andrmonitor | d354a5eeb5bd1b07595fbf25152b5944c1a0e0b9d512aed1b1f630b5fb2383df

Analysis

max time kernel
140s
max time network
152s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10/09/2024, 17:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
Size

20.5MB
MD5

f95cf2c20d492d6647885e8428d808cc
SHA1

3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa
SHA256

7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c
SHA512

3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5
SSDEEP

393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ

Score

10^/10

andrmonitor banker collection discovery evasion execution infostealer persistence spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	fka.ugsonrqogw
/sbin/su	fka.ugsonrqogw
/system/bin/su	fka.ugsonrqogw

Removes its main activity from the application launcher 1 TTPs 2 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4623	fka.ugsonrqogw
4623	fka.ugsonrqogw

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/fka.ugsonrqogw/Anonymous-DexFile@3685652454.jar	4623	fka.ugsonrqogw
/data/user/0/fka.ugsonrqogw/Anonymous-DexFile@2791401983.jar	4623	fka.ugsonrqogw

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	fka.ugsonrqogw

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	fka.ugsonrqogw

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 11 IoCs

flow	ioc
45	anmon.name
46	anmon.name
47	anmon.name
24	prog-money.com
27	anmon.name
28	anmon.name
32	prog-money.com
42	prog-money.com
43	andmon.name
44	anmon.name
49	anmon.name

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	fka.ugsonrqogw

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fka.ugsonrqogw

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	fka.ugsonrqogw

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	fka.ugsonrqogw

fka.ugsonrqogw
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Schedules tasks to execute at a specified time
PID:4623

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.46
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

prog-money.com

Remote address:

1.1.1.1:53

Request

prog-money.com

IN A
DNS

prog-money.com

Remote address:

1.1.1.1:53

Request

prog-money.com

IN A
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A
DNS

prog-money.com

Remote address:

1.1.1.1:53

Request

prog-money.com

IN A

Response

prog-money.com

IN A

157.90.2.159
DNS

prog-money.com

Remote address:

1.1.1.1:53

Request

prog-money.com

IN A
GET

https://prog-money.com/file-log.html

Remote address:

157.90.2.159:443

Request

GET /file-log.html HTTP/1.1
User-Agent: AM/20240811
Connection: Keep-Alive
Content-length: 0
Content-Type: application/json; charset=utf8
Accept-Encoding: gzip
Host: prog-money.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 10 Sep 2024 17:18:38 GMT
Content-Type: text/html
Content-Length: 26
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 15:04:36 GMT
Accept-Ranges: bytes
GET

https://prog-money.com/am.html

Remote address:

157.90.2.159:443

Request

GET /am.html HTTP/1.1
User-Agent: AM/20240811
Connection: Keep-Alive
Content-length: 0
Content-Type: application/json; charset=utf8
Accept-Encoding: gzip
Host: prog-money.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 10 Sep 2024 17:18:38 GMT
Content-Type: text/html
Content-Length: 17
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 15:04:36 GMT
Accept-Ranges: bytes
DNS

andmon.name

Remote address:

1.1.1.1:53

Request

andmon.name

IN A
DNS

andmon.name

Remote address:

1.1.1.1:53

Request

andmon.name

IN A
DNS

anmon.name

Remote address:

1.1.1.1:53

Request

anmon.name

IN A

Response

anmon.name

IN A

142.132.131.208
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240811
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1355
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Tue, 10 Sep 2024 17:18:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240811
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1274
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Tue, 10 Sep 2024 17:19:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240811
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1274
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Tue, 10 Sep 2024 17:19:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
POST

https://anmon.name/common/get-settings.php

Remote address:

142.132.131.208:443

Request

POST /common/get-settings.php HTTP/1.1
User-Agent: AM/20240811
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1274
Host: anmon.name
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Tue, 10 Sep 2024 17:20:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html

