Resubmissions
19-10-2024 09:10
241019-k5aveaxhqa 1005-09-2024 16:10
240905-tmdm1sverd 1005-09-2024 16:09
240905-tlxz9sthrj 1001-09-2024 06:20
240901-g35p8ateln 1001-09-2024 06:13
240901-gywlratcrk 1001-09-2024 02:40
240901-c5v7cazckg 10Analysis
-
max time kernel
149s -
max time network
152s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
01-09-2024 06:20
General
-
Target
am.apk
-
Size
20.5MB
-
MD5
f95cf2c20d492d6647885e8428d808cc
-
SHA1
3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa
-
SHA256
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c
-
SHA512
3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5
-
SSDEEP
393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
fka.ugsonrqogw1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD54c0ccabb25100a908b9db06434a6af8b
SHA1555d9ecfa42e17aec483e1c05be0fc1362db9e66
SHA25679aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304
SHA512b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb
-
Filesize
96KB
MD55ca1baeeccfe6b6f9bfd9cb5886d634a
SHA110fa01fb6cba9c6572fdc31287d2eb8d75bbc2f2
SHA2560eeb4a4ebbf48c7ad094471b662069655e5e7e7945880b806e61af1d9f8153d2
SHA512f0851c36f719ddc0eb5bff120096ca53d7c7a1b1270ae9d000bb487d73c5b451decab3e2c96ec71bc2669be16c2a1cb90ee448369f0602a5f40d09a0b8fe17af
-
Filesize
96KB
MD51bbcc64cf220096e804cb25d7b030004
SHA1e3e3f314509ae7390c3ca5f94a70d21fc87ca6bb
SHA2560bb1d29ce6a19fec033839efee7ce52701a5c9dfd338092f79f4859e6fe9ed6b
SHA51222402ac04c727b143a294f399c93172dedec755808c9fdc2ca3fc7073595c2464bf72f92b51961c455e04848faba5137c37e488c1484d65efaf064cd8735b83c
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
96KB
MD5c00541a54ab03f39ceb7b3d84f7b2e86
SHA1fb28558f0c9e24b76a6e245cdfa77445f36f36fd
SHA2566ab6112d2c9d10be4d58e09d45ebe39d9dd12bcee5f1cfe8bfba5464b58f1b06
SHA5127bb078385b8d2698646e6c3ef87c80981cc46e11bc18f365dc7c207991f614e0641bd6c270ed966e783768339ac244c22115fbc1d1dcc27d88a8b7ca29ef61ac
-
Filesize
144KB
MD5d2fbb2687be8fd03d254c35ae84bed35
SHA1180c75e843d53400b303623ad7e3b045be394a65
SHA2564f4d8cbf82c2b8b9134dfa29b0c08e6f26fef95a8ef5631531677515e2716ac2
SHA512c9c79c56eac76bd37a851c8be12b73d2dec761ed7547a637d830c6eed14acfcc5ac6c28d8d2b284c6e50dec44d348088b47d5306ccec3a9cc625657553ee0bd4
-
Filesize
512B
MD5753fc9fe4c23276d159122a978e6d52b
SHA10621dee6ed969234d151a6bc2d5dc9dc6dcc58e1
SHA25640ab877861f23e977771c71eb1ee2d106d089e7dd56d6a5f59237d9196343953
SHA5125fdf756e0fd41ada6e3700bb6bcbca4ab1a887a824484acf43f2f61ba1c66fe69581aa9aa79003f7fb3bf4a6046e4c1183d34090a7848d0c6110f1934907adbc
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
414KB
MD567f6c7dd6db75695214bba6ba0a4c212
SHA1c05d6188465a94d69a8b8aafbc98003d4e1098fb
SHA256344040530b90e8cb4eba85708c3c3ee55368ca0120a87b82d39600d261fe0646
