andrmonitor | 4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b

Analysis

max time kernel
145s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
01-03-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

3306391950192abec178615e5dfcee53
SHA1

73d7d97fa7943be3fb1a09021579de25f101d6f8
SHA256

4b38232db89ffc202f41fee493a84b056f1115339439efb6635d170e05bfa85b
SHA512

67e19e7dbaec8d102cd41a693a86203bf1b2ca4147d29b5d4d5b30e24969d937c1e3ef67f88ad1ecfee75fdd80ef5849ce56d10d55f9abec58f6933063932ddb
SSDEEP

393216:oyNMhsJA35z7A79L+oIv1mbgafiubcbZLbhT9i/zVN2I+TX296KpPbNiRSKcsgJk:jM6JA35z7c5KtmbBffcFLbi/zVN2Ikm4

Score

10^/10

andrmonitor banker collection discovery evasion infostealer spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
banker discovery

T1418.001

Processes:

iznobhuck.ntcrxlglq

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications iznobhuck.ntcrxlglq
Removes its main activity from the application launcher 1 TTPs 2 IoCs
stealth trojan evasion

T1628.001

Processes:

iznobhuck.ntcrxlglq

pid process

4192 iznobhuck.ntcrxlglq
4192 iznobhuck.ntcrxlglq
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

iznobhuck.ntcrxlglq

ioc pid process

Anonymous-DexFile@0xc9501000-0xc978f504 4192 iznobhuck.ntcrxlglq
Anonymous-DexFile@0xc9cd9000-0xc9e036dc 4192 iznobhuck.ntcrxlglq
Acquires the wake lock 1 IoCs

Processes:

iznobhuck.ntcrxlglq

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock iznobhuck.ntcrxlglq
Reads information about phone network operator. 1 TTPs
discovery

T1422
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

T1430

Processes:

iznobhuck.ntcrxlglq

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo iznobhuck.ntcrxlglq

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	iznobhuck.ntcrxlglq

pid	process
4192	iznobhuck.ntcrxlglq
4192	iznobhuck.ntcrxlglq

ioc	pid	process
Anonymous-DexFile@0xc9501000-0xc978f504	4192	iznobhuck.ntcrxlglq
Anonymous-DexFile@0xc9cd9000-0xc9e036dc	4192	iznobhuck.ntcrxlglq

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	iznobhuck.ntcrxlglq

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	iznobhuck.ntcrxlglq

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

iznobhuck.ntcrxlglq
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
PID:4192

su
2⤵
PID:4262

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB
Filesize
96KB

MD5
d322f29ac8d138c936cba9fd37248dfe

SHA1
66b3828b4bd2988a7455be736f2bc8e3f19d1b0a

SHA256
2c2b713a781ca67e92506bf70775714fe5be03cdf0f7b72908503aa20d6e076c

SHA512
b470fe569c4721894c1c012c8d30cfd911daa831d0ac2be981506379022edfd2ae41e9ca03d5bed9a3992fabf3689a936beb7735b6a9d51e8364cdd1604681df

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB
Filesize
96KB

MD5
01aee4bcda392feefaea7546630757b0

SHA1
76f10fbc9410e49be48fde57b6cd716b5b242562

SHA256
1b83ca442a8e1c42f6495e8822f39b2222d9f30edf2d0e43f1602761f922c11c

SHA512
fc4469425fca2ba691a87d110b97d7a6894f6bba8a5b800a7c741a2fdd080084d55c40ff72d2b9ee48e514f805c82d625f3c689ccd47c376c3e858d41548d62d

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB
Filesize
52KB

MD5
b6815b344f6926d458cea05acd052cdd

SHA1
88f524aff1d4c5fee979a203dd952427871a7097

SHA256
028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

SHA512
0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB
Filesize
96KB

MD5
e9cf3f2d03f3db27876c120dab4b15a0

SHA1
31d10a247b8a08d6ba693c51ae2b179724959d94

SHA256
e1dc67ba5695edf53b04c6b21f3fd00f4c4472028f21fe314c03bfc8ea6b1372

SHA512
00686939161ec4e0294a993e0cf69cfca22f20d9ab5bb9a128a27da763a0008eb3f96a67b112a332779e2d534a1d67d3c856f92eaebcf5a404135f5d93faaaf9

