Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
150s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
01/03/2025, 02:26
General
-
Target
450173140bbdc6f8ba40d8e2c29b42a93c189c34c19829881097e8f0d56ac760.apk
-
Size
21.2MB
-
MD5
47d9b5e71d8fb85d593fb75c3ffeaec0
-
SHA1
4b095e4336cc8652e86044d4d6aa1178fdfad2e0
-
SHA256
450173140bbdc6f8ba40d8e2c29b42a93c189c34c19829881097e8f0d56ac760
-
SHA512
5217fb55c33dfb5a79317376168692b8b2c655e7ffd0ffcd40e34ead708585a058e236b96d581176a78fe9084a6f6bf84635e0682192f17a701b14f85402e388
-
SSDEEP
393216:wKU8rbvqsJA35z7A79L+IsQ1mbgafiubcBZLb7T9i/zVN2I+TX0NuKpPbNiRSKcJ:3BbtJA35z7c5yOmbBffcXLBi/zVN2Ik6
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
binbu.pjyvmek1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD583f9d1be51c0ef0019952bd962f70f05
SHA18f9e2782d24b692b46e6aa8974e61fb6aa7d903e
SHA2569623d7ebba654211ee8fe37878dba389a66331142db2401a66207d308d29528b
SHA512586686fe26bac50335757548d758303a9adc54ccaf923f9ed977d05ffb927a4c406480b8fd8723a6d8adbad5d079843931d7b1d20aab2c369e88e6a62b928a53
-
Filesize
100KB
MD58dde7dc1981e1ac560b581a543dd1050
SHA1fc604a2cd7ee384a47f76f770bc82bee8616252d
SHA2563fc9b2da634f1610b43a5f5cb70920a52e78c6c44dc809c821699309fa0b623f
SHA51247dcfbed2135444a5ba4429b2a9e4ae3006e28842d53cfa11028c90649ed92036243393a821e4572ead9f25b6c4504f28650253ed7c8ad9d63ac8bf9140ccd7a
-
Filesize
60KB
MD5b84ec3ac5c1e79f72c55ea19bb82f981
SHA12a911a0494b171906a25ce812a25847c9f550a2f
SHA256cd2acafa436796594063fa7599247531a5a1faf91b5035d85bf692a395cd3841
SHA5129faa7a08293d0d00f9d0ec1b8c217d86d99e938a0e81f6d0324befefaf8c3a4226a64c1f1ee44119c07035c643e46f7fab51b6421819f346619382bae75ad2fb
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
100KB
MD55a854403a50b3ef4294fa23d0c1624dc
SHA117153b8c3ebd2cd96470f8a8e745b22792452831
SHA2569b662f786fbd186b046a06b17a52b493d3a55d7ef1606899ab21873bae5099a5
SHA51202f038790619967d595c6d5bcbbaec750ef6b6c4ac7d812c8d94785998702cd4bd1275c4d9a76cb0845a3643a73cb5fc78508973cca8fe91b341e76bd6af061e
-
Filesize
148KB
MD5047768d2de2f3044222147702be1d6a6
SHA1dc9141df5ec7365579818c32baf16bb5deb9dc3c
SHA256bf1dc649e0f78e510a755d6d0e96620e6f56f6a551f7ac264fa100d402e47811
SHA51204c72877b3261bbd4ca7a08573d9b70a5cc5d0f7971b0b99beb93557031f516368dbb99a8457fde02534ab48a109c7e83abd221ef3339121139ea29348382b40
-
Filesize
512B
MD57bfe78aca0c28c22c92f27c28671bc49
SHA1b4c014139a6db89a853cc15f1e38277df09f035f
SHA256893c312912f5d547755a60d27af47a79ce443d8ad8339fd811ad35dcc77ef3b9
SHA512c57bdf615c8d74f42b399c1b9997162cd54b3203554c9c794a97e976f0271980bec1ed3c38ec628c505bdf46ce2c753a042e38d3beec0e3d35a4379f7319326f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
410KB
MD5a6b45823d6533d9bfeeff4779ff2b094
SHA1e8e0ca21baa4f0cb5ca888b34fa9547919d03689
SHA2567f45b3a9a287c18e988125dc5f029fa0e97eb689a9cb9510cd8056aa2db19760
SHA51226ba03dffa927d549af45554c0d757a1941c3972ff6cfa347c2e65306f54d38032c14c3f7ca40988b8100d784d171a6241aca4707df73bce2d5c9046c321552c
