General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.zip

  • Size

    20.3MB

  • MD5

    44cb35584fca86a73b220529194b3d72

  • SHA1

    18030bbcb11b069502f89c7e3efcf262cd8afa99

  • SHA256

    a923e8d930c5c55fb0a9856125500ad9c7e1395c569fbe22dadef7a6e289efb6

  • SHA512

    9f0c7d1dc6b1105077938eb66e1ec590a2eb04e9a780e16b11b59971836aef4546b6f1e4e38e522226b22b53b1f20ee402577959d90877d638fd7918c4d7aa98

  • SSDEEP

    393216:FOD2Vbx8JPit+lYPHaPWR8pWY2KD9ZbpgxVSIsLJwYq5RnZsUpWj6x0T/Ckx:FdyAOYP6TWNc+eSp5RZsUE2x1g

Score
10/10

Malware Config

Extracted

Family

andrmonitor

C2

https://anmon.name/mch.html

Signatures

  • Andrmonitor family
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 2 IoCs
  • Requests dangerous framework permissions 26 IoCs

Files

  • cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.zip
    .zip

    Password: infected

  • cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk
    .apk android arch:arm64 arch:arm arch:mips arch:mips64 arch:x86 arch:x64

    Password: infected

    mbxaq.yntvh

    .OulcatlqxqRuqq