Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

cb638b84f4...8c.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.zip

  • Size

    20.3MB

  • Sample

    241231-n8d8sayrht

  • MD5

    44cb35584fca86a73b220529194b3d72

  • SHA1

    18030bbcb11b069502f89c7e3efcf262cd8afa99

  • SHA256

    a923e8d930c5c55fb0a9856125500ad9c7e1395c569fbe22dadef7a6e289efb6

  • SHA512

    9f0c7d1dc6b1105077938eb66e1ec590a2eb04e9a780e16b11b59971836aef4546b6f1e4e38e522226b22b53b1f20ee402577959d90877d638fd7918c4d7aa98

  • SSDEEP

    393216:FOD2Vbx8JPit+lYPHaPWR8pWY2KD9ZbpgxVSIsLJwYq5RnZsUpWj6x0T/Ckx:FdyAOYP6TWNc+eSp5RZsUE2x1g

Score
10/10
andrmonitorandroidbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencespywarestealthtrojan

Malware Config

Extracted

Family

andrmonitor

C2

https://anmon.name/mch.html

Targets

    • Target

      cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

    • Size

      20.5MB

    • MD5

      7fd2ef1fd5f1d60a5f058a60c39ed3a2

    • SHA1

      3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

    • SHA256

      cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

    • SHA512

      965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

    • SSDEEP

      393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

    Score
    10/10
    andrmonitorbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencespywarestealthtrojan

    • AndrMonitor

      AndrMonitor is an Android stalkerware.

      trojaninfostealerspywareandrmonitor

    • Andrmonitor family

      andrmonitor

    • Checks if the Android device is rooted.

      evasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.