Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
70s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
01/02/2025, 02:30
General
-
Target
059f6cbc0ae85403ce53189724812a70b38ee3a2263802f48f977d4462e164b4.apk
-
Size
20.8MB
-
MD5
96e77a35b4f5f9e9ef8c9280ca06800b
-
SHA1
f53fe17f4493bc08faf4f5c796aa7a0b30ad4506
-
SHA256
059f6cbc0ae85403ce53189724812a70b38ee3a2263802f48f977d4462e164b4
-
SHA512
409d307637349b4fc284221bb5d14051dc55a1c7016f82cedd6a6c2c8e3adf516b2cab0a9ba3851aa943a51994e0f24db6cf57300d319c0e58c9d1de6dd9a1d5
-
SSDEEP
393216:G6UKoU8+23isJA35z7A79L+ow71mbgafiubciZVbxT9i/zVN2I+TXRtkKpPbNiRB:RoA2NJA35z7c5SRmbBffc4Vri/zVN2IJ
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 5 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
qiozm.zqoasww1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5e6ba078c00fae1e75d4d8e88614521b1
SHA140dd89d035e3c323d5d13b6bd5265a2abcb16cab
SHA2565823115928fd8c38deecffd4683a66337c53a138bbacddcfbf0b3b1218e5643d
SHA512e3cf518029632f1eebffee5467fd0110eec5fb7506e0b137ea93d869f17dd1439afdd1fdf6bc038e0230d302d91d2bc0a82aa92c859e35a2558cda0489494abd
-
Filesize
100KB
MD5175b3365bb934f67d2d559958cf944af
SHA1ae338c62ea050ad379d5d4f5c61f68dbe128eb71
SHA25646654c2230568b4d18c0dd3d1bc7216e0ff8843ccbd01fafca36015c0fdebd48
SHA51235b057520b7154d6a96501711b10d7064f77ce871a2300a0a3a0fcb6c9105f68be54591e1467f96abd0bae106ab0e22fb7185057e71267ef8b95b45572e8904d
-
Filesize
60KB
MD5df0d246a3def0a8530902a95ee20944a
SHA17b7aeb2bcde17b22d55c8f9d9880997e41897c6d
SHA25607362bb6099c8ec063c859c448d0a7fafa11217f7286c31ef1df81a564314ec7
SHA5127f86c5e64cb0ac1c38deaf20856223c74ebb81e7c0aa7e1963d5fb52328336c28593f4a17929bf78f0dbc989b2c41c40525b7d2253755c263d4c15c29c15580f
-
Filesize
100KB
MD5396a2721765a684b95504f37d1c4b680
SHA19d5ecea6e1af4977f16ff3d46341a524bc5b6cab
SHA256bfb01f7886145fba9103694d8a721ee56433f971a746d8e4d0eb50dc4b5c8a25
SHA512f14265c64eef0dcb0fd083a3b8c4d72e2c9b87d62363dd4de2384f447fdf365e8ef933b7f9f1737de10ceeae621cc18b0c27858425410d372a45c4d1c0adfae3
-
Filesize
100KB
MD54245c9b36ed9d1bd379a1ddfe1ae5935
SHA140d71237ad5e40b7406edf032a46cbd61e018dd3
SHA256e0601437d1513a00b66cbb0f8c8c7cb7fac3b60a95ae274f696a3180ec91cb0c
SHA51242456f730efc13ea2df132135566150a0c844c51e20927a8ee79a57c632677235bf87d7d11d8db9fe13d3e49fa65b66362667aa6f84e596e480a0bfc558fd2a9
-
Filesize
164KB
MD530c83b820cf8ced7ce0da6add1311043
SHA1c2701a10d38e644ab6ca28a87d4916bfb8b4c993
SHA25691814bfae5176bb16c2da6448828180880448152a03bb5bf7b41db247b5b8d44
SHA512ac6a71d6e0d1d50833d0fcfc45850e76a6e398afa944b560ef2a681a84f32aef150f04d1b14803dc0f754b3653ef2ffcea6e46c82d94f5f6ff1be13f5b66493f
-
Filesize
512B
MD53c630a4cbfb2e0c9492494db0252a5ac
SHA1a9677bf894dd8c70f17530bd09cb2bdd43d35efa
SHA256a84bb0514b52b2a6fd7ca2416f062d95e55088f52557bfae9d6cb835d98989ec
SHA512eb32bcf773d9680aadee865b2b0f0ee24a40551ac5ffdb5c35addfc6e070feaaae103f9112bf455bcc5ae184c2b0c31e59867c6085e7a6a608615495b47cba17
