Analysis
-
max time kernel
140s -
max time network
153s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
01-10-2024 02:32
Behavioral task
behavioral1
Sample
ec1106a9735034ef21a1126717ac337d825844a1b60ab8bcf32e0c835fde60df.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
ec1106a9735034ef21a1126717ac337d825844a1b60ab8bcf32e0c835fde60df.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
ec1106a9735034ef21a1126717ac337d825844a1b60ab8bcf32e0c835fde60df.apk
-
Size
20.5MB
-
MD5
adcdbe1e25a3e03ae1e454363012432e
-
SHA1
83381d32b8a6ce9854e8e7213a6c90ac3e17f011
-
SHA256
ec1106a9735034ef21a1126717ac337d825844a1b60ab8bcf32e0c835fde60df
-
SHA512
597546c877c4ac04c910f123c3bfbe236a342e61ff7a94ddcf1639401da76b04df858da2bbf145c8d10cdfe299f2b946d7ebe75554afd6f749acc8f4d387f9d6
-
SSDEEP
393216:3OsJA35z7A79L+r2d1mbgafiubcnZbb3T9i/zVN2I+TXadaKpPbNiRSKcsjJY:3RJA35z7c5zrmbBffcZb1i/zVN2IkKk4
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk xuzjgkd.sstlojddh /sbin/su xuzjgkd.sstlojddh /system/bin/su xuzjgkd.sstlojddh -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/xuzjgkd.sstlojddh/[email protected] 4384 xuzjgkd.sstlojddh /data/user/0/xuzjgkd.sstlojddh/[email protected] 4384 xuzjgkd.sstlojddh -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser xuzjgkd.sstlojddh -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 5 IoCs
flow ioc 36 prog-money.com 37 prog-money.com 38 anmon.name 40 anmon.name 43 andmon.name -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground xuzjgkd.sstlojddh -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo xuzjgkd.sstlojddh -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule xuzjgkd.sstlojddh
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/xuzjgkd.sstlojddh/[email protected]
Filesize2.6MB
MD5c804156b95a21c4bf0b1e2c8a133894a
SHA1dab8c525d3c86618f2f70a8de71979df529e959f
SHA256395c690bb3c3ec85b3c36ae8498ebbb895b71e745acf9e7f120578a9033d9a68
SHA51252110dadace88fb28be4d9289d797346d5b4e4dc753279769101be18e7d2fa90c2b315e9cff2f89e694c2e0a64f943002116e46c4807ead7d852adc2cf54e7e4
-
/data/user/0/xuzjgkd.sstlojddh/[email protected]
Filesize1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
124KB
MD5011cd6a11afb071cc79ef5019e0548e2
SHA106456658c8ad8e29492347ea80b83b0cd1dd20f0
SHA2569b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97
SHA512ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30
-
Filesize
96KB
MD5d72a28788d29efd58efd4a6af38f0c46
SHA1e1a9ebac15c2816c8b30e0c3b477b87b88c67f25
SHA2563545dc82c6e41973289cf940efe0254f43f8a300d99e9a305ffe6151f6acd823
SHA512c79e580ed5f4e4b1dc21763363ef50a17e816a6fd166e646595a77623ddcab6ca72a45bc5a1ce2e6c2826145da716d9bb6d4f3d3705b45190fc520c0f82d7c4e
-
Filesize
96KB
MD5447ce39b1053d941992c2b978a07b8c7
SHA162e74d88150579ac2d5a79bff3e13ca3f7fa076e
SHA2569ecd5d08f48cec98ae40817b91f7778327674e32338f3259b62b39850966d4c6
SHA512192636beecd8bb31a0db64e0318388cbb7c8ecfdc5d5f0ceff96ae43eaef4558763ad30ecc0933cdc01999f48008e1113bbd7f3a9a5550f20cfd84b10a244013
-
Filesize
96KB
MD5d5feb4c65528167d013c3e9aa709505c
