Analysis
-
max time kernel
130s -
max time network
150s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
01-11-2024 02:49
Behavioral task
behavioral1
Sample
cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk
-
Size
20.5MB
-
MD5
7fd2ef1fd5f1d60a5f058a60c39ed3a2
-
SHA1
3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8
-
SHA256
cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c
-
SHA512
965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536
-
SSDEEP
393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk mbxaq.yntvh /sbin/su mbxaq.yntvh /system/bin/su mbxaq.yntvh -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/mbxaq.yntvh/[email protected] 4512 mbxaq.yntvh /data/user/0/mbxaq.yntvh/[email protected] 4512 mbxaq.yntvh -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser mbxaq.yntvh -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 5 IoCs
flow ioc 6 anmon.name 7 anmon.name 8 andmon.name 4 prog-money.com 5 prog-money.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground mbxaq.yntvh -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo mbxaq.yntvh -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule mbxaq.yntvh
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/mbxaq.yntvh/[email protected]
Filesize1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
/data/user/0/mbxaq.yntvh/[email protected]
Filesize2.6MB
MD514d119c585aa69bc93fd850ea385e139
SHA13ffe4d25d73df06b1124750ec768c8c5895dfa55
SHA256264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c
SHA51282e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699
-
Filesize
124KB
MD5011cd6a11afb071cc79ef5019e0548e2
SHA106456658c8ad8e29492347ea80b83b0cd1dd20f0
SHA2569b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97
SHA512ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30
-
Filesize
96KB
MD5e5da9b706513f7d4ea6b514c5b306b08
SHA17339f93b33574774a956b520c27573b12a996cb5
SHA2564c181fcb67c9290b14000fe201ec16e69522982930d9b01308e7189c4e8e3d77
SHA5126d4eaeb0c5e86f52b485abc940cde7cd8c4bafb351e6b0d75cd4ea3ff5e86a97f842482337feffa8a6e35326aa4b0c332115faeb909275d7b0a81a4547806241
-
Filesize
96KB
MD5030c24f0650d357a813b85ff955e067f
SHA134624925b1ee5e543a9f41136328f358c038763d
SHA25612f120aa66c75b87b1924c7c6a6b308f8f2606fd7293b6135a3e7f12faab01aa
SHA5124f18dfea0b274193948e1be0208f8743bea7ede90fc3f765ce1f2d5b9a285e183af5364997047811c6f99caa39f6a9391abd38631083a56b999920512dcc44fa
-
Filesize
96KB
MD58f936e59af6e6f4a4649a78b1b3e082e
SHA10883bf47773f1ef7dd1d9240a88ffdd77095af3b
SHA2563ebea23ae2e14df2ec6db46e2e6fc16d30b60827dfefcb1512a3329b8de7bbad
SHA5129c0df552eed7d8e21e4b33a59eacffc228250cd90f9d3c5ffe5efab6ab5531a88ee559bbc525a43f6a04478cbbcc373107aebdc720cde7bfd5ab20bb47ef69c3
-
Filesize
96KB
MD55861253991bd633fa53a4d2c94b8c74f
