Resubmissions
19-10-2024 09:10
241019-k5aveaxhqa 1005-09-2024 16:10
240905-tmdm1sverd 1005-09-2024 16:09
240905-tlxz9sthrj 1001-09-2024 06:20
240901-g35p8ateln 1001-09-2024 06:13
240901-gywlratcrk 1001-09-2024 02:40
240901-c5v7cazckg 10Analysis
-
max time kernel
141s -
max time network
142s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
19-10-2024 09:10
General
-
Target
am.apk
-
Size
20.5MB
-
MD5
f95cf2c20d492d6647885e8428d808cc
-
SHA1
3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa
-
SHA256
7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c
-
SHA512
3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5
-
SSDEEP
393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 10 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
fka.ugsonrqogw1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests cell location
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
2.6MB
MD5850905bb253b202528d72a6724d68904
SHA1ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8
SHA256abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc
SHA512a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2
-
Filesize
124KB
MD5f15335a640f24813c9b345c99da7e16d
SHA1a0e7fdc85b3c1420bf342676be577f146f5dce49
SHA2566baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9
SHA5125f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19
-
Filesize
96KB
MD58237906c410af8c32ad664155ac8d916
SHA199d343a8f07e8f15d859646e4e11437e372e1e4c
SHA25657921d2a376d1ef290da6bea104a4718b26113e161b3e45ddf8e7011a1c4f23b
SHA512897b05c2275a5ce6714352575b921f1b6be9c197d7e3bc2d7e98790694f96e9c267c1371b8f0b585e0fbbd937afacef13e1119d65d86919dba399cfc37182e3d
-
Filesize
96KB
MD58d4506d6c8557c4cf9846142bd70da30
SHA1bb9d9c2cf109451fc288c8eaebdeb0bec8c8bacb
SHA256a6bc991d9460f6c7729b146950f9bb14290fe355e67378e8831dc4fb135c8b2d
SHA512511be9b28a0141e56efca6efa577ee936108f6860742f23f18d4abe43e0ec74066351ee439ac2615a19a32513f95a81e230356773f35466d1f14622f9d671b2d
-
Filesize
96KB
MD5ecd034aad08bea25c1eca8a04e5f04a5
SHA12e4aec86254910676737e788fd237c01dceef2b4
SHA2561443d14dd6f4116f07918215c21603478d173289aeefe738ac031ffe63384b52
SHA512e96da585cf345d0e311d6c50320384eb1c7d2cc5ad524e4b7fc724f46957933f00cc74b355c9f320f028457adf9bfb465c27cbbbf3b8df494c9e10b448362f2e
-
Filesize
96KB
MD53dd1142d9cbacb38e8d7bc56e9baa98b
SHA1785460c89a5c43ac6915ed4a4a22ca6d23f29d40
SHA25628fd16d048aa8a76766ec59affa44fb85097b84fc2548ee9055d2742ec01402f
SHA512309cbca957514c8bbcefc3e3a407d38e48121781bfbfccc3bfa24b9d5d0ab35b01cba1641d40e411436e46d02b50bf79459237882ec4e5c48fef5a88b5270d32
-
Filesize
172KB
MD5467a4008c816ee1225214815d937d9d8
SHA1244bb9ba40265ac6ca16636e12365858b506bc21
SHA25669a5a8e82684ac098be227be2219dd9bb0cb50ad7a406eb49dde14d4007967ab