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB
Filesize
96KB

MD5
126f3b1101197273da9a09d3dce59ed9

SHA1
a775f3ad60f7928b1b8b5329f1f35577aeaf51e3

SHA256
5d9a40be0cb908caecd20002abef70a3188d718e8c593edf98ef0cda00ad0928

SHA512
2c020331722b73c49ccb5bd7303c7f3c62174628a2c512cf0c3f96f7510a78867e66d2799f6373d183e97c8b0cc696a2902e499dce4ff1895822e55abe38cc65

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-journal
Filesize
512B

MD5
f8a2005ee70ca370579d57a2f3b3b09c

SHA1
fee86e7397493253e160b1e1e78990cd0fc1625b

SHA256
3ea61c200a9fa7f953153fa6e1caf08f3f91719a178c14bb0b487ac7014181f2

SHA512
d6a89f82335a5c13ab85d67a1f56e50539a360d83057cac9180947fdbbc4e2e6bd13f487957e6ae263def166b9689c28345ce17f310df48a6d4008697523cfa6

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal
Filesize
120KB

MD5
f66f77c2f544b08c8f4f0397c2458430

SHA1
c5beba9c1320c8d75d11db764f1295360c2162cb

SHA256
c5eb31d7b31e57f1d6e1015af2701ce1472c72c2a15c78c5b64522d05fd6840c

SHA512
de247ea32ed8abc65a904260651019c36c5804b47149e1a2568966de22c065560e9f814fa32ea9e9b2fe7af646e69a1cc89603f0c704741abe493d18a258bc97

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal
Filesize
8KB

MD5
0094fc4884a0e241eb46e1f50599e527

SHA1
559a93550a18b9fbb435376f92fb6b29d7b06806

SHA256
e36ce92b483cc3751c546f1848347bea77126a60a3e9bd3f898712792e16e23a

SHA512
c2d3e55c03bc895fc1b4413d94fafafcba45f5d27832cd62d8ea1f42c2c8731ca54147e3c5dffd9f0f242e53b0d4411e2179bc1f34e33d65896de4940436b3e8

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal
Filesize
8KB

MD5
0e514dc96122fe6937c2f0e4cd1b47cf

SHA1
a31b83853e86904216ad3653ff8c896d74db29ad

SHA256
b74e59c60005ace80b6abad4372045b135c3ed94fa94a29dfbf4298833424645

SHA512
ac4a1db5f06b5a746b1e78c16caf15f9281600293976d65c0f9185a8e36135211047cc21b1f6969716b8e4baffad0302e41e4a334bebb78f019243687d73885a

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal
Filesize
4KB

MD5
9082e062ea9ede5a029fb845003952c6

SHA1
e815fe6059ad4012fed242374ad98d0b49fa8ffc

SHA256
f9133ec85d79cb9c0ee5dbba4f571338183c476bf73d5e6e7f710c6f523b6b22

SHA512
0008549db09fd350078e74698f38e05025b00ff37ae66f4e3cb02a45315efda97531c2f255781c5314ea15ae7385223cdcaed54772e76ae3c7755d52306bced4

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal
Filesize
8KB

MD5
2912067f34f81eb640ec6251c3d07bc8

SHA1
a68303ce6b37da1bb026f27bf0b327051c1d9eef

SHA256
f324a6a6e8101c13a8162fef37e3059b2d76976b9e0eb73fa19161e274ee2a0c

SHA512
7cd5266cde00b2b5de4fb3b6f5d08070a02f7e77b2952e3dce62873668889354f9b305c08c6429ae935bb0d3d494c67646a127f59ab42ba234529040bb382fe4

Download Submit
/data/data/iznobhuck.ntcrxlglq/databases/SettingsDB-wal
Filesize
8KB

