General
-
Target
d354a5eeb5bd1b07595fbf25152b5944c1a0e0b9d512aed1b1f630b5fb2383df
-
Size
20.3MB
-
Sample
240910-vtt41svemp
-
MD5
a65fb13891afc37f4ab92f652afa2879
-
SHA1
4a70763618bfe165f33bb4a36bb1032ffb97b3e3
-
SHA256
d354a5eeb5bd1b07595fbf25152b5944c1a0e0b9d512aed1b1f630b5fb2383df
-
SHA512
1eb3a85089148bf4c1a1e5609b4fa4d15029148ae37c94bbd8efeb6cf353183f4d415129e02f62bca3f73fde8205c81f3d49e4626b2a6b948e2e710240de0a7a
-
SSDEEP
393216:WCN9ihhlt+2pS9GNlme1pgfT8dv1qAqEc8bdN5XjuprKkpyK2nZpC:Wq9i7UClmeTgfT8dv1qAqErDawHnZpC
Behavioral task
behavioral1
Sample
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
andrmonitor
https://anmon.name/mch.html
Targets
-
-
Target
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
-
Size
20.5MB
-
MD5
f95cf2c20d492d6647885e8428d808cc
-
SHA1
3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa
-
SHA256
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c
-
SHA512
3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5
-
SSDEEP
393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ
-
Checks if the Android device is rooted.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1