SHA5124bcd69fd2932575a8d819ee4fe07679fa348642ed335fc70d44579c7cf047686ebc464ca389cd4a2cac4656dc225ed058f5a6efe7c46aab3951a8ba002d2eff9
-
Filesize
512B
MD572c02c61f5d8091ce0ad2f6126389ec9
SHA19a298b771ea0ff19fde09c8a2d469f848c00a90e
SHA25611cbca681e6079287244f4992004215e60f48f6c48e773152a4e0fcb18cc58bc
SHA512f76e4d0c686f78fab3c548dc1e3d1d677aabb9c699b66cfd56761ea31a67b828d031f395c418607ec8087cd091bb2c62b58b40494d7abcaf68647d1e09d419de
-
Filesize
8KB
MD5d720c18aacaa9d7e27f3fab438ceaafa
SHA1de87b12fbe0538b250e17bfc96fc8b3b116067a8
SHA25608349610ef12c24a9de434e98c1e04ac7c1aefefbb57e3a7f78ecd673ea47988
SHA512c1e50e56cbfb16fdbfef45773818ea7ee53aa3df0d31af65d741f64d3bd0d390804aaac9f0e97e40bd7129e235e7bb1db9c8e01d9a613dec0a911ff4275b1dfd
-
Filesize
4KB
MD55692f4de013600e926d4004b7af23173
SHA1241a2d4a9aa70c376bd132201616d6c155117afa
SHA2565a5c8fde9de53ae53b972ad8dcac7117a6dab675d6ee3c3ddf6d0aac6bb46f82
SHA512147ceb04653074111e9b8a87ad9cd99b456cbaed554d838f59fb4af890cc9e4976986d1c8c72701daf7f3cfb3d9ae4b156e8043cbb33408fbdbced02ea3c0a7b
-
Filesize
8KB
MD5bb4383cc1424278f7e0890e502f1191d
SHA17da176c9f2ba5b1d41d2550d4be2418deb0402b9
SHA25677df890c5753f12d76dd2eb300e07da40e29c1932f4258b6780050b85b945064
SHA512a890d2f692cdc5218ad2c22e837860539f1bdad894f59ce231f27e58335c096b84ca1eb3988845f900256a29d1de963f69d19bc177934bf01468a332205bc097
-
Filesize
12KB
MD5582d37f7b3972db7b7554bab9936b757
SHA17136808e52bd7f2342cae2a498fea3e70e1657f0
SHA256eaf6005cd493035cb87becec29cb51cff36dd36f731cdfdcfca6ae9b0a0cd140
SHA5121d09e90f54fb3cbffa74cfaad755c088287f5f25ab889be551776dbfd0fe0125c3483123f9bd1c4b34ada030dea4ddb583ebd1e607b6c0fd49a8fda771feed8c
-
Filesize
24KB
MD5b29bb2b1894d749f80f49f3de4de7f3c
SHA151ef34d10ea3703f6cb070669e2fa62c517d4722
SHA256467494db7ab9e5cc2bb53d60ea5b733e83add874bf50e7096f8e3606c997b06f
SHA512d7b2fa1705b9737638d685c2d805cbc7037841570a114fea40e003d6bb979b20fc26359f1c2f2bb285719905e65476bdcc469f8d7d55cf4b2f922746a076fbb2
-
Filesize
2.6MB
MD5470586b3a055aed7c22156273f38f69f
SHA139866ece4bc4bcdf2613bd67851ee7ba22df85ab
SHA25665daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d
SHA51295ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD5651b38764bbc31279137489a689e6e29
SHA117042980155405222a28c47658c0591c6dc1b5f1
SHA2569531cf9f8e609d84b385c7b1c54818b3957bc8404e1df6dae2c1c37f614c811e
SHA512d643dd875c307240a90d7aba6f2df6cdff44f54d5a548b9441846222341545a5199027b2a8b835e98f54a47faa1989fa1b6f00b1f6d4db2f15b38f8196b7c3bc
-
Filesize
152B
MD581a235a79df8c2f178cefe92ab8d7e48
SHA1821056f804df85e9b856a88fc61b9cf5109389be
SHA256d48be3367d1195579380b259e17752dcda2f85528ceb8ce578802bd7e96c8919
