andrmonitor | 583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b

Analysis

max time kernel
11s
max time network
157s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
01-05-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b.apk
Size

20.5MB
MD5

5682f19f3a2723db1c7141c9157ab93e
SHA1

748ea5d804fafc742824bd4c2f9c0259822de99d
SHA256

583b68d3c917ddc713d8621959f97d7f2636654494027e494f2368409730f88b
SHA512

63884b29b4b4714a2330d43529148ee9e8aba2b3ed62dbf85f9187148f330e846de2cf8516db3d2b8b7cd5b6cfa989b2e9a00e6df89da76e0b317d2ba415d46e
SSDEEP

393216:HHusJA35z7A79L+4wr1mbgafiubc6ZxbdT9i/zVN2I+TX3VsKpPbNiRSKcsLJJ:HRJA35z7c5KBmbBffcQxvi/zVN2IkHGl

Score

10^/10

andrmonitor banker discovery evasion infostealer persistence spyware stealth trojan

Malware Config

Signatures

AndrMonitor
AndrMonitor is an Android stalkerware.
trojan infostealer spyware andrmonitor
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

zufxtk.qtqhxzzsr

pid process

5098 zufxtk.qtqhxzzsr
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

zufxtk.qtqhxzzsr

ioc pid process

/data/user/0/zufxtk.qtqhxzzsr/[email protected] 5098 zufxtk.qtqhxzzsr
/data/user/0/zufxtk.qtqhxzzsr/[email protected] 5098 zufxtk.qtqhxzzsr
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

zufxtk.qtqhxzzsr

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground zufxtk.qtqhxzzsr
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

zufxtk.qtqhxzzsr

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo zufxtk.qtqhxzzsr
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

zufxtk.qtqhxzzsr

description ioc process

Framework service call android.app.IActivityManager.registerReceiver zufxtk.qtqhxzzsr
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

pid	process
5098	zufxtk.qtqhxzzsr

ioc	pid	process
/data/user/0/zufxtk.qtqhxzzsr/[email protected]	5098	zufxtk.qtqhxzzsr
/data/user/0/zufxtk.qtqhxzzsr/[email protected]	5098	zufxtk.qtqhxzzsr

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	zufxtk.qtqhxzzsr

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	zufxtk.qtqhxzzsr

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	zufxtk.qtqhxzzsr

zufxtk.qtqhxzzsr
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5098

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB
Filesize
124KB

MD5
9cf7e03179a00e0097bb8292c310a7f8

SHA1
8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

SHA256
b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

SHA512
1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal
Filesize
512B

MD5
a46abcc23530f55cc93f1d3e5bc032d9

SHA1
fb3c39c2c337b5a1aba2bb0fce8940d0d4273b24

SHA256
2a2c710ef43b74d1f50a438bd3ee61a329fad84a1bb005d24f98f2089944c28d

SHA512
b602ebc2c3922caa0e9e18a7b100c33623f2b70d2f59ffc20607c087e76598e67ef9459ffadf73261a95cdbbc94d6b104ce27bbe86b8e495c028284377af45cc

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal
Filesize
8KB

MD5
80577c453f93c8ede14798d81c8c00a5

SHA1
80a93a189df8fa3719f09c05085abe0c6d062922

SHA256
baf0242c2503abde00078b3c3ad36d587edc693cbcd3489f2c3d4add3ae17b41

SHA512
bfa656f73db8c9bc4cccd179f839ded27b7a7bd57ec37e86fad6e2049f3e56248f54d5aa493f8d2af3b199024006a0540015868fd22a9d426a9d3d7c2f8a7282

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal
Filesize
4KB

MD5
b92f33c12d9571ee569c0c71d9237daa

SHA1
8c624837d300fbe9bc3c7536530ae621426dd1d7

SHA256
66b25738aebab741bd336c33591061a539f57a51f3e4fa946df0ee269d92ab9c

SHA512
e0c688830f7fcc397840fee98da7b8566a826a968fe111f11092a6c4974b3ccc177627cae6f8347d9bac141994e5f5b3b6f7f5fb0d97a033076b927ce09b71da

