Overview

overview

10

Static

static

10

am.apk

android-9-x86

10

am.apk

android-11-x64

10

Resubmissions

19-10-2024 09:10

241019-k5aveaxhqa 10

05-09-2024 16:10

240905-tmdm1sverd 10

05-09-2024 16:09

240905-tlxz9sthrj 10

01-09-2024 06:20

240901-g35p8ateln 10

01-09-2024 06:13

240901-gywlratcrk 10

01-09-2024 02:40

240901-c5v7cazckg 10

Analysis

  • max time kernel
    108s
  • max time network
    119s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    01-09-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    am.apk

  • Size

    20.5MB

  • MD5

    f95cf2c20d492d6647885e8428d808cc

  • SHA1

    3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa

  • SHA256

    7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c

  • SHA512

    3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5

  • SSDEEP

    393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ

Score
10/10
andrmonitorbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencespywarestealthtrojan

Malware Config

Signatures

  • AndrMonitor

    AndrMonitor is an Android stalkerware.

    trojaninfostealerspywareandrmonitor
  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
    evasion
  • Removes its main activity from the application launcher 1 TTPs 2 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 16 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
    collectioncredential_access
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • fka.ugsonrqogw
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests cell location
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4611

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/fka.ugsonrqogw/[email protected]
    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

    Download Submit

  • /data/user/0/fka.ugsonrqogw/[email protected]
    Filesize

    2.6MB

    MD5

    850905bb253b202528d72a6724d68904

    SHA1

    ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8

    SHA256

    abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc

    SHA512

    a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB
    Filesize

    124KB

    MD5

    f15335a640f24813c9b345c99da7e16d

    SHA1

    a0e7fdc85b3c1420bf342676be577f146f5dce49

    SHA256

    6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

    SHA512

    5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB
    Filesize

    96KB

    MD5

    3b6d9d95f1595f397c1a905acb218651

    SHA1

    2cdfbe8c5a7a34e30f0973d1c2b97e26afd9f7d9

    SHA256

    d911d977ddc9744077f0d31b83e725611c5823932ebde1715f8aaaf1f82e556e

    SHA512

    9305c71c3d5ec6e0d3203305e0d215cab952261fc516d90509bc575db481aa8c336ade0881028e958499ed8c35330488971ac3b1a9bcb86ae4a5b4e19d6460e4

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB
    Filesize

    96KB

    MD5

    0e3a54a58ee2fff57191990b2377f6ca

    SHA1

    34ed6df54d335d63eb0db788ce8fa3a11c606d5c

    SHA256

    705de9a8bb12d1e076290aad83166a24c48cf265415104239ed0dce53e7c9786

    SHA512

    6995916556578e339ee079c49664dcc39e0fb63bb4514b8be9cec85d3f1bde74471cfeb50a4c0c67d32f4bc4fc093e1574393029dd69a18134720b3b9b50bd3a

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB
    Filesize

    96KB

    MD5

    3881b3450798ab1ca67504b79d779336

    SHA1

    2d91d7a87be727c2708e7024519836784b900af5

    SHA256

    0234b5fe7d1378aad0106b19c34fe060525385953752a8969bedbb92524138d2

    SHA512

    dceb50fcd2c7a511fc7fd4b6f1cd079bd6433462ad7b28ada1ae535ab0f9f4d6ba69a7ae6136b6f390fe48322b50ca8c8aaa6d044f87fa11749c06302b15f1b1

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB
    Filesize

    96KB

    MD5

    359e9e5b1d0034090e20931864f621f1

    SHA1

    f4e1c56149c802d2fd47776f03c86c6824d53a67

    SHA256

    55603ab2fb09dec51ebe6288985f67941b6c43b225065dbff846fd6e32f1efa6

    SHA512

    6312df667b0724b5aae9cd93f62e77e1dbd0574744cc904fda6c5f0603fe933c22b7a04c4a543d1aa0ed36611a93f3c980e0c0ce216d04fe08b29686b23f1818

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB
    Filesize

    172KB

    MD5

    09e2dc1695f749989a8693fc9906e19c

    SHA1

    68cea42c1b076491182f8c11583fde9a21f52b17

    SHA256

    3b81b0e036993eca666e9963ac4419c5ed5e2e2b609a8c574928d17ea9f74d46

    SHA512

    8e5495ba12cd57a8632f954eb6ef97c85ad524ac2981ea1acf8b9e0648a46676b76182fa787e381846f5c0091fbd015ca07f3918bec454110118ef75e75f9ed7