SHA5128fadc1931ef516d6003bd35d12c11d9d848dd0a82bca198a4b7edc391bec2089fdfcd822a0a9fcd8e242e02d0cb0f336f519672cb125bc8c497ee736af0df284
-
Filesize
4KB
MD54179ed963c7aa571232be0a15ae4dbbb
SHA1916bb6723869f332a0ba94df70732e6d09dad8a3
SHA2562c5cb7b9b04c4280488b3e946c464d5c72807f85ccf06791f10db9e2048b0173
SHA51225c382c9dd9c20a450dd84b6ddfc90dc7c6005c46023b2adc2b9eb3c3502f65d5e68447d465ffc5c99149f0b43aea29b17c9516c6ebc41a00fe1f1f0d5c624d0
-
Filesize
64B
MD526056b1e9447ff1dbef649e27e55d639
SHA16cba15a00249c8357c42a54e6422c5f6de68bcb5
SHA256d8a7edb207e1a6f93d928db3c84b55d5d589a3369db718691bd55a87441c7c6a
SHA512549ccc9e6197c92ac7979f2c2b194a97f8adde997668f5b166e8e9f5e5e855023b0bdbbb41408df612ca57e1df35f04b5c665b7b8edd605ac412e4094895e000
-
Filesize
72B
MD59199b2a8504789fb3e9ab5416c6c7b4d
SHA1b42f15a8e073d96fb7093b912abf45048b24d2cf
SHA256f2440144954e96ba3b38267aeab494aec25e3b468b1fa5699091f297df25ff0b
SHA5124a8116cd529d5e9e0ea488319681cb600581338440de1864480cd9d0388b1902e2c55066f0d48f24f221cef3b8e3bcd3eb4ba8eb2b10227fe1ef0726c7deb3e0
-
Filesize
187B
MD50f92e59c7023094690a7e189c197f8bd
SHA12b27915510d90fcda1c2a350b1074dafff891851
SHA256ba4bac9edcc5dfcafeab8ef2585c436466f0072a2afe851e08b2092181640737
SHA5127aa4c5fdff0f005ebfac8c2a0e38938a0b90d4e550426e098a7aa7a38bb988a2d4b3cdb9d75a8479ccad1d111c82031b6294585d6f5b1e251a4555f09039eb01
-
Filesize
131B
MD50d089d5dd8b27411696c2cf88eeb29a3
SHA10d1644ae4e2c21b3a66b9e5ef774fbf5cb5eded7
SHA25662f77b23e089dce33f6e83f0bddfb232919038b60660c71daae48d10d69015bb
SHA512400874bb27e42e1b88873784981636c93179ae2756aeef37c0b128b6b0e8346d04422406cc72e52f249b0a9723e3469bb037b5a35cea2aa02ab0a6e308e13c45
-
Filesize
25KB
MD53bce8db0c648da3ee5267cccc215eef7
SHA1fe77b4c8edfe4e3adef64453bf3bd1b94f85c8a4
SHA256b1f808a21546bceeb7b92ac967245fde547e1ccbd7fa243f20216cc35a204be7
SHA512ddfede00f5ae99edd038c8079315880f559c5896776bc75233a7c6d4f47ecaab7229274042f03a603785f5e2fef261af5e3d33953b6752000981a594bf868e06
-
Filesize
6KB
MD53221d594c670ec23e911daaa7afde903
SHA131074d379d0a83b51a8590373a89706b7c7fed77
SHA256f03c94876ad8cb2a2a6ecaa703f4b1818c42eeb548063e276391aa366418ddb7
SHA5128c46ba8975b4939d6b6e6e2e0da563ef7c788a72bb3f6116b5f5a08e0417bfed3e570f6410e73b6e88d2dd098799a931fc190493a46c8ca8be09585710fec536
-
Filesize
220B
MD55ac989961920f3517b3e7d6e92f3daee
SHA1ea6539c658d8c955c43653f5d5af0fc2b6a28858
SHA2565c9b5d839ac895e58a34ecc244effc91000709947a00b8dc15cd6d47d85d8b37
SHA512111bdaa781acf29376744c297e1d8574f36014481ff9db5711e4d0deb6d801dded2658f01f474e63ec461795f946a7d22183112f6728fcff7ac950a57f3a28bc
-
Filesize
67B
MD5d8ad6773b632b7d8066ed57c6c482c6b
SHA1c07e66a0e8e58e190392896d7b178b7079741967
SHA25650eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae
SHA5124bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2