Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
13/03/2025, 16:23
General
-
Target
a.apk
-
Size
20.8MB
-
MD5
459697ba8c760c82c9d2c84e2ebedd8a
-
SHA1
e7f531016d07ca6c8332e9a4071725a21837be40
-
SHA256
4b4c1064e3994b59904749fb706c8dfdcc6a50c203694bb45a6d1b4ce11795b3
-
SHA512
6ef8e8b9c60d6f801ef7035d87f540833ece3ada82613f63957a9a792b85ef29ebe41a40b4594fcf8257cb23784cd07ad6e392d2db9a9637e712f288c8ce4ddc
-
SSDEEP
393216:3xMU8OOsJA35z7A79L+eA31mbgafiubcEZrbRT9i/zVN2I+TXOlyKpPbNiRSKcsQ:32oJA35z7c54FmbBffcGrLi/zVN2Ik+j
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
gzsiseqw.llrlhdvhbe1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD583f9d1be51c0ef0019952bd962f70f05
SHA18f9e2782d24b692b46e6aa8974e61fb6aa7d903e
SHA2569623d7ebba654211ee8fe37878dba389a66331142db2401a66207d308d29528b
SHA512586686fe26bac50335757548d758303a9adc54ccaf923f9ed977d05ffb927a4c406480b8fd8723a6d8adbad5d079843931d7b1d20aab2c369e88e6a62b928a53
-
Filesize
100KB
MD53ca457d3e42b8a674fe3154ca2e1bee7
SHA1eee6fc92dde418362a434fd8e663e4376251da63
SHA256b6f596fa679869532e41e9e35211782622d9a06a3c235c6cc45f940711497c09
SHA512ada028353a7e56040598156bb27b1efc0d70f300516811df5877fb5a04b5a65018b7538aed3b03abb43d44b70b3f1ead971e8fee444ef29f217dcb3345d083fc
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
100KB
MD5cce185127056086c68615699053dc2d5
SHA178b0f3c2c59f6a7a72fbe8253de714d129c2a4bf
SHA256843bfed1ddbfa416b09a8f3a46c0fbc744557430230e5e989edf2e0238991e18
SHA512099739fe21f564456a803fe04d4d511ee54e1bffb6f0be3f5d31d827d9bece060d330569695efe446545ff213a46c515f20c8a79f3a864e44f31b4a25bcabd81
-
Filesize
100KB
MD5d0f55c92392c0cadc506a6e07ba9a95c
SHA1c231df764f6e95822db0f2072a80981b16fd79c7
SHA2561f86a35d59d7b504b6438ce2ee5c8a283e1376dd2b1415db9bc76eb43779d8fd
SHA512905e09d8ea62981edf7f307321c54cab2948279baf5f4fdda2b818f8db1bd784761eadd1dc74851467b75f49ce97719853e8e214f164180645c6cffb3b020d7c
-
Filesize
148KB
MD539848422ac2fc9b71ae7c9bd48bca14a
SHA17a99c9967b2a74ac2e107c0653c2390d9d67f9df
SHA2560f5342067e015861b34d454605cf404c16822852fa4694d3f5241ae65d0743f2
SHA512383035aa4add528ec60a65861709ef06dada6d34cefe691a4ee1a0b00f15c1d860750fe2bf07dd5f90ecf0351871caaa5561b0c6d050eaa612a6da9a9dc5fb50
-
Filesize
512B
MD51da73a93f92f28d63bccaa599098bd4e
SHA137739c54ea52b9afed247995d9edb213b00e2017
SHA256744aa65eb8a681217f3d4273077d720c90f3fda0859053fe350362a7c4eb2991
SHA51211b4f86eaf3aca28b86905d37adabb340b299da3119af74a533d74bff6c82936b234c4cc4fa3e5dc7bc8d88b4df1ea7be9ee2f8076213517ae0796d74f2efea7
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
410KB
MD59bba36811313d630257a14e0e6636ea2
SHA1de8b63683dd30a03f1c7832afa1c2feac4be8c24
SHA256a8001539177c1fa62b23b5dbd47d8e4b0d86369d72250a6fdddd17dce36ed9c1
SHA512b3cebee8ad6ea4f3f507c3d4f4808c0252d99cb100b0ae01aec45dbda5021a0d20f54fe6936d77c8b9d9617b3b6fe93ad929e63a123849d9144791cadf8bb277
-
Filesize
8KB
MD58ab53b720c774eaebca0b273a0080c6b
