Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
01/02/2025, 02:27
General
-
Target
059f6cbc0ae85403ce53189724812a70b38ee3a2263802f48f977d4462e164b4.apk
-
Size
20.8MB
-
MD5
96e77a35b4f5f9e9ef8c9280ca06800b
-
SHA1
f53fe17f4493bc08faf4f5c796aa7a0b30ad4506
-
SHA256
059f6cbc0ae85403ce53189724812a70b38ee3a2263802f48f977d4462e164b4
-
SHA512
409d307637349b4fc284221bb5d14051dc55a1c7016f82cedd6a6c2c8e3adf516b2cab0a9ba3851aa943a51994e0f24db6cf57300d319c0e58c9d1de6dd9a1d5
-
SSDEEP
393216:G6UKoU8+23isJA35z7A79L+ow71mbgafiubciZVbxT9i/zVN2I+TXRtkKpPbNiRB:RoA2NJA35z7c5SRmbBffc4Vri/zVN2IJ
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 5 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
qiozm.zqoasww1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5e6ba078c00fae1e75d4d8e88614521b1
SHA140dd89d035e3c323d5d13b6bd5265a2abcb16cab
SHA2565823115928fd8c38deecffd4683a66337c53a138bbacddcfbf0b3b1218e5643d
SHA512e3cf518029632f1eebffee5467fd0110eec5fb7506e0b137ea93d869f17dd1439afdd1fdf6bc038e0230d302d91d2bc0a82aa92c859e35a2558cda0489494abd
-
Filesize
100KB
MD55d32b807eb2843b07d0e9f3210ddc045
SHA10e77df212b1114d08411ae690aaffcbe226d1ec5
SHA256a1d4b05e049a4b7febe673fbda08b86d2bd45ecdbdb7647665c26c34343bc2d9
SHA512c405564774f29f969072684ae671735fed1d5512cfc6dccc42abc92cde95899c87408d249dcf8cdeeacacc60b83686512a7f518fd64957b52f674cbce361d09b
-
Filesize
60KB
MD5df0d246a3def0a8530902a95ee20944a
SHA17b7aeb2bcde17b22d55c8f9d9880997e41897c6d
SHA25607362bb6099c8ec063c859c448d0a7fafa11217f7286c31ef1df81a564314ec7
SHA5127f86c5e64cb0ac1c38deaf20856223c74ebb81e7c0aa7e1963d5fb52328336c28593f4a17929bf78f0dbc989b2c41c40525b7d2253755c263d4c15c29c15580f
-
Filesize
100KB
MD541f09ff63932946e722c661d69c8507b
SHA138fe27a3de73c5c3826d5f6ab1f01d97c186b31e
SHA2562d59952500952d547a557a27e0856deb55fa905af780691452085ecbad0fbf73
SHA5125566c10389fdf0c30ccaa0c8e849c3deb26f16cb48febdea5b3c6dd268dd3bddb71f1555fb7f0246984fb9e5be04cc16298e076e65a716d1c1153b796d97c06a
-
Filesize
100KB
MD571262df8cd631c01a7f7e5e183073d7a
SHA15d3a17da8880deccce15b1c1fc45be3a30ae5d68
SHA256625d4983fb265e705cd5ca3b48f94c505465a40b00d2640c936b050dd665ed02
SHA5124e87bea092357d5bf305691777c844b0d7d655d09db8d1430be101392a73bce3dc9998aa60f2c683ff2fbad7d11b64efd213074751ace6005434aabdadb59a4e
-
Filesize
164KB
MD507d97f1ace23d53e361b8d02c22af00d
SHA1e5c12ac5755fcc371298fd3d2ef1aeb27d0b99cf
SHA256b29f5ee088d03f4dd5d70baf55a8af05db0ed525288d7a4098d41e6fecdfd946
SHA5125ce1ccac1d47565ce89b7d0bfcfdacd7a40023670d15350e03ede6d6ff7fd004e95d4a62ac41cccadedbd7e4a8f1cf52067a5f30978c3ab57cfcd47dc1709068
-
Filesize
512B
MD50c4a1d8f89baa4a073b7127b725d8646
SHA18169944eef61f03fa1a9c83359d4738f151ae82c
SHA256c65532d58c9bda038de0192e2af68bc8ca85957c7f08cd47d9de9349a1ffc79e
SHA512adab7f2c750f4c4b37487b011d6ea95b6a2bc6d5f3b93807445a88231256372b5ec5f100839d80a4bdcba21728bbe502f7a0f7ad0a3b599a285b94ed35d67942
-
Filesize
8KB
MD5aa3001b055016973bfa24d66771152b8