142.250.187.238:443

tls, https

1.4kB
40 B
2
1
142.250.187.238:443

tls, https

2.8kB
40 B
4
1
142.250.187.238:443

android.apis.google.com

tls

999 B
4.5kB
8
7
142.250.200.46:443

android.apis.google.com

tls

6.6kB
7.8kB
21
19
142.250.200.36:443

tls, https

942 B
40 B
3
1
142.250.200.36:443

www.google.com

tls

19.3kB
10.6kB
35
33
157.90.2.159:443

https://prog-money.com/am.html

tls, http

1.8kB
4.9kB
14
12

HTTP Request

GET https://prog-money.com/file-log.html

HTTP Response

200

HTTP Request

GET https://prog-money.com/am.html

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

3.0kB
4.9kB
16
16

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.5kB
12
11

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.8kB
1.6kB
13
12

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200
142.132.131.208:443

https://anmon.name/common/get-settings.php

tls, http

2.7kB
1.4kB
10
9

HTTP Request

POST https://anmon.name/common/get-settings.php

HTTP Response

200

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.200.46
1.1.1.1:53

ssl.google-analytics.com

dns

140 B
2

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com
1.1.1.1:53

prog-money.com

dns

120 B
2

DNS Request

prog-money.com

DNS Request

prog-money.com
1.1.1.1:53

anmon.name

dns

112 B
2

DNS Request

anmon.name

DNS Request

anmon.name
1.1.1.1:53

anmon.name

dns

112 B
2

DNS Request

anmon.name

DNS Request

anmon.name
1.1.1.1:53

prog-money.com

dns

120 B
76 B
2
1

DNS Request

prog-money.com

DNS Request

prog-money.com

DNS Response

157.90.2.159
1.1.1.1:53

andmon.name

dns

114 B
2

DNS Request

andmon.name

DNS Request

andmon.name
1.1.1.1:53

anmon.name

dns

56 B
72 B
1
1

DNS Request

anmon.name

DNS Response

142.132.131.208
1.1.1.1:53

ssl.google-analytics.com

dns

140 B
2

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fka.ugsonrqogw/Anonymous-DexFile@2791401983.jar

Filesize
1.2MB

MD5
336921950a9f279733cd787f1203d73d

SHA1
cefc36a7c17909054cf2a507b34f545af96c0e36

SHA256
c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

SHA512
6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

Download Submit
/data/user/0/fka.ugsonrqogw/Anonymous-DexFile@3685652454.jar

Filesize
2.6MB

MD5
850905bb253b202528d72a6724d68904

SHA1
ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8

SHA256
abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc

SHA512
a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB

Filesize
124KB

MD5
f15335a640f24813c9b345c99da7e16d

SHA1
a0e7fdc85b3c1420bf342676be577f146f5dce49

SHA256
6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

SHA512
5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB

Filesize
96KB

MD5
eefc6b6cbf150f1555691908d1e30d5a

SHA1
abc942de0b483facc1444a9e7ae2dfd7fc0170c4

SHA256
ce2a44e9765557de8a0e5f28181692108bf774313203816dbbb2f04c98d07cd0

SHA512
e9b4963f0a41281a4bbd39d86542e96d4c0271b8bd28f3695c45077f12e6c1c6e581a6d44b2b42a0774659b9f42fcbd7a12f179c6e794a8955865ffc708ba08d

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB

Filesize
96KB

MD5
d07cb598f35c0e5f2d9e2af7674e3a2e

SHA1
a6bf26b614903cd6108b6721747af10fe2cca323

SHA256
615ba9a831a6b950363d88b25fcad444ced33c0b6477aea907021d1b16cef0e5

SHA512
1dfd49f51b258b2eab9cdcf82a5a4a6c0deeaf049747a4fe7d1a52f9cb478b3177fd7e5b3d83a280dd916bb1a2b103053812e2fbfe89868ef72abe811cefe01d

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB

Filesize
96KB

MD5
bfc6b386423d2151825293d9adb59fd3

SHA1
81cee19493d002799c242ce825cf6b14af67b0d3

SHA256
04f3c37417018f033ff70945678dd1533dfd7d1662eaebb30c4fb653be00c1fa

SHA512
afa6c4e646262bbcd9897f24814f924aa1c587cda49c11d6de284a127646ba5747711a970a984d51114210b21dc697dfaa9a09407e2d347ac5ca5322d7e02800

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB

Filesize
96KB

MD5
b25a443c40e618805abe113d6f0cd3ac

SHA1
d7fdca3a01e12a70eb31eea3633e729eb2d8c8fa

SHA256
f59728c1ba4ad57137ce306fddf812448cd7fd6ac06925707b0a99b92662a7a8

SHA512
6d2b8afa3fd9e9516ff13653112c62abc7efaed3527f1f1934ed27428f08dd71929a8dafff4f783aaf9d9ee189b01fcb18df0daabc97e5f2c137385c7b83aba4

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB

Filesize
172KB

MD5
6212e50545d2e0f9b7965d6d32decf5f

SHA1
83a963883aa641250f7c7f74d02e3001c154eeb2

SHA256
d6f4cd8e7a714019528ad5c5d06b1e7404fd4a072dd7c9fa5e63d9d7461d9bd0

SHA512
62a6845c8e343fcd4cd1bb77a83e1b1a4bf812eea325feef12207cad8074ea1d1630291e7229f3d5e7633be09c6089a457a006499d6b440841ce109fadf6c7f8

