Analysis
-
max time kernel
144s -
max time network
156s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
30-09-2024 12:11
Behavioral task
behavioral1
Sample
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk
-
Size
20.5MB
-
MD5
f95cf2c20d492d6647885e8428d808cc
-
SHA1
3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa
-
SHA256
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c
-
SHA512
3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5
-
SSDEEP
393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /sbin/su fka.ugsonrqogw /system/bin/su fka.ugsonrqogw /system/app/Superuser.apk fka.ugsonrqogw -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/fka.ugsonrqogw/[email protected] 4372 fka.ugsonrqogw /data/user/0/fka.ugsonrqogw/[email protected] 4372 fka.ugsonrqogw -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser fka.ugsonrqogw -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 5 IoCs
flow ioc 31 anmon.name 32 anmon.name 40 andmon.name 29 prog-money.com 30 prog-money.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground fka.ugsonrqogw -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo fka.ugsonrqogw -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule fka.ugsonrqogw
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/fka.ugsonrqogw/[email protected]
Filesize1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
/data/user/0/fka.ugsonrqogw/[email protected]
Filesize2.6MB
MD5850905bb253b202528d72a6724d68904
SHA1ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8
SHA256abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc
SHA512a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2
-
Filesize
124KB
MD5011cd6a11afb071cc79ef5019e0548e2
SHA106456658c8ad8e29492347ea80b83b0cd1dd20f0
SHA2569b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97
SHA512ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30
-
Filesize
96KB
MD59426d45b94f219191ffd9b29a7213c44
SHA13751c3973df1de138c661e4d48f8315c5c991222
SHA2560193861c7feb8480b1ef3d9e876b7fde1317ba04bc6be3b4526518e4e6fa7e82
SHA51253ff08ae790fe3d84713970266876fa891ca60e0139e4bdd4422d756930cdb8d381d96a6dfef133a61c615a76245f033a5f32634ecb22f60c15761eb0222640e
-
Filesize
96KB
MD5650a3fe77dbb102e4e5356406985a540
SHA1ae240a89c865148a6dc02763fdea5b6109a940cd
SHA25612c3db965880b662312f812d3ba87fd8b6fd3f8720d3138439a40b9f82c1d3c8
SHA5125f2f544cf469f76f76f38d7f22d330953be1699ecfab07a5ae72381cc3954b48964d0a10c7be17118c4c0f127dd92a8c18d8bc7f5b3081a96c5baccb2e1ff87c
-
Filesize
96KB
MD5bbfb48c6e58be25225de3b63ae774fa5
SHA1046ecafccacd06803ccff3aa11a6f9f70e1530d3
SHA2560d216ec5621da711d5e03b2c2b796001703c4ca5605c5080a6f546366f57fdbf
SHA512343143e12f99e9ffdad81a38f0e9edf56ef487eda7b237742bd8368ff60ddfdea27e847efa5acd3347da85b4eec4c90439bee3e9845b74e183ba9553331ac514
-
Filesize
96KB