SHA137e3c7a9d79acd36535839c67b852f3a01e445c6
SHA256470b7cbdc1e9edf41cf0583d7bac0954d65618c43184afaf0fa8f07dcc0e8ebd
SHA512e8061793d0679fb7ed6f135de3d9b670e12b347016342ff9a9dbd8fec4d4f8cfed0617f45a62eb688a6e2fae4724a182bb0321056b420fecccc215abca136d29
-
Filesize
96KB
MD5ce803b1d007b902ccdc7ca57899cc5f7
SHA1633c8adcab1220d9179fe43c2e27c008c8150339
SHA256308aa1bc13825dbd455c394d449341efe2c37fa4f3f221d65d76e60ca64eb821
SHA5122542ab33cdce9f58e349e36a3a41b38d035926019fd7915510465045cde5a3c6cdedaaa609f72da738b2e733b98170ed0184527b906110efafe527c6797ab933
-
Filesize
96KB
MD58c06a8b84e0a947be35cbf5a1ea7eaa2
SHA14e47d2bf9cc18a280533e9978ca41bb8e39aa187
SHA25649988987dbbe1e043e70c92a09f6a023671347673972bae03bdca4b2f8396a21
SHA512357f708c36bef64947713693805542bc416cc71a33cc3bdcd436be2bc731887b5ddb486971179c8655ba7da26b38c9a580e1099863cb5c76a1a6321ff3237f78
-
Filesize
512B
MD5a85688b9d3dadebaf5c01b96a24b1d23
SHA1271cf8cc555382d5fb8d6727e8a415385b843125
SHA25652c0d0493cca2889a293925414a986a9aaa14360f52b804200d64c9381253f7e
SHA51261800f1bb4577e143aa24d30ec94f63995e88de96812b9a1b6a3dc4e2dcaf372c72617014682203a8b633514399d65c473aba9fd0511f13d06fca6108a9fac0b
-
Filesize
8KB
MD507e9e7086febc99df932be18bf21eac5
SHA1e8b1fd315ccfc3831a0804c732ce4d988817f686
SHA256cb28d7a349b716d9bda82c9a8fdd0e718ab179dc024f562546c093663a8586e0
SHA512903ba7a74ec1b72f2ea802f76dc81fd9be7ed3027b17fbf653704f7da9dab2c6706efac782db3ea0ba32270f0402d67e0035508551597d7b585791ef2cebf441
-
Filesize
4KB
MD55b99c2acbae1e8e6be8044c4f52948bf
SHA11939b713723ff3c0fc5a06face516900f7e1127f
SHA2566bae61223f303d4c6a9b547588a024973391b179232fe0ed241245c95d570542
SHA51218b231192f2a6d5c49debe6272707289e0e5ba66707b2e29d59421f31aeb4c95e76cb39f37c9cf97eea883afa1dd40908115782d019135fe437928c91d1e1c44
-
Filesize
8KB
MD50a1d691edd52abff025c4fb61d4f2af6
SHA1d92d8d3d1a30cd3a9b16fa4a095e5bdf761ac8c7
SHA2566c5d5d2765754babb033112f243faef16d43b1b10f9fd7d7de4c8ec0f6747e6b
SHA51283fa8ed5e55963412f84b5847aa9cfd6847216bba6c39464f89763b53c6f2504ad5e105389334176b13da7ace04e6e9330c032a6f93078848a48fa8505bbe71b
-
Filesize
12KB
MD59047a6451e574986b21359cb124b94d5
SHA1be2a81a65fa09d44db518797ce8a0fa9792b8577
SHA25609215a44f8aac98efa53586927d12d5b1f5623d4450079af0677db1423b567a3
SHA512a101a17a039a5fc8d32b0a4a3d78b8cd5b5a5a4c5cb95a48918a1c595ac5d8ab2e06aaf95269486f64a8f53102054f40a01532f057e53fcf61096a3217c018c1
-
Filesize
20KB
MD5fd6cf211641757fa532375f46eeebd22
SHA13df30799278d71c8add073cb9e0373fac20a7ecf
SHA2563c8e8a1ffbf8b7670a53310b430d7775a2948fa6852c3c76198c0c72707f5fba
SHA512065e749b792bfade8e29ebc35fa22902f2bf4afcdf08ac4c5e1d7a08e4afc712a9dad94b27b8e55c95d829c0a0583bd0f9aa43d4cbf224ef5569ebb678a2c20e
-
Filesize
2.6MB
MD5ebec0623df12f3d7e493604884e808dd
SHA174fa9c2749e8af6bf4f00bc232089e4ba8876ba7
SHA256546b24036b300cfb4b6f17e5df3a0b14015d2eb4d654faee2283526f337e1d2c
SHA512d404aca340c2461c5611b0e4822d552ddae48771ab059e1b13edd3493031e9f0b0d95fa82b6584f6b75bfdc5bb54b76526cc4790cda994b6405a275a48ea8ea2