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal
Filesize
8KB

MD5
9beadb33f9f705e0655a17578b84cfb4

SHA1
404007da272a86153672960faafd0401268581b3

SHA256
18d7379765c19c35b79a5d086d399c6a3b38c32c35a330fbcede0114b837c9de

SHA512
0852794724e0c27be9577803f3da46922784740037829bdd22555d176cd39133de76ba7a31b62bbadfc370a64f0171b7c88e8af00a35c5243de578968c100aae

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal
Filesize
12KB

MD5
5395d7a9aea6454fa458c489a9307e14

SHA1
2c1685b08f72af129106c0977656299cb24449a9

SHA256
4055743825994ebdf7d29f59bf3766bacddda4ad916822658b9374e10df24ac0

SHA512
0ffced8ce41d70b90e9956caab17e221ae55dce2b254b6464a104291c1416e71a4e1a3e11b0c8ce23447bd88df4ef5aca33e10e9ca2279aacd593d7ee8c803fc

Download Submit
/data/data/zufxtk.qtqhxzzsr/databases/SettingsDB-journal
Filesize
20KB

MD5
6b0ef87f52b67049d35376e4f2a0994f

SHA1
ad50da63fea7a3ba63f25c86af4491267a95b940

SHA256
030787ec3aaf2100b972749db185001b56c956f4dde0200ed52f82856841d314

SHA512
70c87675cc8b168697d76bc441f852bb64bcda59e3e872f93f6f202c1e99fc82b83ffbc7416015a999089f73f40a4a4850807d7a3887ad3cccde778fcd94b541

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/[email protected]
Filesize
1.2MB

MD5
205a360b4d45a6e4688aec7a7265dc0a

SHA1
53f493d19040d517bf0b4a842d5f7e8865a443cd

SHA256
a78f1f6aa2fb421d336ac32befa711c6702050014dad9d07074528e8ee4598ff

SHA512
3c515d0d30b65fe025629a9a2da0b7c83a95d27ce87bb54739e15b719b99dbeb11e9db0f8bce1855fdc60c872eede02327c15a6bd8f57a7de2d22edcb972febd

Download Submit
/data/user/0/zufxtk.qtqhxzzsr/[email protected]
Filesize
2.6MB

MD5
0c7c6b52525074c2a1aabaaaa33cd625

SHA1
161ba0350dab8e50d0988249c06b2a1c757189b4

SHA256
8ecf2f3210764f98e3713b9284bf0e3f49db5472fc0940bfd3d2624d4df5bece

SHA512
c7a872f5360b97c18a121d7e8827da32352ea7dbdd4c6ec8a80e7e950bf85c7a468230c81a7675c6815623b7b0ff2ada29584a5b0a87ce48e47ba391681be44f

Download Submit
/storage/emulated/0/.am/dm/md/main.md
Filesize
2.6MB

MD5
6ce629031a213e71015b36dbcc18fe6b

SHA1
8c2dcaf0bc169b2a2cb21119182b32f65958e369

SHA256
afd06a2b7fea75b3f5a4ce8835846cb95d2e50ec87428798aafe9189868004f0

SHA512
1cba0ca71b9359dde78305ecd91248ebf14ff4402fba538777c105c5f997a1267fa62e264267cbe7cfd1561e045a38f92ba85f9220e2cd439712ab8a74b2739b

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md
Filesize
1.2MB

MD5
c74275c6f8cebd2e1510f9ed4a68258b

SHA1
5de002cb456a33b2e54f43a009680770d079dea5

SHA256
22dc2fb27037413dc9aab2fef27ed052776bcd68a740d96c997aa31dd8f1632a

SHA512
ded1c0604d1c6439cf569149d0e9f30d05d1ae8d7dbee2b0539c90027fe45046ae2ee6f582131055341a442aa7f8be4da73f948de88c2e5e6d1bb764f00f70e9