-
Filesize
8KB
MD58dde625ab7684af6b69a8135e2031699
SHA175b101b357b046f301ec63bc9f17f5c80f59a6d6
SHA256a4efdc5b7643af9dba10fd36b11764f09a3f40410abd1e0067e51e8804f45d6c
SHA51264598e70770e10b01adc1975048f3e2eae15958fafd43be4ff9c6b3c4309c76237e820fe67e6ad181b39594d61526e6760f22f46b0d5576c8385237a2993cedd
-
Filesize
4KB
MD5dc55693bf6d9db376d31dcf2b98262e6
SHA1ec82a28684620ab7eb76f6a31e859641f6eb2e33
SHA2563b40e276d3ca8ec8d830a706377c3599ed844e4ea7bb786b5e29ceb072f772eb
SHA512d712a383681c3234eed3de4e4ce1a0a91b633902032d78e867853fcaa2541831e833797a6005b4e2c0ba0fc6728d8aeab0aa79221c8663ba06476070c2423652
-
Filesize
8KB
MD566c1432041ff403d8e6e2002d4d10df7
SHA19cb6530c23f2da9ad849dd501e17ad7324bd1f8c
SHA256ab0ab9853e138c9716c6925eb837574dbc04817089d5873a95f8da443c98ad7c
SHA51211fdbe3680e601ac3fc4fcde69745b111bd1b1ec360a779246a8ed549ee3ce33cb8294e62bf4127ea15c5e0cd667c3691414b564f8ed03de7015b73625eb74ff
-
Filesize
12KB
MD5cf528aa4b0b14614e08e6822d3081871
SHA1549a3b6ae0f60e73aa174d6460e748b458be8144
SHA2567bf602fb51cab59fd094b7579c248a923c3d0c2736e96f0a7652ed0360ceb28a
SHA512ae3c5bee92a45856bd8f696ab1af494bfa36101acffbd9053df774132d958374c37b86ad207f0f9d794d24428faa8057ce7f98b1077ff08c7776c6f4025ac916
-
Filesize
20KB
MD52c7846a47dbffad42f543360a94a9058
SHA13f8ba75bba8d47830a79b18bc50b00d678394147
SHA2561622c823a9fdbbadf431266871b0c5471c3c5dced43c6a7adf53dde86a813399
SHA5125213b0e4f047dcad7628c78481d3e59f11fb0bf7ffa991155e393fe83094cb0280b5b36bba0c7542f569bc03d8e60f06d49b94a8ee4fafa40da0191f7a13b59c
-
Filesize
2.7MB
MD5fd1787b37bb2c8daead349360cb2b6d6
SHA1ae98446bc912c5a95ca5ef3c1207daaf8cc97da4
SHA256001b6ccbb7cce5f46e14b4e864a0c1aea678089704594eef8a4b229fdfc3aff7
SHA512cb6908dc9a0ec87a087cc64ef9f1d48a9c63dc5c21991ce641575a9cf8d343cdafb9b799112dccaff0b439cdb366f1448f435b892fa5e9f4899dd78917c9964b
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c
-
Filesize
2.7MB
MD52383301abf8e9086f0230c0c3275beba
SHA16104a72736b331052ad00b7486d5e0766721cf74
SHA256e7ec38080b7e44de44807a5f53cf3a3005821ae32d75a9ea3d9bc27646d5cea7
SHA51285b4cfe31dfdbedfd9cedde5ac48feeaefddf88ea6b4e5b59cc4d3a95855c83518de23d94626438cc1482d711a34f125b6516480158b53130f1b035225792273
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
128B
MD5eea650b53a632df2c2e193461333fe74
SHA16dce568f84daed4084ecf467cda24808d9cff178
SHA2564485c1a1861b76c98707d840b7b0dc92ffe2f613552057032259211470cf270c
SHA512420c8215858ff48342aa0dea6a06a33e98317c2621e17d6aa51e8e3b6606f998fcb09cd56ec933f7fc93ffec94dfb50bb1b356db81e4d0884cbfd58963848733
-
Filesize
171B
MD5035f9faec4a14d2d4effe13179b1da86
SHA1d2bb4766264e9d7229f8433d05bc84ba4f4665a5
SHA256255850d022db4322bd6a033d3f1c219067d0be76fdbe3ba2adf1b612af6bbf55
SHA5126b10b69f23eeb4f14083994302b1a1434b727383f001a36a94b960b580842b984c247def1e46d1137663ead628ab2a88ed2a9006f91a953c233b5cdf4a2cfc97
-
Filesize
4KB
MD58892eccc268684dc7b9135f2f1e56deb
SHA163b75331a715c19e02011756e5b10f727b008ea6