SHA5122c08c4c27c77d307e2ef6d3e4ca89d4dfc1eaa86034b7355c552e78341c27274c2e49941ad590d06459bdba5d6401de44d6de35a8a8040805c9f01fe0cb5f965
-
Filesize
8KB
MD598e53b0897803038457d94fc29fff80a
SHA1b15776be83016ac71c0f8486d946c238af277e59
SHA256ed67fe3c9b2e48bf58e4579090a8f436d5cd4351c709056ff947e76e43882f77
SHA512ae8f927ea210530393d603a9c9af2f022e920f31b57a42cd81bcfb447fc9af42382645cbd7fe6ee1003e8ffdaa394fe939a84a919faeeccde5c0f55e7d2ad9c4
-
Filesize
8KB
MD53c589667954acf01bd0dc4e8afc1e273
SHA1bac977270160530ad91a9fe85a29a1a71614b907
SHA25614baebe079c4bc9dc0cd752dc35b6aa0dc920083c77009d60edd493668a6853a
SHA51202baa583d18554b2f975ea539bb1f00015167c92fa015bfa179055b86f8fbd2d70bf05e06a7047ff1aa55ea4799b642bb0cabbf1ba5c4e73749153dadf484e97
-
Filesize
4KB
MD51e4861eccd3e015196bdaa76a62fde26
SHA1f790ca1e42b7cc30e600134d829d6b764ce39b6c
SHA2564c3b4d7e01411f45dfbaa8bed3317216e012033edb4bed3b9f9fa3e7b46d55f9
SHA512cf731b9c6aa9c6e4dfa91797b6c3e400cee179d413a79db903d8928894a71764630d7eae6323e2d4579aea4dad54b8e62f85179cfa82d8bd87559296d901ff0f
-
Filesize
8KB
MD54be3f74fc348c54febccb65d3330a62e
SHA19901eafbc923c0e5dff8912a666fa653f2469eaf
SHA2568b446d72960631568a8afa99c3e2d0f038614b72f2aa267ac767545871d2967e
SHA512719937cd33bd688d5443e063ecce9fe53efce71a60aa9a8e8045d9c2e442dbd7f3e6d87eeb7b1a19f424475768e2025cc2cdf8d0ec119c4314710db8861b0c39
-
Filesize
418KB
MD510014d5d30920d37bf760d264d07b3e1
SHA14c6178d5a1816c482794232a324d5a6eac242be0
SHA256139525f6e52cc8d60cbd52d34fdc63b49b84eda72eaa7bbb0627f05adb8783f7
SHA5123a9030f976b8fc57a4f83b1a4699c4136989cd08078913f46250440b6977d898bceb8f7544c36bc01cbc55d4aff0c8583640f49688c6b347e20a99d3bea35460
-
Filesize
2.6MB
MD5470586b3a055aed7c22156273f38f69f
SHA139866ece4bc4bcdf2613bd67851ee7ba22df85ab
SHA25665daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d
SHA51295ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD531e4dfa51c1f52d11f778d66f83a0489
SHA100c2747af2803e65dda67d40454fa189696dbfd5
SHA25687fe63b2f292438bc9c542fe85de11f4e129214289c2da487cc1f7edae781c04
SHA5121c12dc908c50bd4f69dc9cf1ab8ad56b04446f91b9bbea56b2aa6d5cf0240b4de8c27e0d9c7ad04a939378960d0792927db01e0fbe3736dbc234fd1493954584
-
Filesize
152B
MD5a0339a8605bdd2b814d5775a0c7dcb01
SHA1d0e08fbc2c07272cf9afa23c856714feaa3bddae
SHA25683339ba46704fc80f6e9789f52ce064a495e94a31181e9b93c96d03c9bef52c4
SHA5124889478685bb4d3aabe06737c8a8712e13c123169300e7b6446b440a9e339a90b549c100bc0a2dfacebdbcf6555dce22b7c1de78160eb31e28536e322d37ff23
-
Filesize
3KB
MD5df85219c9e5d951575b05878db1ff613
SHA1e3285d9e382b68409120c4cdd7e00893f21af709
SHA2569061fc3ae65b910574c42148a135f1e48c23f05c5546fe0a3e98cc694cc14772