SHA12f2bf11d8abac7bd6af5c41f1da10476b3d09148
SHA25600904beaed35f989f114ed89a505fa32099d009dbe2c0ade461bfe97409c6998
SHA512b0a039618c7d33bc91fae827a98c9d6cb16ac5b6d9f0c43ab42cb99c7d2164a28a03b2ad747b26022b4f21d50cdbede1ec60432bb785d966faa19d2e405578e0
-
Filesize
96KB
MD5caf388abd4e3b1bee3fdb1a9af3d115d
SHA186ea074a01e2ace1a120fbba4bc6ae7e22850793
SHA256b81267bfbb124d02308743339a3e9c0c19ac2eeb79a416cf97cecbdee6cc64dc
SHA5125448858f587958e2380f7e2309c81d6e498cb5dc0c382267475fe2f187cd3952e3846bfd0341e29db65433e4d11ab3711749b7a6cbf87de22f2761a0b1117420
-
Filesize
512B
MD570e829a7775c5e4203338b935d4b083a
SHA1ad0d87ad49983d4bc2d2755ee8fdc9787934a735
SHA256674c0499ad0557be56d92e42711e0439b8cfdc6dbe7b61895c85783cb2734112
SHA51291bcf87afd848adac30f3f76fb53f19ffc5f7b7b2be123dd7007f98269f4684dbbbbd37021fd65b9f7c114107edc32b2103506e45b266eeb9a22a2430f96d72e
-
Filesize
8KB
MD5b1d2bbff8377443d0c241c72f95444ba
SHA145cff2dc74a4c2da854d1810e3bce90966e25519
SHA2565c835217b2fdf318dc6dd9a1d5a546bcd70ae8f1df1262b850338d9322ce9017
SHA512b90af63ea2719591cd70733f4e4f51f20d22446e5433580798a3c5be82169f5541a7606c441b2b787c001814dc4a96f2f7a4c04e568f20e89e39e74799f3f4b2
-
Filesize
4KB
MD5d5f02883677336746d341e208acddd8f
SHA17bfe0f8c621b95308a913afee6a2465cd9232d71
SHA256295402198623dfaacd6061b9b177dcf478791a808285359ca8168ba472880b02
SHA5128124c3244f6636f7b4353db118ff9872ef29159527a9119aae44b885c2d0bb5e5f96090a12b02cfbef55da669458f979322b7fb3b1cb931913cec5ec948c15c0
-
Filesize
8KB
MD55aa29f4084b04878ce3d49bed9092c79
SHA1c1c12a8cfe51635b95f2708e46ea1b07d1a36177
SHA256a7586ee892623faf4b01c9646e560005d5bf8276ccb63787e44831ba1f2276da
SHA51286eb311e8871b287ea286bf89999bafd58df7111bfb6321c8e2e1bf59019a2ece35683c96f7c244f2fa7a1a6d8b318ba0e31ea052b6afa5550e7d1bb349fb2f6
-
Filesize
12KB
MD50a0977d6b7524cf73ddd3e1cf27927d9
SHA1e55f7da444c7f079c59c3af66299afb5e62f9495
SHA256491d0d6e3f0d2d4a27d61134b9aa8a71a6c3103abaf0c8f21cb8cbce75466055
SHA512305baad3a5960f1716fe7c4a6f3f32551496debbb83831ba70472ad21bc7ec04dd06fb38312812d6e0eb6826426d2169671b4c7a556e33378e390805504c5daa
-
Filesize
20KB
MD5d78bb81e7508af7d583f16a871729b6b
SHA1eecfbba56e591c99d796fc2e85ccc9b016a1d4ef
SHA256105e71c2b8922e8606a0acad789cdb4dc36ef6c01a764364e4d4512ac4a88d8c
SHA51293c54653a68406dc59b17736435b0ea53a055de82ac9f65c9efefed4fb4c4596e30de1f2cc962a3afbdee11283b75732989626f0f9ff5cb157041c5e4427dc51
-
Filesize
2.6MB
MD54e82cf256563b75bdc46b358b34d9c5e
SHA1f648e881385bf8eb5898001191c338df3f0c6719
SHA2562b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6
SHA5123f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD54a3643167ef898cf2466fd0ce825b791
SHA1b6814d318a2aa84eeb9ad1a1eb7d04242e897f3c
SHA256817b8e2d613997820bcf06f0c2e152ed7d2a1960909f989700df4dbc7b1ab8aa
