Analysis
-
max time kernel
47s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
01/02/2025, 02:30
General
-
Target
059f6cbc0ae85403ce53189724812a70b38ee3a2263802f48f977d4462e164b4.apk
-
Size
20.8MB
-
MD5
96e77a35b4f5f9e9ef8c9280ca06800b
-
SHA1
f53fe17f4493bc08faf4f5c796aa7a0b30ad4506
-
SHA256
059f6cbc0ae85403ce53189724812a70b38ee3a2263802f48f977d4462e164b4
-
SHA512
409d307637349b4fc284221bb5d14051dc55a1c7016f82cedd6a6c2c8e3adf516b2cab0a9ba3851aa943a51994e0f24db6cf57300d319c0e58c9d1de6dd9a1d5
-
SSDEEP
393216:G6UKoU8+23isJA35z7A79L+ow71mbgafiubciZVbxT9i/zVN2I+TXRtkKpPbNiRB:RoA2NJA35z7c5SRmbBffc4Vri/zVN2IJ
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
qiozm.zqoasww1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD583f9d1be51c0ef0019952bd962f70f05
SHA18f9e2782d24b692b46e6aa8974e61fb6aa7d903e
SHA2569623d7ebba654211ee8fe37878dba389a66331142db2401a66207d308d29528b
SHA512586686fe26bac50335757548d758303a9adc54ccaf923f9ed977d05ffb927a4c406480b8fd8723a6d8adbad5d079843931d7b1d20aab2c369e88e6a62b928a53
-
Filesize
100KB
MD58ee13bbf9588f48b07d62c3b7dd4bff2
SHA1db7ce3545ff49be724aa8a8bc385af06941f8f4e
SHA256ae92fe23983113925e1c41568b2ca86c9ab26776e55485826fddc3e9cc3083a1
SHA512073176743a7700e91bf0eca99c778b90c4d130e987e113f63b684420f28bc6c24de96fd5b733f89a6c66181542022cde8c1285146971bf906b4433fd23fa7195
-
Filesize
60KB
MD5b84ec3ac5c1e79f72c55ea19bb82f981
SHA12a911a0494b171906a25ce812a25847c9f550a2f
SHA256cd2acafa436796594063fa7599247531a5a1faf91b5035d85bf692a395cd3841
SHA5129faa7a08293d0d00f9d0ec1b8c217d86d99e938a0e81f6d0324befefaf8c3a4226a64c1f1ee44119c07035c643e46f7fab51b6421819f346619382bae75ad2fb
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
100KB
MD52fd47f6caa706ffa5b461cfbde8e49f4
SHA103c6500a05c4ec784e79b2f6a0445e5255dc2eb0
SHA256b84681e65c6e3fa6738af7780bc939823b66970e5afe6a73d216f27b473476f4
SHA5129ddc2b696b32115f387589effcb409e5aa698382d29d4116aa78c213880e9ab43011999e3e2940b50ec665671932003d938a46e4a8871466a4343534f08f07aa
-
Filesize
148KB
MD5aeb46a94e6398a469cc1ee30e91e3410
SHA16521a0584f58fe61ea592b4d2c4bd22ad91f7906
SHA256d7558abecb187969ee8e33b32d5944019de1a95b482576e5cd8a5ebe85477805
SHA512af71c3037f3a146cd0e857e568ef97fa95a783238732a5590d40dd2b7d9b52d3957520ca31769f3ecc3bd08d4fb858ee82619b81e642fe93061f1a91a0bb3f67
-
Filesize
512B
MD596e0816b3a2d558997ce18264edd7d58
SHA1364d13ea845ebf524a2863c572ab31b12bebb674
SHA25630ded1774b1002aa0e78f828c9ebfe29ce4afda8341d54b0c968c59ce2009fcb
SHA5126c51245081a9655b47ef71dd3a8ab5861591f06265bfc96ee2b8b88c65ccd3cbc09d07b9e082010e7a584622c50f03887d332dd5225b94e2801b28710935e3a8
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
410KB
MD5c779278c17055ecc1a057b1ebb118761
SHA1a65c3ffb49ccd6afb33fd884a35a58ab8e00ffd3
SHA2560a285179fe9edbb5ee8625d573e196d7fb742064cb8fdde583b97d31c1641d79
SHA512d3ada002857b00d4dc05a02ecc3c89567151cb51cb4494b66078fa027ba6544fc365327269813dc7b5dc75cc51136e578d49ea68115d7e5b040bfaeb4fc11b76