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal
    Filesize

    512B

    MD5

    2573d0055b2243098173450d14ef7471

    SHA1

    f25e523eccf4cb14ab11a060d1bdb2d011832982

    SHA256

    34d40f1ac9c388f2ce741927588d475898e9f20ef4d4bc4b8aa7fe50f17b13ff

    SHA512

    fde9397a36cfdf30d8566dd831ff6a622830ebc6605b174aaebd7681d4c5cea9bb249a776ea6c70dd9dd781dc73407c6a3673efd26c777d913667fa514dd34d0

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal
    Filesize

    8KB

    MD5

    671e65fed338226b7df08fb55c805ea1

    SHA1

    1ed60b5ac501ca19ebe1ca952b1965c7d3d5cc01

    SHA256

    bfc0e8852f7fdd895bcf41b774562035611d61f6e439c67265338e102ce8e775

    SHA512

    09f475289295f0f46cbebf16455b73fb1ccb9948e182ba9ca82f09dd1abef2d7f068b829f6f53a61e0f11ae1491fba1a65cd352a1ffe705e11be1152fe7ab873

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal
    Filesize

    4KB

    MD5

    7e31283676ebbab9444ba29883d2145e

    SHA1

    40ab10d8c51f535d79fa094c848bf9cce5e3b49a

    SHA256

    e4718e9f5054a6ade55a57ee6ea810067d0c9b2efb9ba8a640729c81f8b530fb

    SHA512

    7600ccb0c5fee9fe13e185300c6a701ab8cefa22d9beb4b7347709aacbd9f69e7472005e61b6f10c111e33ccb461d6b6da47743b1f56614e76e594660684ca03

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal
    Filesize

    8KB

    MD5

    275551f85e05fe6f202a29372aeaa1ec

    SHA1

    bec09f495cf618a354e93ee699d9dfa9e0b796af

    SHA256

    66d687f944eccc7d47f2712098035f5541a8b0730833898fe44085dac6ac9936

    SHA512

    6d6fa626fcaa842cb4d946662459320f572c60457509187c70f0114cccd81be553c26b537a7eaa5ed66873b287415484223a02794f14b069b6a9e1854640e0ae

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal
    Filesize

    12KB

    MD5

    4655f96cc6fa80ca6424963f3a1225e3

    SHA1

    3cf3b1108466f8e24de52652d54f5c4c39e9c20a

    SHA256

    53d86850ccc4e60127f4a3b2da073afc6e4c7462aef2999a7fce663eadd5cbd1

    SHA512

    e02991cda4a079c0e9ec4d698b5004958d928c65c344b930ef125eabe4584c4082ee77055b76f9300f1caeabecd9da722599bc164ca417c3d05de1f84b126515

    Download Submit

  • /data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal
    Filesize

    24KB

    MD5

    1c68c56b89c88bc3a82eb7537bf5e8b1

    SHA1

    d3bcf7f90e65a0bf5c0d7e666eef0aeb16b0c2b1

    SHA256

    9644fce6d8212b7ef71a89ec82b855412b2a8076190ee6e1b0dac67329cab0ea

    SHA512

    f509cc6f2ec551e88424d6dab207fe6e30eb5aedb5a19e4f3c50173de89a1e113f475df15d01167b4ecd5e73075bbe7a7d7c502af90e592c7debcaa6abaa14b4

    Download Submit

  • /storage/emulated/0/.am/dm/md/main.md
    Filesize

    2.6MB

    MD5

    470586b3a055aed7c22156273f38f69f

    SHA1

    39866ece4bc4bcdf2613bd67851ee7ba22df85ab

    SHA256

    65daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d

    SHA512

    95ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540

    Download Submit

  • /storage/emulated/0/.am/dm/md/main_tools.md
    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    173B

    MD5

    afe6dc28ef4b3021f7d08498feb387cf

    SHA1

    fcd4463526134045b12135e3bf810d465e02527d

    SHA256

    7074ef821933100a137e2937130d01d7ec9bb9f02647e0b793e01b6308b2b8c2

    SHA512

    d3c2a588bab725a55d322b62849472da584974a6d3a0db65291f455cecbde4fc9f7510f388fa7df4f7a29ebb339f2526868bfa32775dcbf07001ef4900fcc901

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    152B

    MD5

    5495f001a86562c5ea7b9216a7a40af7

    SHA1

    0b5699f9d1d4abc5a4461f1374252333dd423877

    SHA256

    30037dfbdea6c486dfe62d0db57d71f145b120c00bf34bdfe7279af912d98609

    SHA512

    3b79ee467a645149db2bbae53df5f6496f42cb720a238b84b2ee0c96d05cb402919159055299afcfcb622a2809a9716c1da787ed7e7b1ff321fe450be2b65850