SHA51213e9abeeec6d55a9b19c40eb29648c32664d04b64f538e78f6a15f1ac71e308f4c48df28d8b226b3a0e341e1f76106f6d7f504c102cee0d040f2531a3432e63b
-
Filesize
152B
MD5002c0d02b218acab367568ba81432d27
SHA14a8d965fdf8cd4e0396c88437f8347efbb9ec133
SHA256a346daf0925a61c2a2d060d355ad8176478b93ce9cd7b6428e5ce5bb993085eb
SHA51271b7ca855bdd99fd5a09743c270e211b6d03d994e7e0d10eec7619f227558df9a07a1d86f4793939aa7253aa85ae6f89b09667b4dd89a73332e98a4059eac644
-
Filesize
4KB
MD57f190090419c123c8c060b6b6711a518
SHA1bdf4bc9c223f12ffa59816cf7ee591f25394203d
SHA25608e6ef389d22d705d8d66930f0f9da340229d1ae037be488f1c8d48471f0c3de
SHA512552ac3cc8b74052343e73d18ab29b648caac46a712b7fa2cfbc685fadcd7fca72140f6c73237ea40c86323d65aa34652b3e929bf651785977d4ce17c5cec237d
-
Filesize
64B
MD511d78625351d6377b1c3be9770179ac1
SHA1be59c8522ef51f4337213b8e372c18ca9f758e9b
SHA2561d0903cfb8ed68bc4fc2edd7ec7bb7c3b01b7c5ff573ce28b613d3d892feed97
SHA512a099072a5b4066687f8f87a20916c8ac59189cea72ce8facd86e699d9547f97f6703e166921a4549bbab260c2f39abfe497a44b113cb3d9733c22d8077aeafdf
-
Filesize
72B
MD5610bf7d5d05945bfa1bc4e609664c511
SHA10d4a40d64e0f9d86a93375cdc320ca68ae3a9665
SHA2560c274657cafaaaa7429dabc2c6534594cd178dcbff85efe2251c9d22ebb06567
SHA512ab17920ca68e188327f3ea7c263f0aec1a3b52a83f47a1611d105449688d867386e9d1f9235992cc444cfde69cdacfc99af28e262055bec005f96fad05e4ae56
-
Filesize
181B
MD5fbc11b9419ac688934cf2cfa28af4dd6
SHA1a79c3e8ef47f6c3bf5ea07f6b091da4a84924c27
SHA25648bd1249c801ae0a5097f35656ad7b414a4fbfd8ebd5c0aa8dfba5ff6193a1e0
SHA5129981eb722b0b3383acde8543c2406674ec9c4b9e64e32a894cad23cf6b641a4b83550d600e318ddffd8b68595556155b825f6442de8385def04b6fde80f11004
-
Filesize
128B
MD5137670874fb1210b0c33ec7cdee2dd58
SHA15701d0e136c7c9471094500c09f70d432c792b5b
SHA25615bee8b26c33035cced953dd6656c57f8cf84284e59a0717b43238505c50e250
SHA512feb234035d84f15aab37bdf16ff39cbf9c87802e96170e7ac7e4eeb5cec34ec70cd8e6ce1b68be37ed20a6ff08cfb036e67db65dbd6a1e0595204f43afc18ca9
-
Filesize
22KB
MD51f668c17977fbb9ceb21fb42dc95bf31
SHA14c2189ac9a81138126a48b45782fe781502d43e8
SHA2564f1e4de128c5b2642bf5456b10a008e2592ecade2711c4e56d788fe193cf7de5
SHA5121613069a138abc5394b3c355fc1014f6c3769d2d0ea00bd17b5bf0bba810fe4f20714ee63b2e064af1dc2fd6c46a2621fdaff7a5468d5a30759d328b5da9f331
-
Filesize
6KB
MD51db92f6491d7ef4112e28c8894b9ca0f
SHA1e0c64332c5866ebd381de239952386fa7deeb8b5
SHA25664da4c840200ef4e1ecc0dd0bb3cd5bfd6813084c556bee99e3d4ace91d83175
SHA5128cfa7570445f7591107c9768e7ea0da63011110304d14631ac8c64771f18c48102d8beb729ec86d59d9468029fed80b2f87b75de1e4ce9d0d879577853d06f18
-
Filesize
220B
MD50f7a428fce93c92ba89b4b4fddd669ec
SHA13c06f25252da6a3bb99586bb54f3d4e7aee31f3d
SHA2565e1f0160410c9a0db62a4ff6cf096442c0a01d515f3e983389c6993385cf01af
SHA512f3c41711ec7c0c9baf30a7bdbfb75ae5cfc65e1da58ca675ce32a160ad85a65056c333c94d52229986cbebcd98b2ab1eca5d2a9c5fe3b064e44cc349490ac80d