-
Filesize
8KB
MD5a22e9f9db7adc9c0f532d5d370c94b78
SHA1aa56838f85728200ae7cdd8b000222fec21460b3
SHA256bfd4920f6a8cce62ee3e0ce2454eb93859c65bceb308faa74a212e2b0db36187
SHA5129037027c05f70e5558405207fc3ef430f30f3ccc129a33f475854073a70834a4c73f776b0bf03941267a1243a6398b6f1816e12bf68684d44ca1862f1adbbf16
-
Filesize
4KB
MD5b459f4389371173e6493b6d2725fc4a4
SHA1c7d1ff22c9c67dca3d70e45c0b4c98e1051b42f4
SHA256d42131fb6dd6f4fae5028a50ba252011d51ff6587e95753b76da0443ccc69f4b
SHA512d19cfbac34f69e9ebdd5cc6db2352fb9049665407efa373ea643a00af6252542ed8e03550458de5e9a476ea5432425c6dfa7662eb1b81463198d96bc05c38eb5
-
Filesize
4KB
MD5d54d1cd695e02e029e2ed8fc117aa3f0
SHA137fda21efef2c6758a5a7a4f92824ce099a830d2
SHA256d34e4d014548fe2b0422d8f4c989d345a149c3e169aa518e1f9735e926c7e579
SHA51289e0a9633b0c5d69e2a8399b7d5f1a273b6780fb7612b045138508edb16b6f4defbdf9a7c15fe829a7a33086cd54016b9bebe3c627b9c0effd0812f002b50360
-
Filesize
8KB
MD5acc0912854baca2081e7f9f168b0d501
SHA1e693a3164ecb67915871855acbadef53561122cd
SHA2565774e1271bdba91760d56d50f3425bf5b2d6e0cf7456709d8e621c70495b0d3b
SHA512d621060ef5fba1427e41353e8e9f046adf1786a11b46760c96a2e50f161d2097277fe78530b532b98544e9afbb972090e391d8566bdec73460f808b5f38e9f32
-
Filesize
418KB
MD5569aa1c25ec6e566ed1932f26d36d82a
SHA10ce17a533dcdea4d5a4cb9fd9237a87145a2fca5
SHA25623045fa5de580063f09cf04cfca6ccfcee3ad161a18dfc685e6bdcc4edd60cd0
SHA51203b208db8cf60b61fbf0d99b4f8b908c5c8bb12431c52a71208858d9a2785cbb4c9c0e40f1793220115f13d2c7ad99c99dae790773d3afc8f32cb6f9a89cacf6
-
Filesize
2.7MB
MD52383301abf8e9086f0230c0c3275beba
SHA16104a72736b331052ad00b7486d5e0766721cf74
SHA256e7ec38080b7e44de44807a5f53cf3a3005821ae32d75a9ea3d9bc27646d5cea7
SHA51285b4cfe31dfdbedfd9cedde5ac48feeaefddf88ea6b4e5b59cc4d3a95855c83518de23d94626438cc1482d711a34f125b6516480158b53130f1b035225792273
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
128B
MD5341ba2fc357dad0bc740ceda41643036
SHA1a262d8c84c7c8608708d4269077b7997a6d82ac0
SHA25696fb83a80ebca67cfe7962659d2bc37818f753c23f0ab8fa39cdfe154aff334f
SHA51206305d0ec0b09a63b61074cdf278a16ad993ccf5523821babc254d0aeda0b603a2bbd8c32ef36dcd7e197fd28f8f3d1fd6bd6611ac934293f38f058735e88a54
-
Filesize
171B
MD504199de4d5356de1c7ae76e2eba70eb1
SHA10e44a441724e50621cf82f26aa5634ba81d7053d
SHA2562b128a43261f26b2b767be24903e7ffaaa251ec0e2b0f215564e3ff4cd5a1b72
SHA51256827b5dd716af1bd91accbeb411d9ecc83d7506fd843cd24a6dd28dd503933e69f5972c9ed6fc2eb56e78ba28ae592664636d5bebd6ded0da647b8c17157dcd
-
Filesize
3KB
MD59f654a4514ef1763687256d718d2ed98
SHA1a68a778af731415af1d3c526daef8164e6181916
SHA256f4b65aebeee2a8de05214cd50a035fd064e25c946deef2f1b27da57424ebad7e
SHA5121debf8653053c43d0001f3e1bdb0e08eb5156de3fef35f1ba84a2a7720a2182d1f9dbf4452a9779757e44600d1ba164da8b46d89cdf48db3d6881dc11622dcce
-
Filesize
62B
MD5689ccc148b28bad225258e905abaeccf
SHA100e707dc22cee7f82c78e06ff3c3ce2607330708
SHA256279820818e35a830359955b7f820e3a3af5017aba14b5ffa90ff0a6a7db1d414