MD576cec304ed0e5dd0125622ea5d655941
SHA1ede8d75f0bafe8f52b814ba8f5140675c1a43bc3
SHA2565271be7fb93abed6b1c46e60e42308097b76523c53d270bcc2d32b6762aec22d
SHA512e0a7c29b2127813e69d298a76f1d02a0a787ede47f6ef147be319caeea1960bb529632d4c7737a2978b4dbd0d66a15e7831dc90f433a19075c61b376bc8800bf
-
Filesize
96KB
MD5a78d4abcab1d62666ca60a2e04569c1c
SHA1e687ba6aea1032ba20082fe2071392ecb314aa11
SHA2568cf80b1825029feb0b4848ce68bf7ffe91a226cd85f93896ac751c012616d1ee
SHA512c78e75f3b8981843c15f2b86e97abf13b1cc1a39e5dcfc804f9c4d4e4d20724b53a26d9d97b284e4e99d671911ee98dff409c0a5a0b4626e9b5d29f2c55d1e81
-
Filesize
512B
MD57974217a538adb916aae6c633b8b367a
SHA1f81f1542236dcdda41b06ee7bf16f9da5090231d
SHA2563caa841319290d5cab69b2af0d50f022f5d8cc3ec6bdadbf557afd69d049411b
SHA51220c4fc9d36a157c2e07d54d965371a765a097d24d96aa7231ab621b35d3669d82d0278da69b9990511a9aac9904532e2d67be794ec458bd8e0fa870ce45b6a19
-
Filesize
8KB
MD5173c552979d3807bd3c7c155feb304dc
SHA19193be34b41fbe7995398fde31acc5a249dc3de9
SHA256d81b730fc5c9d5456073cce48341e05c95e9cf1d372667ec08db1fcc4d9504d3
SHA512095e440a713de1616c974e90c4d2423011fe5b683fd16206384959c2a2c48f118ef353e020ef1fda480d8c11569efb181fae3246607d6b94e2711fa4bb1be474
-
Filesize
4KB
MD5b2723c5873fe4165d3b9b30704c77a43
SHA155d510175ed8a6e6c0438f4152f553df43ef2600
SHA256e05e82b6031b12714c881b1326034263b74202e129d5a4bee7ee184da99cf2b0
SHA5126d479b9115abce3eb29fe9930c4fcbead4ee33d9d843d6d6121bfb4b6df81cb8efcff03d68bc2390a871c00cc75f9543bc2aa992c2479421359577f604f72ff8
-
Filesize
8KB
MD5dded66882c6044e7e90b34c08ca4c623
SHA12574009f4365905ea3924c8a29071601648772eb
SHA256d156cd0fa5cef271832ca6ba4719aac1382d7dcbb8a53840671e390b187e0464
SHA512bf4e0d221d5f39bb5d78c5ce0e85bcfcb266f771000a7ab86430da5dcb45b72b05045db3bce990335171b107ded8315867e7d44878345659d522a530846b9385
-
Filesize
12KB
MD509efd11365695a690114b8996b51ebb7
SHA148ee898f0d3aa36bf91fdd69e94f5e683f5473c8
SHA25696031f273206495795d07b4dc5bc93465186233fdefd29cadb4a3b3f7b1939f6
SHA51215ee6f3c3ca1443ad5098a7458622f3cc267314fe9c4ac549c374a0392be11c4b6f24b737ab4e46d2af32ca86dde65e6f7325a1db57a1cfbd3e83e92d2f35eca
-
Filesize
20KB
MD5efdbf1f13f18a21f67a128eccbcb0f5b
SHA1484be96ae0d408ec76f53730e9ffb9248ba3f231
SHA25657d81248758b845995a4db838ee0a13e761e7824011d6137223c84b442b7dcbb
SHA512478e7cb136856619cdb40712767a7c64943882777b64091f391338e71bf16962c0322db34303bcda6060f0c6c0cdb5599abba15e630052021ed8157a84344757
-
Filesize
2.6MB
MD5470586b3a055aed7c22156273f38f69f
SHA139866ece4bc4bcdf2613bd67851ee7ba22df85ab
SHA25665daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d
SHA51295ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD585a2a0df7b854e1477c6c3d6fdae5152
SHA1432c07802458f090ad5cc835d0725eeb4ffdcaaf
SHA25695e97b47c077d4ba8c3c65b760d40b539b7b8e5a175378ae6b6102de5d19a89c