SHA11864304a00e2f46f45df0acc67ffdf6f74fb1359
SHA256531069b3628d620890163db93b3107474f220ca987963664c3db7cff9ed76971
SHA5129e0aa60902a065a0f48d0cdc033e2cecde16ef081dd599d0f6b6091eb029f26713ecba4bdcd61ca5581e8a30cd9e0a36947eaece6e87914809c9108f56ae588d
-
Filesize
4KB
MD5c4c14f9be5e87458b692c78dcb0ab9c8
SHA1362ef93278f2f759f5e10fd6820f6e4abfab3ddc
SHA256f985ee6fa603d86cae492b04be24f0bb8c78c352022d677605440014fbbd6328
SHA51296651da21e8dc0d8f377917e1f58220c2650136098dcd465ad0d638316bc7be882571c204371c58cb5e6a48b08287f590e8faeeb1aad4741909672299d4d787c
-
Filesize
8KB
MD50f3019416d242129e4ce65c28551d35f
SHA11caab374d482f0199d78903c5fe2ae458d71de09
SHA256f55523d72c773e998d5e91bb3f7546a6ba695c50a73ee921785df6cca179dfae
SHA512a49ade5ae8ed7392c3577a42b7f824d8f7f1a33c8a5964a1b6d3ea8a95daaf87b8ff4ac8d2599767cbebc552d3363f57b8215d76999536dcfbe3bb850c1d1447
-
Filesize
8KB
MD510fbbb24b1a0a8e67bf9fda2989a6349
SHA180d0298bdc37b83307c23eb291453ea42caba13f
SHA2563e064566eecb64ea60631d5a3db0a28ca3147efd66ab4077eed3d933b28cc570
SHA512437499fa300b177bb27ba1488677ae317ca211060017557b4b6c99a84d922fb0b1541f2dce49b1894780469af02f7cc137bb35167f4eb4928dd0ad36e3d026dc
-
Filesize
418KB
MD550362a104c6472101b1f99d0a3bfbeee
SHA1b63dedb0f1f80e3c200da3f7195794f5599cb5fd
SHA25657c291024afbd5a7e3fd51368aea2126b8d511cc1eb619aa61ce7ad50e6db593
SHA512b71eb8a4b2cca67005d39b3f0052d3a35e48d7c282f5964542b4f69095fc0b4caf060912a79b2b91e1e32f9d126a7c2ffd69f78f5b5f31ef55c1f1edec1be4f4
-
Filesize
2.7MB
MD53b8f44aab76b03f9ce67c3cf47025583
SHA1600f55c2e141b15934f0cec78188911ca30c50b5
SHA256a9306e582190a99b965bacce7a58f74442c59a6ba2ef33c29ef5202afc6a99f4
SHA512a908c09a2215ff5b6ef4abe9ddf82a7631a011bf6657b7767e5d41178b333314b9c124d70a5c91a7a8ea7cf83d38ad8608ce21d8ff2cc82cd7717340f9a57d61
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
134B
MD526d205ae3eaf4017fcbd91fb24031514
SHA1a3da4c97dcc9ecd1d47c4b9037751f0aa76c05eb
SHA256ed83d0ac4c140360019161b02c6f32a0046bd0bee3cfaf79bafe75f14cbe05db
SHA512bbe2cb335f30e851e4c0ff520a6904377446e8b522cdb3b348b52b7e767cd8bf2986f36344be698e4aef231de187e04a703bfea693f17d730c4468c4f29093a1
-
Filesize
171B
MD57f3278b51578b03272bbb16f487b5b7c
SHA19b87538d343b595648f1f3ca3a40cbc1de08678e
SHA2562eb8cec54c2a4ac66928e628cd9787fa2a41f33586edd922ba2409a3a1de2709
SHA5125e656f26cade7b4ae076c473e056ff29c26975e63aa83855f4c3af9c63d5fcd0e593c1dd51fb3174e4ab5c3d918d0981e6d7954ca2a93dec3d8a1f8c0e721ee1
-
Filesize
3KB
MD589a7f50adec202685763d40b8bf1ead3
SHA171f93eea81a5750747b6e6e33c9a5cc7ec0c806d
SHA256cdf852fdb20aef633fb79951d950fcf86cae490d64f17f0b4822b8e9cf090968
SHA512c723c7d70f06df72bbf1b72135a5a612653919c5eb70643fd5b3b77350a7023ec99e6551962e47c97aada1d939b39ff506faa43981f40e4d9b5fb44288fa9ce7
-
Filesize
62B
MD562dcf498d1f516ab99f86a8ee4ce1236
SHA1baf72475cdda065940d596cbcbd184914e32710f
SHA25680b0218bd1ca7c25cf939e5015bc1a0bb3eba8749e4622816f3aa4f0a51e513e