MD5
9478d7ff58d3f90908518f0ba3df6a63

SHA1
40062c9d7acfd462f7818310ce248f05390c4689

SHA256
86666c210d5c25a544b55b87529b0cd45d241f0a5cdf154fc7fdc16930872732

SHA512
277b4ad67b0913dc81d69abf779331f81389f3ee2cf7381f4307c8bd8de3e6305135dcc07ec75bd0582b92d2c4b4b4e89e0232b167b80fb4ac59343548cf87d4

Download Submit
/storage/emulated/0/.am/dm/md/main.md
Filesize
2.5MB

MD5
031093c44a2de001c996bc4733e80427

SHA1
ab091215ae4ade9e8590ea3e0a9e039e65580053

SHA256
5d96710a35b44ac29e903f361126624c2ac1721ff01113dda66285be5481cb16

SHA512
93c07e359460596b019523e1a0f70021df2b3990dbb3e1a2d3239cf40529564d16dfbcfe2b5bef233dac7a460d6b157a71d5341a9f0c5238e6258c160989e8a9

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md
Filesize
1.2MB

MD5
d8d9b85813e38cf8944dae8dcee6741f

SHA1
4df0493630565537092e5103a2eac78b9c42b509

SHA256
c5b4638af9ef95c87a26acc25fd095727ae202a3b78e7484fa7e9ebcaece71b2

SHA512
62af911be5cb92df1db591c87691c2e4c72057b16bba85959cf27d0bb9efd034c3a70fe05eefafaec00a163f714d8af081b0d795bfae2325d8dce2593c2482be

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
170B

MD5
a75aae9d55a44477af2c3811078e6418

SHA1
034da6d65d275ef14634e06d2624ccbfbbd4634c

SHA256
5491a7c2c086c9b4938f188bb2a5f9431f9b3d200ef25149a677d54befa015cb

SHA512
514f801a435b59bc16ff6724b537c289a882032c274f580b8fc8b4b22b578379cad670e043a82c2f92c27d3f58208ebd1c3a256e2a3777d034ffc49f544f4470

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
149B

MD5
ce68becc41897c30d9981e207d4d46ad

SHA1
5822afc9f59dd789c9f2a1b1e2840685d5e68e91

SHA256
a96bbd6ead00554ec37f0bba7ef51ba73541888fbb3b19f0641e7b928fd90196

SHA512
e43e0755a3c3ad714a3ade95c799b04a595da92c2aa21db99170d55708a03132398f47342d2020371490e2c91ad03e2947aec0d82fa0432a8b85dd8145b03cee

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
130B

MD5
240a20d2d8b0ba1fdb58f3f6afe8b8c6

SHA1
cb92dc943a79e6e2a89cfbec7e0b4298d46f7113

SHA256
468d34536c01478719f6f551646c54a95fc866e4c081b3b873aaff111df25491

SHA512
134a0efba8216e7cb0eabb894f7590f4afcbf2482d701f70e7fae46397d38540e53ebb0ca304948f93bb511b847be06dfbb060b5ac2c58e90389e5c8275ee2fc

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
61B

MD5
0746e975f3145e0281431fdcdf28c493

SHA1
4add363e1c3c96c180f6b1e2a337eb74574c3aa1

SHA256
7cf5a30fd1ccd9bf2651e8dd4cee028091f3d6627f778267def4752b4022fb71

SHA512
ecbae0ab3a121b7b9bb5fc24e1daeb319e4d1edd8fb13d13641f43360c4cd54e4d92b061b3c8a0c5897b11edf465dc6dad392deeb46d603998fd94e4cbbe05c5

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
69B

MD5
ca9a61ed5a2c9e4400bacd1019e7597e

SHA1
d59a49797c1d646e24ce22abda67645f018cb7d4

SHA256
9aa11182e52678d2323b8732cef4d306ca6e7ff39b21a45ed2d9cd51b6d013bf

SHA512
01e723d5076773bb9b979227f2ac8a5fff4337124da7a9f794b17fcae2304b68cacb1e942ff8fa72607e4c420b6124381c4f55a1fa9a2d33cbea03a02fd01e3b