SHA5126ebd0052ed1e30445e08fa0f2f334e559001cca6bdf20fa8c9eebf57afa9ad77574b2600cade7a7449e6a7f57a3a43ef452c4f562a189d969dfac52b6f36d3d1
-
Filesize
70B
MD59a1a641dc94990351e50438e2a0b9918
SHA1f30d852b4b9916ca6f1a5389d1488f0b036b0a7b
SHA2567a788d84cbbd9b67c46361b5107ffbfac5d957206036049e5bfe62895a9d1221
SHA5129eb49f54846f97619e1d4cbf10e54ec61f87dcb0e9b6296b5bc6ac065ff803b7b03fdc58376f42e534f77d58d13f4a0437e3326ccb5d7035ed0a0ef7bb904424
-
Filesize
59B
MD5094b14add047ef0301f847fbba4bb840
SHA184b93d839f56afa0980ded51950c44436b220cc6
SHA25606cd4485faf040a1685411d0b83b645614259bd7e14047a41460347b20e81c06
SHA5123f8c777702f016cc898bfa395d8db33ecdd286cb5a4227985fc6ba19ebbd9b8e3954c77e2f3a0509410d0143e757e9b9a19f6b814b87b3d6a5a8f3ea10a29b82
-
Filesize
153B
MD5dcc7ab4cf894d9ad4fcadbffd7fb954e
SHA14c98e75bf60589d59516030319f3973ad17d49d6
SHA256ec9e9128aee5c98d2175b94f71f5357d68c4922d1099c455dca67cd230f77f25
SHA51281f475fb1b5a8eda8ecda10cd328ef7a23718155f4565121e67e8f2a910bd26af8728d42b7f3855b6ef98c01bd4aa4e2e4f80bf5a326d924c8d8866087cf45f7
-
Filesize
33KB
MD527323650bd50d14d36fffa191dc23013
SHA170f92055c6e508965b6278f14d30636aa6dc740f
SHA2566f7e20059623839d9b229c2d9d084ab168e662dde1a090945a2b9db0c85395b3
SHA512dfb8dd7f13ff6f0c251672adcb46cf319f1754adfc9aca7d0da8e918744d2232fe11a49b87ed95b6b9610fd210959b4aa4028f8409b67ec344f98d3dc0e2e009
-
Filesize
8KB
MD5b67beef6363308804a4d7cfdc1ba1462
SHA1806f7ae9460f5e3c183a01fe423f6d8c36e0ccc5
SHA25677652a01a3a725c9598878b77f60a58e4acfcbaad11f9f9b9e54bc8d3d597d65
SHA512a0df93c50c91a7e81ec8c1f3d2bfc4812b63173548ffe3856121d1b9defefa2cad1a53d0d74dcc031b302943892fb0c220fd7d87e84c1f7a81e30bdd0cc80a56
-
Filesize
218B
MD501928e9624ee23027e2e41c04fe2659b
SHA102e7233054117bd9278ac8f90d0798456466eaea
SHA256a0a0dc8f6d41af50e9f55862452a517345ccdba373620f4c7639a1988c0f5055
SHA512d3d252987d43a969bbbe14a44bb74d7454ee14af2f447ba5f7a32eb59b543571f10ae0b83807f64239c998b82730d5b849a3beba9dafbcb4087ba21cbbf9f53a
-
Filesize
78B
MD502a33fe89813f6da6310c3e84bf93f2d
SHA1ed45da9761f0b68622171385ed2f31c1bd96ebc9
SHA256d21d5e5e03f1f1d00dcb59ebf84f595e5c273c967da06e6306ac7035e6c620b5
SHA512a99dd59f1b75951c0d60d07f7acc06d49f5ecc8842110ad8ee82343c63fa3f8d1e2dc585f75d6aa0e420bfabd3da56da195263b1c1a7bd4880d7a8a7643f4d0a
-
Filesize
76B
MD582c9e18badb03758115eee83aaa469f5
SHA1efac9ccaf736c5474a6f9b4637098a82b5fcf37e
SHA256fa1c78d5179a7b2ccf361851a9b30c46018624975c146309d8d22e3dbb35a235
SHA5120a2b08c0ee50238e25ad1a49356c643dcdb5832f5a46363dd306a91c57c76008b9752cdb786c1a839d513b86713996da91df54912caab6824fadc85e0dc2a0c8
-
Filesize
2.7MB
MD5fd1787b37bb2c8daead349360cb2b6d6
SHA1ae98446bc912c5a95ca5ef3c1207daaf8cc97da4
SHA256001b6ccbb7cce5f46e14b4e864a0c1aea678089704594eef8a4b229fdfc3aff7
SHA512cb6908dc9a0ec87a087cc64ef9f1d48a9c63dc5c21991ce641575a9cf8d343cdafb9b799112dccaff0b439cdb366f1448f435b892fa5e9f4899dd78917c9964b
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c