SHA512fbc862ac0ed23850cc0816a59bb04d748d47285b523c7b5bda74002fa37760dc6b6f39245d0b75f4880f819d09f3acb996eea8d5816b3c9275daffd80fa83c2b
-
Filesize
64B
MD5500432c4a3321cae2ff26baf08e31ee7
SHA13de02a501c45aed79d89bfaa293278f87229d6d2
SHA256b6ca399972d87d91fa5e1855621cb7b84a8777eec72b14a70917110f41da5a36
SHA51201449760ba7883d8906d5c6b9c900cc3ff64bac40b0341830481434c87f0ebc43337ad14ab376b7d56b74b32e58fddbca8be1f77a00f3ff6b8275b0f7a575c4f
-
Filesize
72B
MD59ba4dc8024a77ee25ccae2d5fcd20f64
SHA1b6197a6a6ad3e3a0fe3ccf8eb99ff47b83e2d808
SHA2560a7615ae1e2c322ab283d347db52635e8d6ecb90845f6b10dcf6e1b5fa059ef7
SHA512b285f2c5b25a94ee276c5eac5e786a61a41e36924e27614c7ad33b3c159de4c8a1d1e09177dfdb811ee8a4fc3a8793b5b9c0f21b82dd6ca1e57e92e45dc6f6e5
-
Filesize
157B
MD57cd139a9e7fc226217a0c9a5fd9f9326
SHA12b35182fe1ec6b3f1f1bd1e3ce084e538a24be54
SHA2560742de744f995dfd86674e373f32cdd085b052a37e1e8f8a66f4a89e343fc325
SHA51230bcfbef7446b51a92c06e8942a10255a6b41c16f1d4734ba909326c4f5fd0dcca3178314d5af5d3fbb993af4152e8a3c84b0955e596ea5829c0d019d7428cad
-
Filesize
131B
MD53c2e8779943cb3f13a46bc969d72570e
SHA13bd8597ed1398be46add6443f7e3acc56533f5a4
SHA256fcdc81b02f042eb35e453360becd5d772f00f0713ab1cac56ee503325b367734
SHA512efc5562c9a0d0e94c6d20146394d32a06ba36d0fbe2d56a553bee0a8e6d6bb3fc77fbba024625bf15ae8cfe70733929d10eb61c48fdbbbba6f842b5b25397dde
-
Filesize
26KB
MD5db17ce79cd972e7320cfd7f8028c88de
SHA10a22f62408001a2a6748a45e84a064bef05508f3
SHA2560c11de0f696f07809fd6f5f81093a74c35944ae7e7a110c85d666b1a952fea23
SHA512a8e60fe9e03058a5e8686d31a7d65e86501e1085319bba1f2109f08b28b3d251c9d5f277f33b762a74419a3fcd8abaca66396d9c0f7febb0581ab64914f0e604
-
Filesize
6KB
MD557725f87be6779fcb9fd52e145e9eacc
SHA1916002611113a7d04652e22af9a2d9d6c2414d9b
SHA256088d056114811e15dbbdb9eef8e2c5467f1d42bca171c4e5b92bcd32a233cb47
SHA5125ec53ae90d3988e4031ef12a29d78561c56430ed7ae716d19be650ccd78443aa9e30f9cef42460585a594affc12b64ce0db8e984b6b5b83cae69da7d72378fb5
-
Filesize
220B
MD5c27e4c2023a0324ebe4855bf1f1ed15f
SHA1b813123a654f6420910eb4cfb1e072c69f66dc23
SHA256458e98680a250792c263f99eaf61ca8c9fc9d7090024a6e5a685f48af179264a
SHA512b7ea875023ae6a2db725cfc82e0bd7029875318a564fd7aaf1ae56a94d5f2fc5d393d6f573366f79b9114fd4d1b1c395769d47ff394f76d4c67ccebd7a2c01ff
-
Filesize
67B
MD5d8ad6773b632b7d8066ed57c6c482c6b
SHA1c07e66a0e8e58e190392896d7b178b7079741967
SHA25650eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae
SHA5124bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2
-
Filesize
1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
2.6MB
MD5850905bb253b202528d72a6724d68904
SHA1ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8
SHA256abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc
SHA512a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2