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD58dd0ef4764a0930023d850141c15959f
SHA1e30ef544f9c64134bed264bac1a4ec851fee64fc
SHA2562126fad88b36ab8990f777109a5ac30a8d5d690dfb68b8912402e968d9fbf897
SHA512c1790c7775cf56f8d27ffa0d189714d2c767347def27aabae2a41ac55606b58dd2ff43fcab8f7b752236a8f8df39cd344eb2fe00f4c50a0ad9ec8efdf487f1b3
-
Filesize
152B
MD5683f4e55957437c691963ff2d426539b
SHA1b834d7416c00289e192e2ac74296c426e96f18fd
SHA256373851d87ceafa832235f9b6551371ba8d4b50c326d28f3167a05d5a40e6b93f
SHA512cf6bde9d61dba91dc828f53984e622976e6a31139e1ed2e3fa9643f70c490cb6a5ad56911581c999b8bb9e14219aef59960bfbfd7d07a6b3414477b6e5eba452
-
Filesize
4KB
MD5deb26489002beacd4293c9d47720c7e7
SHA1346644f1d621082d788554ef7298ea6c59b34abc
SHA256e0a04ee5ce12a3c2d1a38f1ce9f3e865460a8654c63e644dac034a785af84461
SHA5129410626a43c1e8bef4c53aa073540ef909296996bde968c8eab4a2363a28035f2b3d8cae3674ca19ff71f1964ffb127c851f5e88a08c73734da4f616a8c66494
-
Filesize
64B
MD503367365c377b15acf197bfa4b919057
SHA144ee944da31f32fbb1eb70d11dba1f1fe920cb95
SHA2562ab4708596a1af34e52f6359fb8e3ffbf030ab63bd041def475e1c77d4a41996
SHA512dec608715d3c66eecc3d281b0d94f8957210f671508b44cc18a0298ff6c19fcbb5e91559d1bf69278b2eee93f221b50bb49b2c83e0ef818b7dfd961fff2b4611
-
Filesize
72B
MD560e35b8cd39c7fd2b98e177c5f083d94
SHA1e51e9fb5848a0e7030233918ed29333144ad714d
SHA2562d8a8da668ff29a9b23e2c71df6d16676535fd4f158c5654ac52e42acb59ec6f
SHA5125d74b217462fb40eb559dce948cc65fc5e153c3820dab22e9e516961fd3a0c7d10f0e436c26043ae6c2dc3f994d790d1b12e1120f4141542ed4bde4f63ca823d
-
Filesize
193B
MD5a80f67746d38fa285a0b0cac8a50eab3
SHA147ce26c02d4fa7708fcdfb5ed2722e32412e99d2
SHA256f5038f0c8a71b1f7d031c53d45cfb40fa1680720ba8a7c6e9605515f92dc3e6f
SHA51297e17de8777ce377e1459f1081fd91405bdcbf4dd13dfabf929dfa553b15cf61493bf94979d92ca24b5c1e25e9d37418730681e3754c3127148d0fad1167b009
-
Filesize
134B
MD582e661b772b440fd7b25c20609539f86
SHA1011e1ab0fd086c3ee1b07d522688e95923255515
SHA256ebca6430e3e8bf8e1160ac35a75215ddabb01de21b93486ce010aed443ed83c1
SHA512d9f3d318df7b60ae797690f3570c58c04b242e46fc97639e0c9f458ee365b529b812c5862c6ee22a1a64de35f760f17c8cb2db6b520eb16b7f1e5e6b4de820b5
-
Filesize
22KB
MD5f9754d02873369e98e2bcee2d47685eb
SHA108c56975e13214b34115d69b5219de3a96bad2a5
SHA256a1d9fd2c4be14891f292a95c0303c13e19ba77956c8404ecf84101de037b3b50
SHA5127dde6de4cd0436f88740e0565d1ce6aebcc3bfa05783dac94e798c2d6ffe93a5b463287e9e2e5031b4fb044a57fb809f31d156029acaa65346ec817691e4bd9d
-
Filesize
6KB
MD5b4f33c05b28de66132b8c6fa714b05e1
SHA10250bfeca024ef933d1dd10849710fea6409f335
SHA2561af0f4df70c173f21e8908539e996e9b53c5e1dc2097aa194ae87754a6ea7d93
SHA51244e7681f6565124d5cbe89047773754d5c7a3f3e4e804e049412611c68c21b36ad9cd94194da0336db102da59437f63e59659415d1ef76b0d83294e2a94be2f2
-
Filesize
220B
MD5e8ac1370acb950de38c8e2812c0e6090
SHA175f8d3620090ff9a7385c0a0f7cc8c2c01ff4579
SHA2560de924ab93ed3ddba5bf1760c6720ff1917cbde224f2a15aea82c8d20605b09b
SHA512cc0a0fbe278a077920677fbf623e916625012fcb054829451343a6106c88c3cb8f1407d726c5ad97342c9561e974cdf6180801b587c3fea3add421bf13490d44