Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
76s -
max time network
88s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
13/03/2025, 18:19
General
-
Target
a.apk
-
Size
20.8MB
-
MD5
459697ba8c760c82c9d2c84e2ebedd8a
-
SHA1
e7f531016d07ca6c8332e9a4071725a21837be40
-
SHA256
4b4c1064e3994b59904749fb706c8dfdcc6a50c203694bb45a6d1b4ce11795b3
-
SHA512
6ef8e8b9c60d6f801ef7035d87f540833ece3ada82613f63957a9a792b85ef29ebe41a40b4594fcf8257cb23784cd07ad6e392d2db9a9637e712f288c8ce4ddc
-
SSDEEP
393216:3xMU8OOsJA35z7A79L+eA31mbgafiubcEZrbRT9i/zVN2I+TXOlyKpPbNiRSKcsQ:32oJA35z7c54FmbBffcGrLi/zVN2Ik+j
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 5 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
gzsiseqw.llrlhdvhbe1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5e6ba078c00fae1e75d4d8e88614521b1
SHA140dd89d035e3c323d5d13b6bd5265a2abcb16cab
SHA2565823115928fd8c38deecffd4683a66337c53a138bbacddcfbf0b3b1218e5643d
SHA512e3cf518029632f1eebffee5467fd0110eec5fb7506e0b137ea93d869f17dd1439afdd1fdf6bc038e0230d302d91d2bc0a82aa92c859e35a2558cda0489494abd
-
Filesize
100KB
MD509a5186d2416d46e6d71a997e4a92895
SHA188071ddb673b16b0ba6d17f983fb6202ca188423
SHA25659e352ddff2c1bfca66eb91968a085e2209ac48649552afa63d0de9de8b31142
SHA512ce81c8b2f9238521c3d665f8409a0f07dc96607f617333d97194f2332e7cca2ca271f6b097138ef5226b54b5371f19b26339a02308cd7a52d7490dee471669b0
-
Filesize
60KB
MD5df0d246a3def0a8530902a95ee20944a
SHA17b7aeb2bcde17b22d55c8f9d9880997e41897c6d
SHA25607362bb6099c8ec063c859c448d0a7fafa11217f7286c31ef1df81a564314ec7
SHA5127f86c5e64cb0ac1c38deaf20856223c74ebb81e7c0aa7e1963d5fb52328336c28593f4a17929bf78f0dbc989b2c41c40525b7d2253755c263d4c15c29c15580f
-
Filesize
100KB
MD5a7b638fbfcf6504161c8dcd1c0d73287
SHA189f3da5a2d09daeed68ed30a33e3a679e4b9d87b
SHA25689e3adf7d8fc8d01f19d92ede1f2fe845f6186cb49f80707cb1208bdcbfabfd5
SHA51269e5c28344feb49dfba7a6dd21b9d3e35f071e040146d6d64b7f06bc29eec7792b92cce341e6204b14006f7b8fef1b31c4e1b1b2f052f6174169560f5970c818
-
Filesize
100KB
MD5c8d077c771f0777d7f3349b6fe3a3982
SHA18a4a18ad9a48f7041e83968ceebad4507071be21
SHA2567c20893b9f08db37710551e0b480f7f8733ae020eab028b37bda8960ca96b2d6
SHA512ea2753ae19fff067fd2f293fdfacefd267a0e1caa83740420c67e30a48b20a710bde8582048b8fabf072f94bbf2c6affd13634a231721527f1b99ce7c5e820bb
-
Filesize
164KB
MD5c9f4f72bf677cc0a1083799939526c55
SHA10eb8c6d3aaf37ced73ca9b8cc2846f7fdc1a04ad
SHA25670a015137cc3d59a5629aa8acae24102086ecfce43c8189d51fdfa13df7ccbc1
SHA512a1897dc80119b8e54bbfc506988526ea6f378a43fca9f882da6fa493ecf49eb54fe7e7e553326bc30a10e66f6a7061057b5dede41f43b2c513f0f735348e8c10
-
Filesize
512B
MD522c3b020697119060ab09ebc7738a0b8
SHA1bd5f53b241cb11c975053325cd69e93bf9238774
SHA256c86408db2010637512cabc54a9afe7d0e2203b0a98581e3d0f6b563b1be35e13
SHA512f2079512fb24003544410e6d595a0518125fe5d11644d537211c0bc3c511cc15c7f0e501f1ac485929d05234a79b87f31130da9781b293a4bc61688e9ba2ebcb
-
Filesize
8KB
MD5214921cedbdbb246446354bf44fa4018
SHA16114d4c9ba680eb89ad34f54757fe612f8c29d14
SHA256b5377fb4e0ccecf877d0c3abb89acb182ed4780509b9499a6bb5ffb05bd5f850
SHA512d8bcd09f190cfe09896381d12c8e83c670215265f4d8877c2ad0b655f84823c48f4d0ea35cb12bdfe46e5879ed44e7f2a3527bb9f1a2840285dfdab67f7c0f17
-
Filesize
4KB
MD51f8ede2290812ce11e5edeb029ccd33b
SHA1b92eeeb1163f653a10f9416c2db4413c9d8a3b71
SHA256848ac5d57fd54a3b905ae82ab069f67eeb8de630196c8f6ecd64dcff31cc82f6
SHA5125e97e7c7d1d3be6d0208b9456d64060ed2019b4f09d140362d4db128e8092ba9bcd67f06ccb2f09a26919593804075df3f6fca6ce42d711bc9ac5adb4e41f046
-
Filesize
8KB
MD53848d349574ed4a818b8e7128acee678
SHA1faf02209fe77796e08b62f1f7af785cc05f1daa3
SHA256d187f69197c33cfab2e5d241c2b26ee75e5281dda39d9dd7f85faf8b7cbc946e
SHA512bd05b7d9dc81103d6ddbeee51dd5b3b4f039f335ff3fdd0e63fb667fa25419d7d07285818531cde0ea231c7f63559ca4de7b27d15777d956d696daa5df312f93
-
Filesize
12KB
MD5d58514ecf7163daec34baabe1955bd65
SHA1a2e7b92d47d404dd221a6ffabac6758720ab76f6
SHA256c1a5f9284c13e64a80679c6294ca837766f2049429aa3ba2feaa5525d0649b44
SHA51259b9d96d557f959db3112c4618e75374473668695a7cedb4b2aec3f9910e3d5e414c74c9bc5d4d49ef83f2b1c5a72a3e8beb9a37be7c3bbe7706bcf8a5d75284
-
Filesize
20KB
MD5ccae5df661a28ff526241894222348a6
SHA1bfbc68516463d57f44c31667240b0206282a4ebc
SHA256c7162a0754b7f25004ed60748da7dfa474116950bea2c2af7d12f721ebaa9710
SHA512b309aa9b7ca416a8c9df64cc37d39dbf8586a6e0aef2ea7aff2fc8971ce209c132a8347b079eb9b59e53c7d3577b72481c36584ee079771a29a358249235493f
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c
-
Filesize
2.7MB
MD55907bdc6596cfe0108c63176fefd23c4
SHA1c4d71fe62de457f85bf8e084b0ed76090c92fca6
SHA256398a1da4927ee13b67fda9f440b013bedd7169db36925ef057ae06ec1dd64094
SHA512bbd04701e9652928ebf45468b027c211470c4cccc9333e644f42f27e97e4df2ebb4dd9301e35a7d4d744f570b9ad11951ba871f9812fcd6f85472c6f9dc42a44
-
Filesize
2.7MB
MD53b8f44aab76b03f9ce67c3cf47025583
SHA1600f55c2e141b15934f0cec78188911ca30c50b5
SHA256a9306e582190a99b965bacce7a58f74442c59a6ba2ef33c29ef5202afc6a99f4
SHA512a908c09a2215ff5b6ef4abe9ddf82a7631a011bf6657b7767e5d41178b333314b9c124d70a5c91a7a8ea7cf83d38ad8608ce21d8ff2cc82cd7717340f9a57d61
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
134B
MD526a050ae081793a380527302111dbdd0
SHA1571cb476cf84e1f73dbea96c92571c67fd87a3a3
SHA25683cc725eafc97e4289b3b05a3c8bb2650b599e778307042db73e0f70fbcaadaa
SHA512072293afdfc7af9aa6fa5357cfde5051cf510b37832c32c74ed9bf76f0535fd47a1833cbaf10508eeaf25afeb1c499a1587c36021d826b8dde96f39d0c98a440
-
Filesize
171B
MD5a3e878f6a4939c4927192453aaf71f69
SHA117269d7b523fa78307bbe1f9f07d20c2a8420183
SHA25603d176351778725778c0a5d54568bb746dd6522c46363d0c7ee59e025a3c9bb1
SHA512210ec90ae1bf3f022bce48db58b78f89deb3edf34e74f5d3d21dc3688d0e3c6c6575eafd489fc5780ce4c15677aae4063b44bdb95e0d80b27e94cbdeef0a2df5
-
Filesize
4KB
MD54a91416c8a605cc50325214d727e0e0b
SHA12d3550ef459ced5f6de89f284bdac78b8f29cfee
SHA256471d09e9e1b27d46c65e7ad45ab28f1193e4e001373bbec5f6738dce96493e52
SHA51247e824640752fc3ee0b108f2518f12a247946f95358031867c1644442af2781a19cce67372dad5c3243b5d589eb51cfcb8a53c4c10ceced9b1aa45d333503bcb
-
Filesize
62B
MD519fdefec694e47d50d4f816054dcf0ed
SHA105577ee01c06cd75dc5c9e3795a08d1bb607a312
SHA256b14f9ec6b3be2e670ec785cc2f717b7e9c49a51e285ec178adb558e82f2a0ddb
SHA5127a4c42dfdea6a72568df31e24519598592818edd24ca2f15504b5318bfad5d080478d3964416cceed2184ae60ed81a2386160b1a57b692679d21f1e302114757
-
Filesize
70B
MD5b03661ad6c82d8e95cb9a20ee24331de
SHA1ea3e8340d566866f98e9b553817bba89cf9ba05c
SHA25618f94ac6194192b53a65ec38552381a81881d35f75af347523a47e3dc4d2bf89
SHA512ed3df491267c76570d2ab91b7cd023aa9963cb31c9bf4c6e779cbddc78725dcc783303251559c5e077bfb581a10787e07b1c48193741f0ab4e153841b27fda3a
-
Filesize
59B
MD5b9ebb7ef0f4fc74066a4b00f03aea576
SHA13c87105ef4539f777ea0123fb5f3abe300edb94a
SHA2560275dd54eb969df778beb7cc6397ef682d26317a966a9215e6a0e7d3a88da7d0
SHA512ac7b13888bbfad25a2611661332c58e1cace71cdeda129ed5cffa09627a8b01ca4254d0f9761666fd6d0252b1c97c76c5279d84f284d69e62ba1a608d4fdde75
-
Filesize
168B
MD5df6fa53db25a735e79e1aaef0f21b8da
SHA156db511c9ae137f30c29d4aea02d526b8831f799
SHA2567f1e783f1f7d077372972b45065430a3e2343696a026ed82ab746b8dd95a47ad
SHA512ba835627a23168953121fb8e0be4d28a723e258661f3253334fc7d5f7494d74c349b8a1e9057a75d991267302e32f0ef628b6f4fe2d27adfff23d8f2e7e4dc37
-
Filesize
40KB
MD54b0934f3c98d33d4c93a5f3349f9bbd5
SHA1f15cb4b27d77f4f8d5b41b4d2f3769011a78b5ed
SHA25671b34364a1d6ea2e8a239ea2a3dc800de69a95e7a9d177c87b2a3056e6197c58
SHA51235c4da681654b7124f33f3a2501107f0076ea4c620e6376117d08e9c312f97a93e1878537bc6c1b264b1f2ac15aff3f3872886298ee91ce4a4dd8dc039c9cdc1
-
Filesize
9KB
MD54ae87f34f70249ad4e43f9706e18b57d
SHA1b5bc749a900b5218c9055d205ca240111a3b54bf
SHA256e07beb9ab121cbbb6fb34604240f570f51fe7a751cef827a70715052f73f386f
SHA512cf7005b02b77ad8c3db081f430bd001b04845c97596b5d6ad0d8a28c1f08b86ce944c0b89b72583eab171279041021c4fb17a0aedfe2b6d8cc0456614b767804
-
Filesize
218B
MD57cdc03648723cb08da8051d77d9e4b4c
SHA12ecf200f4a2d57a6eee2159a30c4da6b7f0a10ec
SHA256ec3f8ea2cefeb6be5e3ec1838532ea3b3a4920b7d61e78dde2be001f5cd2b35c
SHA512cb0fcb35bdbe45aca9b272da6ad3dc8692ec897fed4260a6f9c653fbe888be185acc063e461fedc513d6be018977fef26953ce6ff5bece12a12316a14d621285
-
Filesize
96B
MD59a7b2f3009638ea69bdc6a039140c59d
SHA17538e55dbfa9a4abff83e69ed179eedb9ffb8fa6
SHA256e43c028722f303535f437e3e707dd68d2b1f312ea171dd10c5a72383d1e80227
SHA5123e31af0f2de1d5c76b2cbc93cd0c2fa971f09c641b65c48e153c4ad8a096687706a44d3e8d18f412117699d102a3f642407dbf34146203bf2d496d9b44b0ff11
-
Filesize
94B
MD59ce04389dadce7e24c45bd0f7f251293
SHA1d4496348f5648eb78b755d0eb4dca409f40d95da
SHA256efd3040779dd20bec6946d2c0ad66ffcf7ed7a95c1c7787c1321f43d4a39404b
SHA512c280ab057e73993c0cbcf46b106c63110dfcf65e4f44365a56e233a4642dc3037ca693ce33a3cb50af6f31c0dfdb2b10f85ff756e50f71afe899c105f9c33c5d