Analysis
-
max time kernel
291s -
max time network
300s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
31-12-2024 12:03
General
-
Target
cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk
-
Size
20.5MB
-
MD5
7fd2ef1fd5f1d60a5f058a60c39ed3a2
-
SHA1
3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8
-
SHA256
cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c
-
SHA512
965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536
-
SSDEEP
393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
mbxaq.yntvh1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests cell location
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD54c0ccabb25100a908b9db06434a6af8b
SHA1555d9ecfa42e17aec483e1c05be0fc1362db9e66
SHA25679aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304
SHA512b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb
-
Filesize
96KB
MD53b170a952e654a75b41469ce2273ccb1
SHA1db80a76660ca17a14bf8330e6c3e668d8876c1e2
SHA256157240dac9792d90af4ff9e3a5c0d644a9a1ba3536d5fa2816489fc81883fb31
SHA5129369f602edf14441f24e33ae0a5362420b80647f99841743603ce4c142e29c52521db7459647a9e915f7c28d9a5e4749bdbf948c31a7bb98bff83b18e4e1fb55
-
Filesize
96KB
MD5cf2a610fffab8bc84ea82f93927a4d02
SHA179625a1df6c702b881bac8553e557c379605e116
SHA25659e929238e5245fcbe571613e9f241930e39ac8da69afbb5fdf4ba27f2064312
SHA51253275fd218f7b0aec1b01ac4e80a9259c0c9dd04d082e98242cc3ba0f843ca7833d3da431026154971816738167381386e76b5c5a5845474d41dd975c5c2451a
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
96KB
MD5cd6d443f3bc0e33094b405c208cdaec0
SHA1ce2affb703ec05c9546867f29170c1309798d3f2
SHA256cfd1afa5e79f26f0c48d154713fabb5a288353ead298f3df6a80327b7c631b19
SHA51224d891884dec6ce88d59297761871263b8f3892331ece6bb356d17b59fbad78509b6f7dafd71dd2e386067cc1ba820b1b0999babba42d088ac2203ea5127f34b
-
Filesize
144KB
MD5f86b5e4073acb72a06e1ad0442dafd06
SHA102c1e3ad5e936653f5904a67573bc51fb654f2e1
SHA256b63e6dea83bc13b17c49cd7b3969481f47fa2ade51d4a71d4b4d882dfac609e8
SHA512839a613aa9860ba1ffa4256f00aee7e72cdc6956d12756f9a2435836e379e541503abfa47d92c02c08fbac70bd385665959d7febd76adcf494b77cf33b8e7606
-
Filesize
512B
MD51c0592370ca6a63b50b5521458ec8458
SHA1f7c04eba9091962ed12fcc92b7667e1200140ff1
SHA25626de62c6fd928804c83971471ce917c8038ca5f5f5308e60f85f349c93f4f854
SHA5123f3b3a56317e9ba00f21e2b5c3f784a72bd5112b608f31486a7531ad6a4d3fdebe4909fd12cee0b8b54cdfdad4729e65063a1e2adcfbc38ee7f7cd6d81036d5c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
414KB
MD5b0526b1e6db5f701932b44760ef09e7d
SHA18747af46103b4bc4b53d8f1186cd4eb8d54ac7d9
SHA25631ffd3c9d6c91b7e0472d18ef47775c3ec0dc8e4802fe903ed48b265255410d0
SHA512485a49dd1e83511ebe32027436d28a38aed43daa760d7b80ec9a48e22f3065366d8dec34a17dba5abaaa34624aa977c1e842e0e21a43784f9b92293d1a4bcba9
-
Filesize
8KB
MD5f829933c51cb0fb5b51ac4ff5496f4f9