SHA1939064d4fd70b8738f61b75085c0959fcb1098f4
SHA2565bf9877de969e7b5056de718c8683379e1b1625899b3c75bf27ad7bf8174c830
SHA51217fe1c7eed7d5641e46565f684b8facd61f26e61f27605d6440cd4fc751238032e1884d21515aeb7a73cbda4c0472e5b33a56245ca72c8935df193992aa8548b
-
Filesize
4KB
MD5bb3afdb33265fb7528270e261292b723
SHA1b20005b9e90da0f8321b56c4a36b05c755338ab5
SHA256c278d8239b88f9bc6fd5830b0a71fe1e8aad01f66bd05a98b8f6202202999c3d
SHA512cfb5dec4309c19f69467f5878b28922f8b26449d80e8d3eef1a7c1e3a0bde373917dc90f5325dfeb14ba337d24e15748b6959f9984de31e1c44a872a0e8102fb
-
Filesize
8KB
MD51a7bdc5db76cebb751833dd45169fe03
SHA1ec8ff63a1fafffc772ae0d84e3df8c74e51a5b86
SHA25670cd665d13b0b799e8f2d148cb05f715074f19b2d2108f6960c80891287b9442
SHA5126930b73b82e85d407ac7fd67591b7130975837a96d9d85c4be62b63babdf53bf9b1ea6ab54183c0184bb3b16f019236836ddd48a3ed43f1dc8e7c19b1e61ca3e
-
Filesize
12KB
MD5fceacc59bcde712ee82e8c3e85d74bce
SHA19e9f36d5a7e73113a5d82405aaf8652c3ee46f55
SHA25637f2fd169c2f2cc9c87c82734753cec0f0a93012d4ecd58752a2b499ab84199c
SHA51277d11a5a7a248d40f9921864e3c6118ea19e3bfb66c1fa143950ff0ee6ed32b5cff68e7d1b9b1dd4a4c1e50824e64770893215b8712bdbd6b92d53e8bfc64d60
-
Filesize
20KB
MD5ad5d9a908c7aa9ce3e0d9c5d1b7e8104
SHA116307b239e37471ea641fdb1913d2925179b0d3a
SHA256206532f9ddbc1cefff1f5acbcfc9100ea3e52ab4b03973d7c4fb96b20b517014
SHA512e299efe87b0439a3d213ec30bce2c85d9fc362d3648a839f54e3037f224e0328c2583ebf53cf2677911749ea44c79a97e3c7d64efcdab2554f213125462f93b7
-
Filesize
2.7MB
MD5fd1787b37bb2c8daead349360cb2b6d6
SHA1ae98446bc912c5a95ca5ef3c1207daaf8cc97da4
SHA256001b6ccbb7cce5f46e14b4e864a0c1aea678089704594eef8a4b229fdfc3aff7
SHA512cb6908dc9a0ec87a087cc64ef9f1d48a9c63dc5c21991ce641575a9cf8d343cdafb9b799112dccaff0b439cdb366f1448f435b892fa5e9f4899dd78917c9964b
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c
-
Filesize
2.7MB
MD52383301abf8e9086f0230c0c3275beba
SHA16104a72736b331052ad00b7486d5e0766721cf74
SHA256e7ec38080b7e44de44807a5f53cf3a3005821ae32d75a9ea3d9bc27646d5cea7
SHA51285b4cfe31dfdbedfd9cedde5ac48feeaefddf88ea6b4e5b59cc4d3a95855c83518de23d94626438cc1482d711a34f125b6516480158b53130f1b035225792273
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
128B
MD57454e8a809b358198767768d18ca17a8
SHA133d1cf898f9d46734076f35c515c249cd71fd7a6
SHA256fc0009d446770b85da6fe9c398fd0f06c8a8e04b15210a9ced72ca67558ed2ca
SHA51284c014474b09bdf158450251f87784c69e90b6d394523e541c0e4df44ebc818a0b9134b4e8a9054c1948c4b8979a3973a83ed92ea602384a33b5acf893f5608a
-
Filesize
171B
MD56624cdb328d6b4d9bb356328fb25ba47
SHA1dbe9d9b817f132ac884c6363451f57c95914b9f3
SHA256bff00be55ba688b785ac53525503bf93555f59c67f24f267fc42a8fc76ca276d
SHA512156b9182c8511e3b6879f94cc5dea83cf9168f6b14462f0058c2bc26ad85dea100b8a5e2303dff4361b2c6c612805eafb8d2907f0dfb16f001b98ad9987d25dc
-
Filesize
4KB
MD5e38b3499c8d4e8a78b64bea3461de365
SHA1e71a228f3274d8f258ae402b482343523d45e5a0