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    4KB

    MD5

    3a4fe7a37a5caaaa4c8a141fc3941716

    SHA1

    9725c41b6742e7467cc408b6d7b3c0aa6733f64a

    SHA256

    9594d8d008770073eb705ba2aada02d9bb1347e43e069a832d81bbaeae4a0031

    SHA512

    673be0da6207743989b9e3b0b533d4f477a8ecec779c8b9c552fc65400f95ab38fe7aa3c36ca47ee3fe7218c69cb4834b6281d64a63be5f40795c2e92b888401

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    64B

    MD5

    c989eaec1fc8ce205fee43df459d9e7a

    SHA1

    5cc6a3ccb9432420720722899d045579b87609cf

    SHA256

    30f3511773b8584c99eb911dff903878422b7060f2d200615d35aadcab182068

    SHA512

    f070b20a147e74cbfb1c6254b5b4ddb7fb3989ffe3f57900862628ef810a4e56ad256435ffcb496404bb59e6f3cf0abc0ac59bb7062a17f98e2dc247c9e32fdf

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    72B

    MD5

    fc647735cdb28a8d55901a4d72cd87b0

    SHA1

    d2f155c40b8941073bd0d5ebcaf730bf9817a68a

    SHA256

    32c678ffe88b4bdfc4ed04b8f466d141840b29428a5d2cc2f36f094965b4bfc3

    SHA512

    62a0aa1c1cb1c90a988d7f1d15a5a60c104cacad511da73a9582e495ba43be1a458586102169c52e594485fca16cd0f8c73309d8825ebc691d3e762dfb907551

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    187B

    MD5

    c014586d639326cabc006556902de236

    SHA1

    0e68acd0afd5ea829b4c66d04cf35be172e2ff1c

    SHA256

    21386dccdbf97194b71eba0d959a2fa3c7420150e0488a995382e600560323d3

    SHA512

    8eaa95e04bbed4698351a68b4d1ef53ed5150051fe250978101b24c0790754fb138d988677919661648402ae746fb1fe672a0b81024c9a1861038a12ed477520

    Download Submit

  • /storage/emulated/0/.am/log.txt
    Filesize

    131B

    MD5

    67a2d2b1eb21ca86a9c6cf16a692edc2

    SHA1

    cbfd8c37c32a359d219773d778a289988422cd0d

    SHA256

    58e45cf43c7cb0414bbc4fa5c1bf8ab42f9e88d70ceb9d4cfccf49316e1b38c8

    SHA512

    29c002caf4c1da0391b02ef2bcdaf0908ba824bd2d1f05b59bec394605ccd3408e5129158dd11c4e9e228219d66f8fc2effcbfdd0053e086d705e71fc44b4714

    Download Submit

  • /storage/emulated/0/.am/log_.txt
    Filesize

    26KB

    MD5

    165d77a74e0e40dcca940694ca8f31f6

    SHA1

    dd5ac14e7803f9ce9bfe66c396c4bd232e1bc0ee

    SHA256

    e2f3d0ec90946feeffe2b58aad96446b3cd8df9d5e0b18c780d04e1628d006c0

    SHA512

    4d3699ba2345444cfc2ab73e6b252d4eb6de0db5bb3f3e2138f77f40bf53fed29b467d9520a66c772940ca96d04838c712f08b897d0b94f70e2a86829279293c

    Download Submit

  • /storage/emulated/0/.am/log_.txt.zip
    Filesize

    6KB

    MD5

    6a211032a40a9ea5c9f340377fcc2c5b

    SHA1

    3a68629220b280c7379bc9f6e6a5dd3f2de12c0b

    SHA256

    a6e5182633d2f83951d90d55a02b0658278944820ae19b43ce9ea9d7fb4c8c2a

    SHA512

    1c42c710e8541556b64ca8954f9c3bcf8e58e958bf32cb12104c2e3c22f00ba39ba1b38d0fe1066b9aee446e82ff479c1e0257908849146b58d1f6690e745f57

    Download Submit

  • /storage/emulated/0/.am/log_1725171678789.txt.zip
    Filesize

    220B

    MD5

    4cb53e54263632517892a3b26fff0586

    SHA1

    8692c0324fedf690ae29a5f8daee6356c86aed7a

    SHA256

    d530197d0cc1b2ee5dac78cfc863a9b5cd88fd22d91fb4ef128439d10b792eb8

    SHA512

    bde15ec3b26cc9afcf3df197e89f67addb6fdde777d59596787ea28112f81d3bb2007841289cac7dae1b3dea20be93a79d29ff149cb1647334fe1e0e150cb938

    Download Submit

  • /storage/emulated/0/.am/prog_class.name
    Filesize

    67B

    MD5

    d8ad6773b632b7d8066ed57c6c482c6b

    SHA1

    c07e66a0e8e58e190392896d7b178b7079741967

    SHA256

    50eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae

    SHA512

    4bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2

    Download Submit