SHA154db65e929a9627a5fb004f2d513ff2ff410c355
SHA256a0373ddb3fe61084a288d485b5421fd8c9456febcee021867d5e01e1389d3bd9
SHA512a65a953b772dca430193860b003ef0ca2274c4db6b79f0b8191fb016de33b43f794ad0cdd9342271c978bb8948bcd75ebe92ed2d1594b6837e68a5bb28d1eb36
-
Filesize
8KB
MD5454daae6ea28e864ae000ceedafe764a
SHA150cb32be15971dfb7603954730232fcfe5cfb9c7
SHA256faaf5bb92f2f643598c453547b6fb49215612942376aa77031b43d82dd64e8c4
SHA512c6c336ccd3e8744ad360a3b220fb2827a816fb600d51d045f44c11470ef4d9990ecbb5d31fe8912234335ff5b2b46f837868065b570060108788d9cb19332cce
-
Filesize
4KB
MD5b35e8429a642dffea85dcad3a199ce7d
SHA1f65b80bb99224c32ad5dc087bf3eafa77a76b645
SHA256f8c54d18ebd0eef603eff1af078a00e9adf8816ba4aaf09c37f4899a35e02652
SHA512def2c1fbab7c5242d82f6fccdcc183442d2679f755f84df8445c182e7a5bcf33ea8945c84e57d67732178663131c065e2dd411f752fece8984cd798abdec2973
-
Filesize
8KB
MD53f4210727d3d0b613b3c21c5f295875a
SHA1eb5faaa83e4c3f5d9d2e3faa63320febb8bd319b
SHA256f05dfb1df75f4d415485ae17facb36bc5ac340d4848f913dea9cafa00485d799
SHA512a78eab7a80c9a30054036662e97746b586b9988bd535bd411d96daecf44d57cc1fdbf98c3816bf79e7414e841993d587c22f70069ea98cf81328c7e0500ef4dd
-
Filesize
418KB
MD5515c38422ed01e2723c6e8ddfa4002f0
SHA168bfd0ddabbd95674f05f720992536d9f3d30ec7
SHA256f191afd41ff38b176bdc32291f68b190937d1f9976975e915d203bdf3987bfd3
SHA5125d7cfa1e25954f894435799a6312c439cbf3338dc3c308c4d166d37a95abf4a12f63e67eb44234236f7c47acd3229d82a1112cc671aa9702045449a5d67e5095
-
Filesize
2.6MB
MD54e82cf256563b75bdc46b358b34d9c5e
SHA1f648e881385bf8eb5898001191c338df3f0c6719
SHA2562b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6
SHA5123f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9
-
Filesize
1.2MB
MD551112e0a7f7962a8e02bc885025414ef
SHA140622959af4fe349d8881c885b9b30441de8804c
SHA2562b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0
SHA512f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402
-
Filesize
173B
MD53b8fc30e8c2287c5c66965968e3840e1
SHA138c16bc1ca70ef2105789b8af75a0aedae1078c7
SHA2568ed141d8f99cbc555b426c2fb1ad931ff2ec09e7635be3c784e85e6d9f52e836
SHA512607022c20ea2c4285d9e3b8f6c0328257ed1534dc3a92512e89b4ad0967e814bb3ab1d8ea71e596c21aeabaa5d2febd4ba80f6c41171f0ecbfe39a0a694f6324
-
Filesize
152B
MD5fcb1e27940b58e418b36aaac9d2bfe6f
SHA14bfb19b490fe565d45943ea0f57079649331eaf0
SHA2565082c8f0a385f89785b07bdb5d89dd786392be6be684eb031a6111966bc9e2f6
SHA512178b84760c259659bec7f2c552bcd78435c904610bcbf98cd9c5d13e638e50fddc45df3eea9cadfb8f84e355121c354f2b3a23aade9558d82c053fd5ede7420b
-
Filesize
3KB
MD59026303db19b408274bd05be9b72f578
SHA15b6d79f0a724f0132cb25463ea9d0e28b2af93b1
SHA256b774e6e82c4d871b8ac89f654f69da307a186a37d02e262481c11cc657571f1d
SHA51207725f5cd559158e7451475a1dde39a386aa33adf586c7758e55444ad05a3f194f0b612d670769cc75fdd5601e5ebc71e59b9558bf913c24cf35044e876a111d