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal

Filesize
512B

MD5
bcfd83a073945dfb9364ef0d6dc3e50c

SHA1
9d8f1f14150c09fd3e58f521b118b1936a6f28f5

SHA256
31ba4d91c017cca7c3e7500c0477e9b72345f43b7907fd7200139f1a81fa43f9

SHA512
534ef8f70f4236ab292037b2a8229ea40f97c302d464e299909cb25077321ea8f4cb4987233b9e4d302e05d0ff7d19b774a173c54823b39a7a15d4e6b5408c7a

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal

Filesize
8KB

MD5
bf190cef6b477bae06ed0d2fff2ebe7a

SHA1
58c2486a64aa7e2124bf6053ce8c0e5eee5ab5bd

SHA256
79c0783d6287a6da0fef2c4546751bf69eb4850ebce8dc6a87ed3cebd128f6f5

SHA512
0ad11c28431f63418b450e657f0fb65c739cb1ed9a9aab6a1131046c27c99787e8db12843790108a0a6b874a9867eb8a7943e76e946f1cc84372035df271e507

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal

Filesize
4KB

MD5
9f93dac57d85d1be2a9c0cd6cf8801fd

SHA1
02e23f72980cf827de7676411887768b02b84fc5

SHA256
53be5d712427fc73b25f0a06d66c6c47bcb4831432905d830599b90fda524bfd

SHA512
8918265682d659513306f91253f7c02f8e141c0cc88deb6882af42cd0fae46fe7ec350f77e8200afe3ce1c7c9a34370e72207b669d1f016c9226cb296b2e59b8

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal

Filesize
8KB

MD5
28c8e7fd22a8a4b93087586437282322

SHA1
9ed07f0326499a8bcebd6d4e0f4ed69a5440f8f6

SHA256
3796a26ccf6ba85f1d3484a2589354ee0abd435ba8202b86474fcb83fee1725a

SHA512
ddbd534d6721da16da97c30bc60b037e22a9a5563aceeb2f561213b024e8cd4827d94d1bf04c95ab22da65d6d54f3e43cd2a6024da732363e786f4d359027c54

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal

Filesize
12KB

MD5
6273cf654b00f36870e65dc25f43d2dd

SHA1
bafccf50cf444379a83575d0675b6cffc380d806

SHA256
69854a4340dca87262502c36ab920ef60c39270329c6103b45da0a7ca77d24c5

SHA512
ebbab05fe6bfd2f714bd970d4d01deaf851b6a35d146ed59606f791329651862d62296cde38d5f91a7200ee4e21c6d4de9d39bb9ef8e93e2e6754aa9734678d0

Download Submit
/data/user/0/fka.ugsonrqogw/databases/SettingsDB-journal

Filesize
24KB

MD5
6a98349189c1398224e91b10749d9a9e

SHA1
e5ecd7faa47c20ed05511024e109ba1c4d387158

SHA256
9e6e905795124bdf6553be0eb13d569a76a3100045668465a6972d7411d57bbb

SHA512
820541b282b5369e6d9104677263eb1cb6211cf414c2479a9816cebbf845aa9ed19121f485350254ff35ef3e97d69eaf891a68b3183d936ed39a1282e84214c6

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
2.6MB

MD5
470586b3a055aed7c22156273f38f69f

SHA1
39866ece4bc4bcdf2613bd67851ee7ba22df85ab

SHA256
65daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d

SHA512
95ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.2MB

MD5
51112e0a7f7962a8e02bc885025414ef

SHA1
40622959af4fe349d8881c885b9b30441de8804c

SHA256
2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

SHA512
f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
173B

MD5
51c362d31ce40dc5259c58e1a307c70d

SHA1
b108800ceb59a3c9347bce30cf2c98cb9903fbc0

SHA256
028cff02441b813cb66b14e03e5d3e212cb166f5176df95c6745fbd1740c8bf0

SHA512
1e5182e15c5c96b2b76db13f0ba98aa396704c9d6ef6df078dbf5d93e61c30bfffe1f77273588c143a4185972d62db8d8756dc2a1fbee952fe910350b79b8097

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
152B

MD5
bcb9cf68543bfc90bfe13698d306e3a3

SHA1
09dec42e6b1a470815c88c6aec5e6e9c31eccff1

SHA256
dce1238d1a3d900018764ee3030a9450e2cae0b9fc6cadfb31bdb722d894635f

SHA512
bad9cddfed3bcf14bb723c13013eac7e1e703cbd9e518869ea83919edc9639e6375c4a3dd1e42570bc4d996c71386d196fbc0f8a4a868f588cc1bc1445825cff