-
Filesize
8KB
MD5568f9150a052d588834910ba0ac8d1a8
SHA1bb45bd63668ce2ba47a4464de9caebad2ef2067c
SHA256b45b4cade14c9aa1cd0467bd9fbe27d258e4b480c4c455b811752f7bab315d52
SHA512ad54ae8484c1616d7e1020486302a6a1855a43b218e29fa2fbe4e48ff0e269d4449fe11b48bd0a628a63a59bcaccf9b0f988c715057267a22023f49060d9c2e0
-
Filesize
4KB
MD537dd284350adfc5d8e6a7d18c20ad46d
SHA1c53098fff421957e3983af972ac7d7184a608984
SHA256660891f6d6b6e7f6b7b4bc5e2cc84f9f1263fcb14181d32c4d5680e763ce0859
SHA5126570d92e5bae752a51b1d8e3affe2abb6b4544a2b1db93addc16748e82449f02cb7d5938b2e1ed825c8fe3ad22c76783d7ee4c09bb3b65800ef8fd530be210a8
-
Filesize
4KB
MD57a5886eb017bab0e68834ac64fbceabd
SHA1bc32c2a89c4696d6620d274cf0a06155e70b5ff5
SHA25675ff091ba4fd07200639d3a3d02a38737652114a1295983c24eb803a95b4eb97
SHA51250da7cde6023d51232eb3ec7290f33b39c544f1d8971d47c8dbc3ef67bb6c9ba4314917419bd21b2e6eeb8fffcf0ae25ebfc883f4f6ba0fb8e47f0880cb68b68
-
Filesize
8KB
MD558b1b48babe8e4a26a28a691702d7c42
SHA18f5ef7141e76e2b35ddf5e10521088b10f49557d
SHA256ceccab8cb2e5ef164929e9d6700c6a48daaa0aa9e4738e8bc46221cddbe697e1
SHA5122d6e6f48463d39e93f29d45706780352d9e32c5698ba7dc791c7d0284d8411d647d1bec49c8861534d07e4be8324b02bf230480e9c59af35b37eef7aed5aa324
-
Filesize
418KB
MD5678caa98b2fac35bbca51ee93bd5e7f1
SHA1ba367a6b32749ee4bf23e8617b8fc67ed7ee91e4
SHA256718569e098a27b708c51d609e83c06b1187e691fc665f0a4058a794c36413f18
SHA512a6ccdd261be8fb90aca272fe165a5b1a397edc38eed5eb25aaceee5ec93f69428aa8cc47ec011f1b4749ae6293029db73e42c73ed8ada34242b252fcbe7eb4de
-
Filesize
2.7MB
MD597cc43e6bc600b26035cd7ff7e3ae864
SHA1d86a7030dfc879297367ff279287868d94c5b6c0
SHA2563e007b65ad02af5378b746067cc917eb77e9bd8b4ddf6293c47bd8a86359ad33
SHA512eb9a4be54e98fff773eafddee0a145e5ef75ca49fda810c3fa481c6ac8314c888c85167235a540fd3e1e38c35f5c6a65d66f91dc837574037c1c7857a17d0bdf
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
128B
MD5792a812d903a5f77a80f8e6d186ece01
SHA1179cbce3f5d186c0151d71eddbb9149f335574a9
SHA25685e775a1a98e94e9dcfd2c87522f402d7313ba1f51109338b27424e6dfe9149b
SHA51221aa8cf5cf164511602a63ddd863935510633cff3a403cb7aeee31b010ef33876afac5dbe6bb276db012e9408d95c9e3815eeb54e4b6c01cf6c10ad095223cfa
-
Filesize
171B
MD5eb91f17cf592acc19b5f6ab159293364
SHA1e06bd10c81e55634458174abbdcba20691ea8bb5
SHA2567d99e8b957b263f769f27e5fc5798871c63447ee094c44b3ff5281f468424a00
SHA51207f08b15b7c2ea27e5c5480904d196df68074a95460eaff5ff8132770116e9997bab13ec23cc751b248db75f7b0e81e25d51f2883fbfc40ba7f67c9f01472889
-
Filesize
4KB
MD5aa1966ca00cbc7040232d92bff0b9af3
SHA1c238a739d507364d9b8ef6261ae804b3baa8a5b3
SHA2566316b2466ddd577844d32ee89296a037fab2177d501847db9db1e4f9d2472fe9
SHA512b3cbf48a4726876c3940fdf242d9fc92daa3e22a269e36194e2af8b42c23a92dac1f74e142896d7432e5bedff6ef508a58e9ec66ff3ceddb9b026c9fc603ebd9
-
Filesize
62B
MD5690cd7a9727c7d9abeb36fe64f4402a6
SHA15d44d4ab8bdb797758fb138b6dc2e047fe9bda5a
SHA2567e916ff7be094cf496fbec1e8c0f582aa20ac22c974482220011ad18349c45e0
