0cc1ac120b
SHA1ff89406062f0c2c3552db1383c4c19d54345b4b0
SHA256c5465307fa53a0699550fdeb9e91a52c9e5db8c150eb288a52a394684338a733
SHA51278a12ad10ec6ea658c1bdcba7e6f8fe48f50b890ea8ce4daefe04da5b0ff30fc235e78eed1d2c22f32469bcd3ae4a67b685cf44ae7283102a465a88df777be23
-
Filesize
220B
MD57d13790880530a5faf98961580fc4e90
SHA13a7032f53feee659ac2fd6e23aa703069305700c
SHA2560a3ca37ff899cca53ad87af2c080af91426e8c7d25c607c3462f09636213ed0a
SHA5129441084a482041eacacec02d64a419e3a3a47de62b13000ca07dc5cd7a93a7745f138d7e7b31911822b07ce75b8f2a97d5f953c50eacefa4a53927506cc8c833
-
Filesize
64KB
MD513684d2547f64dabfe299d1c6553a05f
SHA1b000477d2cb51e917f2ebce3a8c53745ba7e0fd0
SHA2563cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0
SHA512e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217