General

  • Target

    d354a5eeb5bd1b07595fbf25152b5944c1a0e0b9d512aed1b1f630b5fb2383df

  • Size

    20.3MB

  • MD5

    a65fb13891afc37f4ab92f652afa2879

  • SHA1

    4a70763618bfe165f33bb4a36bb1032ffb97b3e3

  • SHA256

    d354a5eeb5bd1b07595fbf25152b5944c1a0e0b9d512aed1b1f630b5fb2383df

  • SHA512

    1eb3a85089148bf4c1a1e5609b4fa4d15029148ae37c94bbd8efeb6cf353183f4d415129e02f62bca3f73fde8205c81f3d49e4626b2a6b948e2e710240de0a7a

  • SSDEEP

    393216:WCN9ihhlt+2pS9GNlme1pgfT8dv1qAqEc8bdN5XjuprKkpyK2nZpC:Wq9i7UClmeTgfT8dv1qAqErDawHnZpC

Score
10/10

Malware Config

Extracted

Family

andrmonitor

C2

https://anmon.name/mch.html

Signatures

  • Andrmonitor family
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 2 IoCs
  • Requests dangerous framework permissions 26 IoCs

Files

  • d354a5eeb5bd1b07595fbf25152b5944c1a0e0b9d512aed1b1f630b5fb2383df
    .zip

    Password: infected

  • 7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
    .apk android arch:arm64 arch:arm arch:mips arch:mips64 arch:x86 arch:x64

    fka.ugsonrqogw

    .kwgldGT73YR3