SHA512064390384c3208e6b41725d38c8e15ce3a6a5df3d80dadbaed7ce5e4c59b3ee4688431959ff9ca68e7e9be45df0742ae501dfdcd08e77843e1f172542eb2ad22
-
Filesize
70B
MD5ccc806cc7dbb55674ad1bebdd569781c
SHA1187f3dfe4980f521be6d5edae45c1fe77443b9dd
SHA2567f30af2b27713b31fa70f42eb85c788dca7e05111fca5023bdadfeb2f704569c
SHA512ce3b1e1a05af3798858830c69a5ffdc6a6003d65246c94a430a5b5b90d05c5a252b258bcd1f132d3bd791ebb95df2f8f842f660acafdd10adf2616289e75208b
-
Filesize
59B
MD5338f7e5db3df6b5af234a579dcfaf3ef
SHA11bc3b209a49a77513d62ff76e52354cf94696ddc
SHA2569f78bd2fdf856fcb2e7a942ee9c92c715e9262473755a960eccc1144d36c747c
SHA51257c3a289b82363e0bd77f546cfd09ed7094a0d9bd05a4e2e7eff8663e4b9ed8839b0575de4339a88f3f1bf46a57f31d55510e08ff7a1c9c67968edbc37f0a6f2
-
Filesize
153B
MD541c713c3c5c495b6f4f691f2d7e66806
SHA1d8b8c05c1355f417338459b9e9a961fa83c797ca
SHA256df576d0e3db7a89d08b433c1a9bb52a3fddc68d169119385e431e0947af30bc9
SHA5127e48f2b1d7b75b535b71607d140fd75b7da051431ae402c1ab91b1bf2e0a4d704674c04a2b5f09c4dee21b3625174decdf8a4b531529f7038f0c30424794a55e
-
Filesize
35KB
MD5585966eda415d069d9658230f3c5ab20
SHA151cff2e09fba3e3edf53e2395e0208a06b7e0ed0
SHA256a03a5fb00803757cd3819175335edada01008912e535477a7533f3367ad6e6c2
SHA5128a0ad13ea7777dee4fd5b4f7d0b6ea35c94208a95ac37076812576637bc1f323f6823390758c29caa96d020bec758b9d26c5f8c05d70bec6a236dbe765f66dd5
-
Filesize
8KB
MD5938a4a4c51b34e09f5348ec636bacd66
SHA12da20a9646e886bf4d4407080f720d4c66986c1a
SHA256b4927bd64028e5208a28d8139e1e3ae4d0aecb7384cb3c054b2c575961bd9e74
SHA512833ee03168d26d11adc9279cf06eb188a06ab9ea28e46074ce23d67b1242d4dc1a5c58a43f10561dbfad66fd4fdba713780c109fe61bca6a894a37005281d381
-
Filesize
218B
MD5f6d35295a8c1f17576007e633d0405be
SHA1e095747265861478a054f2b99a051eceec9894c6
SHA2566d5774d7d6267dacfdde5939f2734648bd43b1a4596d8c11e28f6aa03f94dcb6
SHA512fda8c8a7787dafd3e050638c1bf7aa03359c1f269e1a70d181fd187257569c76bf71b848e8100197badc81bc100d1eb11514c584060d927c927c56afca08cf66
-
Filesize
74B
MD5630c3cb641663163938c334862b3d8af
SHA1a6bb61e769f4629d0fe62e2b7f69248a17a9a782
SHA256a2193224aaa62e8e71608313d27dea72f7f8f4a2efc029200a3b89232e3ee782
SHA51264e019d3ca81a2d4d075ddd5244c33c5da0036ac5166f5fde70659a31ff0cdf35d95f5a50330600eb5ac812de8a0d08d41b8a5aabdfae8ed7f08aa98d35a3f66
-
Filesize
72B
MD5ba5e690930f49e4578149c9d9bfc97e2
SHA18939c46b246e849d4a4d353554111c6a91a095c7
SHA2569e82864cb17ebb1ace3690bcee3861b414c9682f7f7822b54f8d49d9da831b15
SHA512b3afa35f6ad54a72372c22fd6e082a868eabfba8487b7d10b0fb964ca3ce26807d8072c5b020ade544d90d486d7fe84ad86e25c13ccf0b57c63cb4ed1962a570
-
Filesize
2.7MB
MD5542b77e146d8118017ba4c66529cbe6f
SHA1863e8616511229438d1cac6e1c5c00f860219768
SHA25640f050a80dc09006cfcb7fad3b37a617ebbc222c1c51f303ef41d23e0436e50d
SHA512d546457becb7c3b8e8114c929668a5f22ee38dd3a5bf39140563d6d9cd7ae6aa45631eeec50079b2fafa08fd8221624e8008e2d24830af9d28fb19b2eb5d4588
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c