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
164B

MD5
1aed02dc4fa7bb999dbb484a3411a707

SHA1
0a0871a7eff066a16133f24046a21a9101f913e9

SHA256
c093fe7752a6a5dfb0cd9e34ff13cab4a1b63dfc88abf464828c20dd3b800edf

SHA512
13911b0e9c0894799b3019c7191a279e33787b1bdc31e649e07e01cd470c9545c9b14d3542675fae910c045647f02575e565034c11d13024b9643039f8ec58b2

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
133B

MD5
58cb70ec7565d96835736a72f4589f39

SHA1
a194b0ed0c9b63d6eb61f56eda471c34a5e94e22

SHA256
a7b2717383e04da017114247ef7b0d4f7db9947248577f3536114bcdf7662971

SHA512
0b375030a365042fa24358b0343a7f9785823c3327fd198b45c3fa0eb3601898d0c1fdb8eb4cad2d6e055b71bcd2940c042b4354bc86c959643638180f340bd3

Download Submit
/storage/emulated/0/.am/log_1709258242708.txt.zip
Filesize
217B

MD5
a73f7381ab182524595a45c57719a9e6

SHA1
45059f2c0cd5fdecc049b3bad151546d2f82025d

SHA256
dcb1c618b6ec6505ff54ca8605d869fa3904a9b3b25c4e931a20a1d2d1ed53af

SHA512
e840c0fc20c0ff37213c82db0a2225665c894e628a959c740aff048496236ef05eae5cf8ab1a980a7bea3ceceab94543662987e20717e907b97aac50fa06f915

Download Submit
/storage/emulated/0/.am/prog_class.name
Filesize
79B

MD5
1409ce04befd249965476c79a114deed

SHA1
df37825daed76eedf3323bcbd5159cd0ff36115e

SHA256
31330d80a9486640877dc87231d4c3cf4131e4f85d1cae356216a0ed9554f51a

SHA512
bad9f1d63ca560ac81e84e910c8a6036e4c0220925729967c530639bace292b167af7cdbc7489207536bdfe4a7445befde173c56c89981040365355c94a1e25a

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk
Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
/storage/emulated/0/Android/data/iznobhuck.ntcrxlglq/files/Download/mch.apk
Filesize
64KB

MD5
c8e37da299db67b210f45363499e6506

SHA1
7ead7e8d6716c8fa503e539503e9aad0ca948dc6

SHA256
41344508902e263205ed8134591763f0c8187737746fe3064c4a91585550823f

SHA512
0f676cc3b752238e2417bbcb73883478c32fa8fde81d7d9732193f80d0fbcabb7d49832d44fde15eb4760c3991adf2769c3a0ec38ee45e14a5a8bdb4e89d4ef4

Download Submit
Anonymous-DexFile@0xc9501000-0xc978f504
Filesize
2.6MB

MD5
ba8f3d6915944853db58788045adef51

SHA1
198562ac8724166ee6b9a56d47ad66ddbd9eb335

SHA256
0f5b826f16eb47718340d7331b232cb5d88cc5df249c67d32a25f3b8f3e94ed2

SHA512
003918de4c7c0f7c12f1246038aebe70e805c240bceba062e60e040004bc15ec44aad3232a6f9cbd2ef1a9a790e609192216e5577994f04374d48ec534b94422

Download Submit
Anonymous-DexFile@0xc9cd9000-0xc9e036dc
Filesize
1.2MB

MD5
ea1666d1e54e80c67d0fd8291b2b2813

SHA1
7cef9ba94f0be6c627ca73764ddb2598966aafc3

SHA256
84db9e19f78b846657b65eda5b6c8b7a3d3a8eb76fc0a3cbf01990083daf8e2b

SHA512
751c608e201b83f4de66d668f90e0e5f54eb2866a364670b7981c96525d675a8dd46816e887c44e866416b55f37d24d754a9047b1e4068005bd8bed3191c6e64

Download Submit