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
169B

MD5
1e1390f9294b2a340feb3f3d7e62d3f5

SHA1
c76b8f832c8d825031ad48de512052a2d30e3555

SHA256
c4123a7805e590165b10d2c5233bde9f5075390dd29f010f8fd9f2950a1862ba

SHA512
d913202d0c845cdbf7dfd57bbed1d17606d895fb30cefaf47a9d322935b9cff6996358226040765443afaba7178d1eae5f60b5ae5b6d9a43706b1193a8c98a9d

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
148B

MD5
410cb685508d38fd58de3ec35f29374e

SHA1
67ee0d37d732a38faeade168f1abc26f10aca6ac

SHA256
9e7e50f247cf2075b5b4a77a0b58603b0d223e6999fa29ef9884dca6c0ebce53

SHA512
d59ec306066e7b8dd581cf7a2592e170a7f43696ff7ba58588e05d86abfd48b531bbfe282a3b5e68d525c636c8bce9d4903809c73229386a003139eaa9d575c9

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
4KB

MD5
7b0943171ea0f48a76fe636b40108ee4

SHA1
dd121d683382bb4d0927c0b4b3619fd7da5b935e

SHA256
bf4e73bde4f64c247d19118e28e16f5dc342f795bdc4c9032b60fd060f4f1c99

SHA512
07de907c933fe8a0fdaba07724b5d32e32462c4862c77403d9f513c7d511ebe5420c56f27f0dc17c3a69cfd0abf83dd05e94859aabde9f9e68f196427ef83ee2

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
60B

MD5
1d62a1b9072b57e10a52628ab233aaae

SHA1
d4a88451f6e285fd69f6ae53399a5b3fff5ddbee

SHA256
89bfa82437be33bac32e976df8ba0e08de23c5d20f95d04428ee80c3aa90e885

SHA512
4acc9fdbd82bc18e97c0505ec1c4e2fb681916e3f6067afa44f7cc9476a4e774fba83b9f9397f72f4bc65d984a6a1d9ecbffa0f9a2903a44f697692216f99384

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
68B

MD5
a8ccd4ed589e1db63a79d301faeb6560

SHA1
8a95684543399b056d4a1c700a9bce024ebe2c6d

SHA256
87c6ca491bb590032ba4cfd4034465f1f5bf636109eea4a164a445617ad3e610

SHA512
2158737b0f3a13e85515ddf83a54e03f49d128b08370dc6298ee68e1af0e36bdd59cddcb53fcc798138efcb521d1439ad97bfd4b71c6c88f9f3d3cb9c01c10c7

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
160B

MD5
8f1f78945259db1d78f687905dd654dc

SHA1
084ec0f5062fbc7d85874e0bb73872ba2de08bfe

SHA256
dce52c432ba3902ea62071eb3e4a6c19aeab403ac8a8c3d7c84f6597ef13a58c

SHA512
050435dbbbe1d85dbf06c80a2b4b7e32ab422d8353350c0d0cb6054fc02a080bd454956167695bf4ee856d05fecfcbfd68d8f1dfdb3fe48cde2845f3580e769d

Download Submit
/storage/emulated/0/.am/log.txt
Filesize
129B

MD5
7a09b019515e8cddfe083f70baf2de6e

SHA1
09c08b33464fcaa1bbe70fc76dc4bed4fdfb1ba1

SHA256
69e286dc8e48c6d24b9f3873b73714e413fc230b52342dce2d7b568d04f16858

SHA512
999de6fcb109cabd40b8c63e35513835c25e2833f626d6563dc7c2b18dfd8caf1dfb445cbe36fef454ed35fa783b70c7f2ebb3fa96a3bfb0c49d4968ab066e85

Download Submit
/storage/emulated/0/.am/prog_class.name
Filesize
83B

MD5
826941bbac53d86e5d00e9e55cea925e

SHA1
804aa6bec689aa3fbb786cded95a5f5bb0a0e54e

SHA256
29e2e0b88aaf6f47825025253b1c3b11192c109f0e8587e0d620cd5e4e5163db

SHA512
cd75a77ea1ed59af80ce1971a43263fd14025c3ebe32e8168e97b8eeda8cd9fe2029d4fe4d7c45e608736a6746aba5e68e75e6b0b1f9abd0a639cfa43a1afafa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads