Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
36s -
max time network
150s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
13/03/2025, 18:19
General
-
Target
a.apk
-
Size
20.8MB
-
MD5
459697ba8c760c82c9d2c84e2ebedd8a
-
SHA1
e7f531016d07ca6c8332e9a4071725a21837be40
-
SHA256
4b4c1064e3994b59904749fb706c8dfdcc6a50c203694bb45a6d1b4ce11795b3
-
SHA512
6ef8e8b9c60d6f801ef7035d87f540833ece3ada82613f63957a9a792b85ef29ebe41a40b4594fcf8257cb23784cd07ad6e392d2db9a9637e712f288c8ce4ddc
-
SSDEEP
393216:3xMU8OOsJA35z7A79L+eA31mbgafiubcEZrbRT9i/zVN2I+TXOlyKpPbNiRSKcsQ:32oJA35z7c54FmbBffcGrLi/zVN2Ik+j
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
gzsiseqw.llrlhdvhbe1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD583f9d1be51c0ef0019952bd962f70f05
SHA18f9e2782d24b692b46e6aa8974e61fb6aa7d903e
SHA2569623d7ebba654211ee8fe37878dba389a66331142db2401a66207d308d29528b
SHA512586686fe26bac50335757548d758303a9adc54ccaf923f9ed977d05ffb927a4c406480b8fd8723a6d8adbad5d079843931d7b1d20aab2c369e88e6a62b928a53
-
Filesize
100KB
MD5437e613431bd05ed7b839797f4bd4d75
SHA1e493b94b741b82a2a4db946342b0184a0df686ee
SHA256273f60597823e6c52b415e19a41011903f47df857266353e9179c19325f6517a
SHA512d19562ef40242bef114a4030d423627035e8e7a9cea4664fbb29d1596d96ecee8ba5e5b12da4e5bd66c145c40d1e5b2761f066a8902774f057d5cf04af6f28e2
-
Filesize
60KB
MD5b84ec3ac5c1e79f72c55ea19bb82f981
SHA12a911a0494b171906a25ce812a25847c9f550a2f
SHA256cd2acafa436796594063fa7599247531a5a1faf91b5035d85bf692a395cd3841
SHA5129faa7a08293d0d00f9d0ec1b8c217d86d99e938a0e81f6d0324befefaf8c3a4226a64c1f1ee44119c07035c643e46f7fab51b6421819f346619382bae75ad2fb
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
100KB
MD500340dff485a632dbaa2b6232975d1a0
SHA162045200ab1bc0a136142fee26c1718f42d75dec
SHA2560fbe127ade0264d5864bb4bfa505c6f133982b627a45edd164452d2fd5b0ea35
SHA512e60dca01c0301daf9cd19ba3bf6c32ca26f0ecf78ca4da70a42827e72a2bfdb4860a64f2c4f4ed68d6719f98d758ed0ae4c138ef0e3fbbbd6b6f572507120b43
-
Filesize
148KB
MD54d731e2abb6e70601f0445e9c6416a13
SHA10a2c11993ea84f762cdc286d89aa23de5e2139eb
SHA2569ebd9ac5fc354b9b6b29d3b0ce029a8bfda35cc7bc7e4fc2606ecffd8e259d27
SHA5121906a0e2f19f499562a319135e3170d5553482015a60f2a2d2c474ffddf65adf212fdad37cf9e0ed873d22c091a95fdac661dd8443e8427e65b6bd265bd94650
-
Filesize
512B
MD5a6cdadb409241a29261377467a5f3d80
SHA14fb33151739ef7dc1021ebf846bed6daa756305f
SHA256c8305371d64e4b52d9ee3569e317c2de8b75b8b40d8ef5351fba43a2146eea9f
SHA5120e913f8a6f87d593ceb941a5b3c1e8bfd4e7b25d6ed64f298dc8667bc07ea35cfbc9661676da6028ffbbc3185ffbfae444c124237b3dd2a41d44b74835466833
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
410KB
MD5300fbad9c0cade34c92760a9a94bbe74
SHA1b0e167c9c18b67a62cf761fcbe473daac636cad9
SHA256dcef40b8c7adb18491d0843c81c645a1c824f13027c97bf32a6a5413be43e4fe
SHA51224461927d203599b0551bc630b8113f7e45201b043f37b6a1b84a60f0f35011118a8b350dc4311c2dadfebcd44ec298cddf659d4314744d671992a31bb081204
