Overview

overview

10

Static

static

10

ae4e024bce...72.apk

android-9-x86

10

ae4e024bce...72.apk

android-13-x64

10

Analysis

  • max time kernel
    23s
  • max time network
    185s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-07-2024 02:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772.apk

  • Size

    20.5MB

  • MD5

    69a3362a56aceeae697d711b85ea1bd0

  • SHA1

    05af8c183ee7934be6bb1077992be1aa79a4d17f

  • SHA256

    ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772

  • SHA512

    75f50d474571b4d722d623f7d74857fd831553f941bc5fe7b7b5b310ee2c8367adca0f4e32ee44ba9c5d945e76b8b6269d4197dcbd5efcea245dd6da118ae61b

  • SSDEEP

    393216:/rTNsZsJA35z7A79L+piJ1mbgafiubcrZzbfT9i/zVN2I+TXu1qKpPbNiRSKcsaT:vzJA35z7c5R/mbBffc1z9i/zVN2Ike84

Score
10/10
andrmonitorbankercollectiondiscoveryevasionexecutioninfostealerpersistencespywaretrojan

Malware Config

Signatures

  • AndrMonitor

    AndrMonitor is an Android stalkerware.

    trojaninfostealerspywareandrmonitor
  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 6 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • wzfj.mxwub
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4242

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/.am/dm/md/main.md
    Filesize

    2.5MB

    MD5

    650dd681bde64f1ef1afa4fd3521d1f1

    SHA1

    300fd6661cdcdfdd0bf443037be254869037451c

    SHA256

    311fc261ece19d07b1b6b222f2cca476637400fbed571f60bb42acc86c72cd7d

    SHA512

    5f2885da7c47030c7da7cd03eaed537696041b3ba188bd16cdb2728ef231e075d380332549c29cab4a34df5e1d8fda449081527bfe1982969747278668504923

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    171B

    MD5

    fd9eb4a365fc8d9cb20083305a322aaa

    SHA1

    1c4b7c03a8792796c42fc414a4ec07e1ff17fa1e

    SHA256

    5f18ffa74d753313d4fa685f0e5670bdaf416a26f16dcc786e83ec3d354a7b02

    SHA512

    c98f38601cc39e9bd03dd9fba473b7e57323976bf00cb533e48478aa34c14ac81f4dc99721770ef3b1a35197c597c5535c92682ad27548678e9483625bc4d50d

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    150B

    MD5

    f78be70b3031d4a135b105f3e2999c3b

    SHA1

    99f3879e13f4fb3d740e534279b8ddfa130d1b9c

    SHA256

    c4943013a4a07a138974e5dcd6ba1eb2d9d13e6af2fc1872aa0748d09b6b91f5

    SHA512

    ff1b925e27cef035845b8a30dc504187c9a98d34e6f19ec5035d699554642e75eb5fff77debc64595b04412ef9d76377ff8a8ba43b4c7a14dbeb95e8a1a6d46a

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    131B

    MD5

    6cb2f72683460cc418543c7de87fba83

    SHA1

    ee74031ceef878a0d03753d478a0dfcce4f97f3b

    SHA256

    3b3bf5ddba18c2660c9b3c54f659a8026465bc309d1a389edffcaa817936cb9a

    SHA512

    3f7dc83a955ab02fc3e62bc0b385dfffeb9db1478dededd67561dd30c150f4cbff2fcce0c606acd51af90455172c302cc2b21976f45ad7f089b7817be01546a3

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    62B

    MD5

    dc5f3edc36e676f8ae4db7bb8c95c947

    SHA1

    76565578fa7d98823bb6cedbe52e94359acb2565

    SHA256

    a2edae23f51ddb18006f111334471e4564e9e45149928ed0a0c37019f0e1c37c

    SHA512

    ef8b337c8b75a6286ff6c77708494d6b0ca8e0b4fb7ecd7d6bceab4a9e1d47286875a360a049b598e74fca840ff14d51352141cf307b97d17c5e3cbb66d05405

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    70B

    MD5

    188b43e3987ed818198b9b739d3933d2

    SHA1

    85b784499a7d6fb1bbfcab593dc6f2745b4eea2e

    SHA256

    5879b086f1dbe60f0a8ae56f1461417e4a003e7dce5cf371a1e7c169a0de0035

    SHA512

    b4cbf8eb5dd962e48a80a14ae619fb5facb4731209b21fdf52286e66608b40245a2eead55592cae413ab604a1652515778fe4c543903e9f8f5a4819e09d7d9b3

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    147B

    MD5

    84da15501aec5cb3cad4d055db459db2

    SHA1

    a56eb9d4e3bd6658e2abec64931f47fb7652421b

    SHA256

    d8b2b56d2a158f798f46c4bf128edfc617bd2c29d62225ab95e4aabe535d3c2a

    SHA512

    0f66caef7f4e658a6abc653d18196897be6fb084fa9213188f5261ee0604727ea1b69507d93ed0847bcd243c1362677fa639de2d273b58deb1a6bde881f77cc2

    Download Submit
  • /storage/emulated/0/.am/log.txt
    Filesize

    125B

    MD5

    e9d9b674383ac69b058fc055fdaf9c6d

    SHA1

    c406920b5f89e7fece8e2f98d1817716ad5642de

    SHA256

    64f2d83784924affeb61b18d59e751d63129ea5e3163618ad24ff128d38348a6

    SHA512

    a348f84ca978465499ff8d19ead49b1cafa4299af0bfcf4016ae9fc1285d311e6686481d657196e771bafaeddb07391d8b41483f7b8404b65eb4544f81820f22

    Download Submit
  • Anonymous-DexFile@0xcef9c000-0xcf0c7250
    Filesize

    1.2MB

    MD5

    cb16f947895faf71d09cb5ad792b0e35

    SHA1

    c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7

    SHA256

    e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef

    SHA512

    8ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba

    Download Submit
  • Anonymous-DexFile@0xcf1f4000-0xcf4864e8
    Filesize

    2.4MB

    MD5

    404506862ed9dcc0325f821d80ab9f80

    SHA1

    bd9da5abddb723dc0dfcf34e9d75688819d32011

    SHA256

    e874bd5eaaadb6e47303377524a12dbb228734dcb7ecb371a69f154d55788f10

    SHA512

    83df201d4ba55c53429274442c53d36cba00bb35e216e4a7111b6982992e9f462e2f5c7f0724a5f1170f3ebc8e15c08326e92123e00662907497b49b206aee0b

    Download Submit