-
Filesize
64B
MD53e40440ed9eb76e78bc596fe07617693
SHA1093a4e033b97935810ce3436b358da638634ce6e
SHA2567dc2417aa44058c6d0c9c950b491f34fc4b4e2aca4464d3c2fbc1368c1fa665e
SHA5123f3f7cd2d8312fbca90421e63db6986acb86db391d309bb94939f33006fa60fc803886227f8f70934efdd0a76dea380928a676e0068600310200237c56d558b4
-
Filesize
72B
MD56ed43c1b1c5473aabeafd82b9b585693
SHA1b3e5deb25f3cf63721474ed8117378ea76702c5d
SHA256f9b249628c701ec1042c365ab21cc6cc72ac5ae459ef0b5d1bf5c3572720ecdf
SHA51239dd7b807cf80565ee33a5b74cd67fc9e220cb8c6582c2656954befa81db196e6a9d4f03158d71ef92e8e57de3ba5867393d83153770dab1886b8a259fe5f54c
-
Filesize
151B
MD55839293973ed0956604c4ab28dc79004
SHA1c5245f63a27781b085dbd5eb98f3f6d54de3086d
SHA256b7017e932564e6f8aaf8a0ca08b5bff79063b59828df49a50be52ad388ee6842
SHA512123d2c607bed0ef72c287ae1625521e52821a2c34ffff4d06071ecccd6773611932abfe7e34289e2b1d0cc118eccb5c0c76ab81c8ade38eb404015fc3873eaa2
-
Filesize
128B
MD5341173d31ce0d233dd96f4ef7f4d237a
SHA1779d8a2843c78d480c5787dc242037e4f6b37eb2
SHA256157dc104b1dd858da48473a4f9ba9b102724acccd1ebed33ca2fe25a5d4410ab
SHA5123f244d8370757ee7e1cf05a0d55e96f6e0765527665c0323bd55066d3145ba22e74b2f9ff6a0b0c2d275b828b668e6305fc6ed98dc2f529cda4d71d6c0af35e1
-
Filesize
29KB
MD54cf46d1e51a8091789a04b1a04cc127e
SHA13d09ddb8cfab688a21b15d7ed7a991062cafbb3a
SHA2563589bf8d6adf82b0bb245fa8022c54d71c98d6eb784fd6b5fa9b09b4dc9e179e
SHA5124877632ee82cf169d5ae83c03e0fecf4d0817a51f2001f9065e26de2cf04e3882d04421e2d263a7adf7c1551c175f348025379ec022f228d6c80c4950dfed08b
-
Filesize
7KB
MD5ed2d164f8eb08c9e56acaa98de9ceca5
SHA14bda7a712f5c91080d64d1b4a4e6e5c261a83cf8
SHA256517c2abdd94b3ce0d92ea748c23aa126f5a9461e119026d94df5158ce734c548
SHA512baaea0aec368529a18299bb1037f7ca9119799cd813ff4dab1fd4f595315975c365cbc98b21117f1eec511ffd45a472b41a28eba4f30089701984eefcd917276
-
Filesize
220B
MD5608acc3c5c5a792c8857cbd8d67cbcee
SHA19bcfc887b0d01b72aba26caccd045a5e35286881
SHA2566e642dbc1c842c3218152638a5bcda769713f6ddc240e03dabc202614a80248a
SHA512ee36a641b0cfefee3f9a2b640258de57610af86c5a587a7ccece83f94d22efa7b98bda3e068435650f298887260ac25e58e048b3fe6f2d909ff3796f5c9ca0a3
-
Filesize
66B
MD5e7df819943fe4bc4d546430c0566f5bf
SHA1ecb8cf618d4ba22a34cfaf542785f10bb6f260cb
SHA25681c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63
SHA5125247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c
-
Filesize
1.2MB
MD5336921950a9f279733cd787f1203d73d
SHA1cefc36a7c17909054cf2a507b34f545af96c0e36
SHA256c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c
SHA5126fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87
-
Filesize
2.6MB
MD514d119c585aa69bc93fd850ea385e139
SHA13ffe4d25d73df06b1124750ec768c8c5895dfa55
SHA256264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c
SHA51282e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699