SHA2561e6f86fd979aa6f3310ae014ecfb65de89a558eff8871cc8b021b054a41104ee
SHA512f3c0653e136121400d2fe7fd0c2dedf50e72caa0dc817bd4217ae58d2e49a4040df74cd8adadf4ed0bba38a88f78ac783e2399f570d73ec4b241a39b747345f2
-
Filesize
62B
MD5ae3dd514f81d012f355baa62d914695d
SHA14bda128c25c094c78c99831b203e9dc43a53eea8
SHA2567e51a9b46b68d63a919b14950c3630f8039c319505d651f2a4e6b202dbc60ce4
SHA5129457605807199e0a9bd4fbed19874d9a47327aa2ffd2541cab068e122ae0e05a8882a7b588c15a1bacfb35db8e5a1d5e1fc541915221003632a55520cc43f1e0
-
Filesize
70B
MD5460b55514f473a3860cb5e69bbdc1dff
SHA163ecf6d8b1a7b83495d112d9e7669bd1992600e8
SHA25648c96fb4e9e4f71d96d8130ed55258dbf4f217067ac07d0b6a6996010011153f
SHA5129f546dc4ba0b3da0e82133b6d34b7e74086149411b64e19c9dbbda5367bf8a85a281ca5784bc190dd5814f9796e019a3e6e61e292f51ffc1de558b00eecf4133
-
Filesize
59B
MD5a0df6812c50f50d3f0c3d3f1f3ba8f17
SHA175226b8e653cb1774642f8d9c050c3664b0f53db
SHA256cd260c267e419818829dd780c60c34fade51346a56049b1ddcf32781d0368a0b
SHA512d84f50ae946880dd461c9aa3d17b40c8e3ebe97b5d2912e148a64e0caf6b0a349f5e7a25dd9860be5dd4f3fab4abb44535608c498e1feceb3f6f17fc161ed629
-
Filesize
156B
MD5cfe7c4839a0752a004c35c9c1074c1fe
SHA13e8fdc79038a389cd893e06372d816d486f95287
SHA256c5a4f8c6d72e80d40c6633b89173aef51264c02d48ecfb50503ebab3e7d275a7
SHA512b6aa88718b50ff940028aeb36a4e80866d9b5e6b5695e41a974b14b09fb64055b97bae79b416f1c7053cf2c77b549f964dac2e3a9ca9d2a98d1f072046eae4f1
-
Filesize
35KB
MD59558f406d9a2049ec56c54cb3402790b
SHA10ed1764b3e13aa83076f57828fe3997afe18f783
SHA2562b12a1ed8cab64016a28e42a5b630c8bf6db8b733db34f1f80024d546a35a1a9
SHA512fc6040f99b3359732578c64dc3cc5193f9f5d60bc79e53abb81f2cade410c6d02b05c95cb2a20741a9eff543e2da34bc7fd249bf2aef5986537f248532505d20
-
Filesize
8KB
MD58d9a79c2d51312b6d8444af4865b96aa
SHA13444d8cb37dac5e6f59af6bb5984dabb96defc63
SHA25657f8b8483d645c65bb5c4756ffbfd184f0d33debf61fb180662bb16c9491019c
SHA512d4a36b4f696d214ab1a2152b83c37841314e34c5f41c9ee93ed1d9deb8f3f9a95b535dc856621dbd510ffd8e32329ed514c68e3062a85b879f57e8235c161913
-
Filesize
218B
MD52a072e0da48bd6854f329e01261e4152
SHA1e839ffce0b410e8934978a3a60dd01e6cbf49cb8
SHA25636f87bff5d66e906b0ceff5676a6eedfcbb7a74e40c70d7f284d3a039903abf4
SHA512cc86d143464b505f297b96ea0b1d05184efa9f29fb36efa2f2e9962e9c7d3469f6da47887ed22f94321a9953d36e666054247ff0ac0fa7170c7696a3a4db88a7
-
Filesize
78B
MD502a33fe89813f6da6310c3e84bf93f2d
SHA1ed45da9761f0b68622171385ed2f31c1bd96ebc9
SHA256d21d5e5e03f1f1d00dcb59ebf84f595e5c273c967da06e6306ac7035e6c620b5
SHA512a99dd59f1b75951c0d60d07f7acc06d49f5ecc8842110ad8ee82343c63fa3f8d1e2dc585f75d6aa0e420bfabd3da56da195263b1c1a7bd4880d7a8a7643f4d0a
-
Filesize
76B
MD582c9e18badb03758115eee83aaa469f5
SHA1efac9ccaf736c5474a6f9b4637098a82b5fcf37e
SHA256fa1c78d5179a7b2ccf361851a9b30c46018624975c146309d8d22e3dbb35a235
SHA5120a2b08c0ee50238e25ad1a49356c643dcdb5832f5a46363dd306a91c57c76008b9752cdb786c1a839d513b86713996da91df54912caab6824fadc85e0dc2a0c8