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
4KB

MD5
c582ac881a5411e6b4ce736d310a723f

SHA1
c6b0a5c05e594a2ac90de23f72dbf7f28456a26a

SHA256
0007647f7a07d84a5f5834655fbad747992c3f168968f5a44e5d91c3602b8ad1

SHA512
6be0ca19d0bd3f628862b81e7df5b6738879f2e2214264d244bdf416d2218e642191231cd97c61682195979af2966dc32cb474c8f645922ad34512d4136127e6

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
64B

MD5
392d85ff725d8b3c16877e52ef166bd2

SHA1
bdd0327bd8b919205c2f03c84ad0d1ef199eb6b2

SHA256
17eb021d304fb49352a3262da684bf48699d48c2b07148e6215015add2d1a6ff

SHA512
c4ebaa076b1acdfb3b5d41af1a9364ad94b9f58aa2d743afd8b9e0ab7d285df31a82fd3cad09ecd8196e3d36061c55778dab60c4459974a194ba64679e3a342d

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
72B

MD5
9791afa504a67e04be56ea0a2514f80c

SHA1
683624902e61576c3e580f0b964269823f47294d

SHA256
a7abad4cf99df3569c9167799503d1cb42b07a708bc368c9428dc85de1af9d7c

SHA512
3a02bce4e2ef3dddb394a27faf98e5ae7b3f9db6648c22d7e80737ef51d14aa7e3a81a99b4b285f490c50877b5ab017a56a28d67cf7f44dbb946cbef2723ad66

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
187B

MD5
ebfd8aa6a8e8390f07ae44646ef09fe5

SHA1
010bb46666ff9bc0125e3e0fb7d40b85ec25ad00

SHA256
6443af0690e09617f59a3896fd8253a656b1a0c7cfcbcf99cfe4f7b99cc55b77

SHA512
06a3ad1e7f59d6146c61d7212c7c193321f26ff5f53665516744c5eff4904d292fe6870d21db1d09e1c23c07bb2b716240e8f7cbefb0003377d4640c12e18f3a

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
131B

MD5
cd3ae25cd3384c8a2bc00020f7f38c03

SHA1
ee6fe372b0a2034857e54e1f153d35eccadfdc99

SHA256
2185cfd289763c11e2c3f0b5cbdbb283b81c6aabc191a72fb94b4e5c9216969a

SHA512
0b9da061090cf8dd80de6fca08c18fdcdd2063645a370dca7125202d63d0c0f3c9c745dceb22949d04b6710686311d6be60c399fb92e26fe1352d738426f93a9

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
28KB

MD5
b7a45a662e037ca603885ea64c08e031

SHA1
11881336570d49b0ae063a4987efbaf6ce8fbd8a

SHA256
3c5ed9b22ad69356cdbf16a72dd34ac37569568007efea694d2d41e01e3f72f2

SHA512
ae080be21c4bb5c955a169ea7e93b7c5449a049f3f5ba4e89a38c5b5ff31257fef44097f8ad5c27a1e2237928726347a534d1ae351b6fafe870169c9045c1d82

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
b659eff74b9b08764af6d80ad1bcaca6

SHA1
93be9d8098b67573db317d7a0a5b237073148b57

SHA256
8a0f847ae91f3520510c8a01b024f9abee25057797ba8060442827bf5e78f48c

SHA512
ea5f2056017ac64351cfe6c736cce636914489179388df022ec75a08f36c4e2c5bad21af0562912a96cd5388f13cd9b9a499fcd97a517adb590a6bee50710640

Download Submit
/storage/emulated/0/.am/log_1725988669663.txt.zip

Filesize
219B

MD5
753313db2601b9bf367f886c9af867ad

SHA1
ad7fd893c354eb54c90ade1503f140f4a008a828

SHA256
7a1727c3d1e2130260cc955311bbdbd3e9f476bd4eb932f4f520b57097bc28af

SHA512
42b05154731d89b24a9f528b2689952a71e01e7a96b90f8bf93df227c627e6df6988950f60ae35f6477ff79c9fd1ea8c7034fdc2d473908e296cfa88787c3ca3

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
67B

MD5
d8ad6773b632b7d8066ed57c6c482c6b

SHA1
c07e66a0e8e58e190392896d7b178b7079741967

SHA256
50eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae

SHA512
4bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.