SHA512a110b8bbc9effd8db6be4503a6545a81f9839d1b149e1d6c61de4f79e9ff32d518d2db9cccf6b71982f7b49873200a622a4202c548d848bf5647e9d8287768a8
-
Filesize
70B
MD5df96fe19fedbd108565320e78a9642a4
SHA1faaad16a057228b8f9db3a979147e6548bc582f4
SHA256983cba9edf334c33aa2e2f284110f6ef52227fa5d1136ca662e79431f4ca3955
SHA51272d7c71caeb4905663d642e28274537d828312d15b2811af639d50c3ed34f20229def495dc981b6dcdfeeeab3108dc10fac9c3a7ea4b5b3993b30bc95a58b525
-
Filesize
59B
MD5a2320b30bf45caeb78ff2713001f1c51
SHA1fc355fe717b9d489703592840ae84ae11d451f03
SHA25675db3b57e02d14ab25a1847288bc83d9bf67f044650956642817754b219ac4b5
SHA5122e5e08402e6c09e00533dff9848354aca579aaa9a409ad7618d4860f65884a2663b502130620dad9e015c851577e6ceff11b84d7c2ed79b31ce6872b99061826
-
Filesize
165B
MD5a5f3b462de383d9437fe70d0711a69c8
SHA1dc17d2a6b4a2d75c7f2d4ac41c5e4778aac3b7f7
SHA2560b4f3495e25e00920b449dfcdc3e7f7c4963588675f089be5d057a4ab5ae4bd6
SHA512d63427c948f7f47d7c475fcfcbe605e446e2268ba5d71ba5eccd329810ca296582903a3b464b5135234137ab31e14f5d2e0a6d676a538ab05b56117a84b432ac
-
Filesize
41KB
MD5cea7b7329f3a43087d46e2f246636855
SHA1e224e3f5d42d9b8f36c05f794eb4979298ca4e22
SHA256c60823ed71af41dbf5915636613535912c5f06f843aae7fd2ad027f3114a9f16
SHA5125b63e3be4b15cf978874232ca030a9f0cd08f4881f5c5bc413cbd55eec18b0f52f021e6d91b51200c0c2921504fe43ef880f9b8adceaf75c2c8ede07abf970fc
-
Filesize
9KB
MD570fb795580055f404fecb1067609914e
SHA11f694f200087caadd6274b89a83708fcc9e07d2b
SHA256b4280ff179653c312ad5d2532550db9099809995b944c9d1252e31e752f89f61
SHA512c63f2ddb8c85b7e4a2abd61418a2048d567b50cfc054e6f4b0bab05ed876a2aa97b4bb8ac6e685398d4f6f94be0368339e7820b2e11ecd0a24d5840bcc83dfe6
-
Filesize
218B
MD592f5adc47c78d362a560f0fca5a5bb43
SHA122472c6546a770d28840a727ad4657fb13a610d8
SHA256556db8baa1cb58b812e63681e787e96a0c968544455ee4a82e2db4c48c861ab1
SHA512ec29ea25fe8289f8cb77dcee8214526c0420126aa671f5f18c96198413b74193ceb493b5c449d19eb936848988e69d3385c3f2022821660c21cb81384dd9cf89
-
Filesize
96B
MD59a7b2f3009638ea69bdc6a039140c59d
SHA17538e55dbfa9a4abff83e69ed179eedb9ffb8fa6
SHA256e43c028722f303535f437e3e707dd68d2b1f312ea171dd10c5a72383d1e80227
SHA5123e31af0f2de1d5c76b2cbc93cd0c2fa971f09c641b65c48e153c4ad8a096687706a44d3e8d18f412117699d102a3f642407dbf34146203bf2d496d9b44b0ff11
-
Filesize
94B
MD59ce04389dadce7e24c45bd0f7f251293
SHA1d4496348f5648eb78b755d0eb4dca409f40d95da
SHA256efd3040779dd20bec6946d2c0ad66ffcf7ed7a95c1c7787c1321f43d4a39404b
SHA512c280ab057e73993c0cbcf46b106c63110dfcf65e4f44365a56e233a4642dc3037ca693ce33a3cb50af6f31c0dfdb2b10f85ff756e50f71afe899c105f9c33c5d
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c
-
Filesize
2.7MB
MD55907bdc6596cfe0108c63176fefd23c4
SHA1c4d71fe62de457f85bf8e084b0ed76090c92fca6
SHA256398a1da4927ee13b67fda9f440b013bedd7169db36925ef057ae06ec1dd64094
SHA512bbd04701e9652928ebf45468b027c211470c4cccc9333e644f42f27e97e4df2ebb4dd9301e35a7d4d744f570b9ad11951ba871f9812fcd6f85472c6f9dc42a44