-
Filesize
8KB
MD5192482497348ce43d187bdc93e2c4868
SHA1ed74c543ad192d6a233e9485645c65013226ca0c
SHA25680050375809badd68907f7ac67c7f404bee2bcfc8b0e572798d05c7f5dbf7dad
SHA512ce59d42b07ff892f4824c3f1a77e9c0061274a271b2f74e1380b4500e04dda1d27f04edd7bfb557a5b4762ee9282e5a76ebb3b8440be4f07272b70fd4d335d6d
-
Filesize
4KB
MD5b2770a52d36b129116f774823a250f7c
SHA1516d0ab655855d6d3348d2551cfc79babd4fdb27
SHA256bfbddc7f4001047526f8099681ab4611cca510e1be040707a38826a4152d64e8
SHA512c27cc14d2e7bef5edd952692967062d7f20811fd78f63f1bcd74fae58062562d51e48f48a6d76395616f9ae354d059a5819ede9a199efa8e1270f360f06470f4
-
Filesize
4KB
MD5992c0ef85c6108c60bd19c0f6f5606d8
SHA1ab82d298cfaa943bf716916330b1a94f440d8758
SHA25638c0de546bc73e8b3287f1a1a687815925c5ba9183c1632f6b370b621363da90
SHA5122565b0a61521008e5083eadab730c748daa441e27bc3f17115c2e480a01f769316d52c3f8018d70e5d874aa60efaebe9ca57167f1ff3d48a308d69d09fd199cc
-
Filesize
8KB
MD59dfa3f1fe7156bd8aa33e61f7bc096e2
SHA147905e3465cea1c013936aa889666ac4f502feb0
SHA25608ba58896b9cfe05bc798b7c0d3ec3874ecd9697257beb05eba36c6f2970b88e
SHA512ff24bc49bd2e2f848515f94847171f0102398045b67720b4296c5ef13938329eb5894ebe7754ed9f4af3ae2420a48ded049f1ffcb447f0a03cf0412a90d2934c
-
Filesize
418KB
MD55b8c660084ac60d54333e5db4612c620
SHA15287427f02e85e2ca125aea81c206215c0ef26a7
SHA25630ed97e4811c47fc1bd95f2390e8932dfd52f96da486a13aeae9f20268992ab1
SHA512a60cebb7780ec8626e7fea82cf9c1f691e6b1b366da2fe1d0997cad2334f8de86890ec4cd0ad14f726975c1e6ed9552a3df115e6505e8d190e14915163615d9a
-
Filesize
2.7MB
MD53b8f44aab76b03f9ce67c3cf47025583
SHA1600f55c2e141b15934f0cec78188911ca30c50b5
SHA256a9306e582190a99b965bacce7a58f74442c59a6ba2ef33c29ef5202afc6a99f4
SHA512a908c09a2215ff5b6ef4abe9ddf82a7631a011bf6657b7767e5d41178b333314b9c124d70a5c91a7a8ea7cf83d38ad8608ce21d8ff2cc82cd7717340f9a57d61
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
134B
MD5d088c61e5442087bcccf40977b3254b1
SHA1ff49b37e7edfbc14cfcfef8da69d61b17ebe390f
SHA256bce2cb5616eaed03071b5084eb7c84e0856feb4d7b5832d2146831b569ffef28
SHA51216bb36b364336ecceb05ca7c3e6d93eb68b05bf5e777f5fbd8b1eb8d246e538f17e8523695efa2cb115223f45b309958503512c901cd213500d047f60f6789ba
-
Filesize
171B
MD5c63b2d07b3784df54d74a7dd663765b9
SHA1a7122ae84201158de8eb89cc13846aa9d130ed39
SHA2560ccc90ee99fc3706ba4995c4705f88af90d7fdfd9b7fe8f27d8b47a76034428f
SHA51292a475d35a62225db8ea30de4464d051cc89e199dd6a53237f4087db1c69113484c2efe2e410616e2107c67ce273661551f5c5fd0a757c129ccbab14a9e990ae
-
Filesize
3KB
MD5cca4f50ff46c3c84b24ac434c9bcb1a5
SHA199b9788b7ccf3900f1f201f622baa8f7d2eb38ac
SHA256e49c2448c02a790fd630b98664226858ec1dfe45e682b3e74210b7e39a5a79c3
SHA512ff5d8f56ed864ef7a1d0916b0503f82846d53436e46c551aeb30fffb39a77d7258f380fcd9c759a6664ae1b8aefc802ddcb201ec93014f20588b924fa67cbac2
-
Filesize
62B
MD51004b038528c7d9ff4cb3b0ae528dfa2
SHA19c6419149aa0674c6c2d1a845d13ee43d00d9ef8
SHA256f584462bef859e4970faae3df5188b92a30675659963878cc33b63debf7c00ce
