General

  • Target

    test.zip

  • Size

    20.3MB

  • MD5

    8c58368eb0306a6655ee46636e9e3c08

  • SHA1

    da2146e0ad68ce6eebbebbcf2991f06d180d337f

  • SHA256

    2498866cf3e2af04e1fdbd2892326a8a1577cd5bbb10a9a5002adf33f7c01d83

  • SHA512

    d4a9d43480643284e6988698b1b78cf335ac0d91246e514ec91e47ed56f64d1f052c11bcdb1c932e03ab323a2f76f69357414416d009b3ef3a2fe8adc20f11f6

  • SSDEEP

    393216:cH9jhK87Nhnqgqn+pg603ZlulBNkcyaLN9CqwtvP9pGqskCirBqpz:43KqanKg6qbGYasP9p/skCirM

Score
10/10

Malware Config

Extracted

Family

andrmonitor

C2

https://anmon.name/mch.html

Signatures

  • Andrmonitor family
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 2 IoCs
  • Requests dangerous framework permissions 26 IoCs

Files

  • test.zip
    .zip

    Password: infected

  • am.apk
    .apk android arch:arm64 arch:arm arch:mips arch:mips64 arch:x86 arch:x64

    Password: infected

    fka.ugsonrqogw

    .kwgldGT73YR3