SHA25602bca7bb132c4bc8f95675cb13156cffdf898ba43d6b8066d97d6657fc5cedf3
SHA51216313690b86b3a5e2229a5da845a34895239603a24d7bf6ad9a6a405854a32232842f9e6b06591d2006945b0df3a671ef5533ca72e66e81b6978c62f427e3194
-
Filesize
62B
MD5fccc19dc7b780b322183935d0db4d718
SHA1f7953848f0ea54c0dad2138652aa7d0b7c64f725
SHA25638b340400e901e51da00da4478750da41448b1efdffe4c04a0f8487f366c2e02
SHA5123e1730b23e1450ed24dc86945a8fb3b3edd6c9997b758d8b929e70699526808af0b6cfc38a210c4995517d78c160e66765e02ef8c49e887f9c8049446aaba0eb
-
Filesize
70B
MD52ab62c2b1d8694138f76e44ac968279b
SHA1bb0ae95def31108c8b085ea239bb2f387b6cc4ad
SHA2563f2c8660550e83d84292d479fbd0c16934dd90bde22ea929536cdfc38130b1fa
SHA512e04d59da4a7bcec86ad551167b99ac7515de340977bbeffb45e0a19cc37f59813d9fa61e8a5496a46bf9e0f026763bc248b9e7ec2fbf2b13c8557c60460ec4c3
-
Filesize
59B
MD5d177419d468818d87fabf3199c7e2f84
SHA1a8322529aad774b864d25f3c6d944abb67642bcd
SHA256912d3e9bb14aa51f90c05e2085eb3eeff190710cef13edb9c8d557ebf1b8322c
SHA51208744da834a244dd0b1af22b0abd64580b7baea3dc233ec9b7c466be481322459d600c7342f62ac63c06b83a114da295eea6345a11512cfaaccb6113a25c4f1a
-
Filesize
156B
MD57d2122352669acafbd75854a9bfa34dc
SHA14b17f3eb1ec93751b02a19595ae276de8213206a
SHA256680a7d16deee37a159661946645ae863c2e7568fc3d59369d044f3ad6f565933
SHA512b05c60c3d40d094d587cbc48e8cca66233691c554b69a8930295513809b1cf7929ad397f97ea71586ba1f20ef49e1b27aebae2795a7bc396c9c2d2ef0110f0bf
-
Filesize
35KB
MD56d12741d1a3252fd070e2f1885d05059
SHA1d36602172d6534eee85f7fc7d8bad4fbba75f7ca
SHA256014b93111b8d4d108dd7ed257eb256a667c672b491255decdd9b5d9cac7e28f5
SHA512781194e56401e962f43c48f09687faa3774970b3320f81b73adb9c1fbe9c93639418d616c8b90623cca8084fb96836fc791eb0d1cc69976dabb31af24a4b4607
-
Filesize
8KB
MD5c56c7b3059ed537d2e7ecf424f94a107
SHA163ace59c2b5f22906a2e96584b447449fcda0805
SHA2569b625728c08c6747d547c0777fac33ceef61cb458438bcc810f88d18e8d68144
SHA5126214af33f0bc990d53e79aa1a990804b2150b3f84aab5341d0853be5a7f18842289ecd7a86c36b27c90bec9b86c576c7b411c3aabd66c4cc4f5359072f274649
-
Filesize
218B
MD5d473e85929b546ed06ce56e771e5a085
SHA130c29be613fea64844b030c3288e26a738544206
SHA256d1137f89731dd42a072d72093c6e3944f02e1c83a0f29488ca923fcf5e3376b0
SHA51260abfb4207948539eeb46ee1f8c1e493c73518f27aaeb5b2907c8634de35c37a7abbb58aea4b7b5f360ee9b63b0f7d7fc4c55ae3273d86f6701e19a955a22762
-
Filesize
78B
MD502a33fe89813f6da6310c3e84bf93f2d
SHA1ed45da9761f0b68622171385ed2f31c1bd96ebc9
SHA256d21d5e5e03f1f1d00dcb59ebf84f595e5c273c967da06e6306ac7035e6c620b5
SHA512a99dd59f1b75951c0d60d07f7acc06d49f5ecc8842110ad8ee82343c63fa3f8d1e2dc585f75d6aa0e420bfabd3da56da195263b1c1a7bd4880d7a8a7643f4d0a
-
Filesize
76B
MD582c9e18badb03758115eee83aaa469f5
SHA1efac9ccaf736c5474a6f9b4637098a82b5fcf37e
SHA256fa1c78d5179a7b2ccf361851a9b30c46018624975c146309d8d22e3dbb35a235
SHA5120a2b08c0ee50238e25ad1a49356c643dcdb5832f5a46363dd306a91c57c76008b9752cdb786c1a839d513b86713996da91df54912caab6824fadc85e0dc2a0c8