SHA512f23df38fca7a033314eb59f0e563421a4755babf38cda4bd8ad4fb26101a28d818a16f2fc97b2152eb5f5a1cef19b304bd0344812058fe3b3d3b2cc8011aedbd
-
Filesize
152B
MD5772f75af7cbdb69522e6a984ed3cc1c7
SHA1f8afecbd2dba6a7de1db555a1eb0545d5ae43a6b
SHA2564177947488e0c5862c2fa65b0b6490e91fd01695df3c07385cfb51627ec28a35
SHA512a8d7633c66d8b2cdaa8d8225fecf50ee9a1e5ce3b5335e0e7641e386bb549af5dc7cb41df44ad45a2c52c5a63e07dc205984d0528c6b5f8c2c8c03a15273ad57
-
Filesize
4KB
MD55eb439bb187fa51d9368a90770f7a7b2
SHA12d7316ee07bda2e29c6613ee45655d2731402e8f
SHA2568f43a5e70c5f875fd3e571bd79277070ddf21cc53e496cbf910ad1c0c1b0318b
SHA51257d4c9f6f83093e173fdca75eab9f88d48eff65e1700adeaebb78ca9d6fc6d7be37a1523dda07862f02dc98702c546f6274916e12b1d1f82a8a0a672ff2403d5
-
Filesize
64B
MD5467695acdd9e23c50b2f2eb02d4aa3fd
SHA16ebcf13d4ce6c294553bfbd88af4cb3514cdebbd
SHA2567503308a42daffcdcc8d3d0f18d02c96774996f24088dcef8ce9a6fe1efb14e9
SHA512b448f7a7a6c2e9a32bd5b1cccd04a0ddd7b4ace3f431a65397ce0fa2d7315d5e7a2ca09824b9188514d018f2f40fba8f43b4435faff5393f67b23156866fafd2
-
Filesize
72B
MD5f91dc12489ad0b40b430ddbbc6df9678
SHA1bc37d3733be48fc53c0b86aaa74fc366b3e1beeb
SHA256ac60db17352052f46d593383391e9b4b9989cb08477a6ef8c37eda9a6023fb73
SHA512610b8f7d3536c1936ed04fef3460753564b1031166d6a1d39a4dd013d4989898ea5cef9401e40884b16d35f2d5a0c13ed844dae85abc4f3519956aadba6a847f
-
Filesize
187B
MD540c8108beee0444a7a4fa7fd1ed1e470
SHA17bf51315f0b28e34f686db3dffd175d4eb4dc7c2
SHA2563339bee47a9b4b20099f6036350cea8446b5af438343dd0fb323e0f23319b8f6
SHA5122abb5a0ca00b5ef13b206be1fc38816de1882202ed080de4c95e06c2b0b3e258f8707679063c895152be8c8674a545b6c0a0c24c225f1593ee633f373d57592b
-
Filesize
131B
MD58fa193f831a1d1ea67274c1064d2e5bb
SHA1f984c423d8f60eeb1d115ee1a8ad4f6bc4c03f29
SHA25683b43de618ab848f65dc40159521bfa3d9da38243d65284597fca0b00124b13b
SHA51273aa38d7d0962330695e233bf7fc83c0e95cb3d68c65e6fb4edee77928777578b160c8b386743aa3a3e54bbcc4af0e77880ed1ba0e37caeceea8e5b8b645fbea
-
Filesize
22KB
MD5758ffb45d9500ce0e039e1f85d90ca06
SHA16607ce662c8489462bbeef6247e0356bd97b350d
SHA2568c935c61203332ae95e7b3e3ce6ab4ece9039b457d79a1dc4e8dd3e5ae96abd1
SHA51211d47abf21e72687ed1d441943700e667219b4ed827cad95eca1b213d6aa5d665cbfca8698d71ea6d54183a64f7de9baa6d699e5682a13774fdd933a39e6d677
-
Filesize
6KB
MD57c9d775efd0823b54caf4d08b74da5b3
SHA12924f8991777444197ac4f19ef3a9124f1301fe7
SHA256b4c805fa0e2ebe8cc91806b55590fc7afb2b9001cb60ad02109c18f86f435ce6
SHA5125471bb84234c4db6742e4b1d71b01d8869496c4061bf8142578a1dad79306a81a40b5776c3672ae5919294eec1a268cb369552bd4784f75cbffc83101879fed7
-
Filesize
220B
MD51ed53ed5693cf731a81b7ba399f9f9fb
SHA1a0b9f60746fd94042587b7fe4e57051d0ee6cf06
SHA2569bae00e6b49d189124aed1cbd5a4cad427aebda159e3b72940754f606da9ffa1
SHA512f5be9d001a2b289928a61f5bf2d1fe0b6d7699dd25a99bfbb5750bbd00137450323974bd5286e7045cff5f62121190172ec3fbec034e6c90022ad3ae4d0e293b