SHA5125ae78c86a99b30b3a4ee88f6e2bd205c3ef7a3c1b40ef54b16e77005f6f8a2226c50ea6136e5bb79894a8844f06779b15ec98205488b98ddb6da744345c2d51f
-
Filesize
70B
MD5ef8e4f7f3211f53db9566330a9a4bf35
SHA1e0319aad47732c2ebb212376e0b070f45ad32e32
SHA256769cdb7f3de1a9a66c502ba108f2067f032fbe8146aa8f32524683507ae762f6
SHA512c6fdd3bee2311d760bdba9923dcd19ef2bdfcb4d274ef42c89428131b9a5d2e060dd08be40be8f603cd43a39ef9fbce3ecb11ac2b5c7352c9d37c0ffa97c00b2
-
Filesize
59B
MD593fd74525eee2d2215ae7bb88cb386ce
SHA100142015076a8ca30a4c5bbe6fd6ef572af5a979
SHA2565d45ebea034b30fb94f133b07bf1f65b646a610b83bd1187a7f18e2d4c8275f7
SHA512d5a4588be0787bc808377970122c981842a46cea512f8e100b2a574d33da3a47be7e360840d20bba8cd009b482263e62e0d0eec851e24d0bf85c966411f25ebf
-
Filesize
165B
MD51c310e8deac03fe29a01556b75185544
SHA1b8dc172226da22ec541fa0049b415e66decc5e35
SHA256a6ff9d8339eb2631f9eac0fb4d949ae27e74ec2d48425b42cd2e22f2fe7943a4
SHA5125272c84b23b0b7ee5039009c6aa77c127abf0cd5e2fd712a79ecfdd61320b1f5d06afe866bbdfb1c2b1e4efe1926c5c0cb627ca3cddf7ba414dab7e4dc9cd137
-
Filesize
40KB
MD5cdd1740c21eb4b6401c03be4a7872c93
SHA1536007fc962abfbfcb56ea65b57e46b7446bdcd4
SHA2561e0bc4cea0a58d8f4301347b1df432098ce2e993db918f134a33ba44c39ef8f3
SHA5122a06de0e2868755ccb194a34ec5eb48b78a2cde5a9d0eb3f90383c1c2ee4575f4632a1e7627ddf2505ddc0beb458a8027dac6b196781ab9c6b0167cd363bfae7
-
Filesize
8KB
MD58eb8507c6563407ee146f6a2b28ee132
SHA104aa9372ae342f7b4371516f37267fc95ab24493
SHA2560b86563b77ab7ab69e7038c9de4435dff674aeea9c9007285a1f68791ff25b25
SHA512483c2f499ff52cf37f75a824f71e0bbbc739c8630f2e2637572f8a9a557176522c58f39708be9b2baaad034735a0bf61f47d99648abac105452d8e2840d0493e
-
Filesize
217B
MD5b7047858c702f8bffd8779301f0bd4cf
SHA1b0ede62b3367c9f1d85f6ddd0277381ea2b1835c
SHA2566fa2a4a1fc693a8f2fbbc33cfdfba12311327133b4098432543ea69199416761
SHA51227c583d6540f5e0abe46fd1b07f88197d88eab617079e730bc2453c1c90101eb728d9dc1a79c07ab37118b09274a6b3bf089b5e7123966a030de526c8ae7449b
-
Filesize
96B
MD59a7b2f3009638ea69bdc6a039140c59d
SHA17538e55dbfa9a4abff83e69ed179eedb9ffb8fa6
SHA256e43c028722f303535f437e3e707dd68d2b1f312ea171dd10c5a72383d1e80227
SHA5123e31af0f2de1d5c76b2cbc93cd0c2fa971f09c641b65c48e153c4ad8a096687706a44d3e8d18f412117699d102a3f642407dbf34146203bf2d496d9b44b0ff11
-
Filesize
94B
MD59ce04389dadce7e24c45bd0f7f251293
SHA1d4496348f5648eb78b755d0eb4dca409f40d95da
SHA256efd3040779dd20bec6946d2c0ad66ffcf7ed7a95c1c7787c1321f43d4a39404b
SHA512c280ab057e73993c0cbcf46b106c63110dfcf65e4f44365a56e233a4642dc3037ca693ce33a3cb50af6f31c0dfdb2b10f85ff756e50f71afe899c105f9c33c5d
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c
-
Filesize
2.7MB
MD55907bdc6596cfe0108c63176fefd23c4
SHA1c4d71fe62de457f85bf8e084b0ed76090c92fca6
SHA256398a1da4927ee13b67fda9f440b013bedd7169db36925ef057ae06ec1dd64094
SHA512bbd04701e9652928ebf45468b027c211470c4cccc9333e644f42f27e97e4df2ebb4dd9301e35a7d4d744f570b9ad11951ba871f9812fcd6f85472c6f9dc42a44