Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
25s -
max time network
150s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
14/03/2025, 02:46
General
-
Target
4b4c1064e3994b59904749fb706c8dfdcc6a50c203694bb45a6d1b4ce11795b3.apk
-
Size
20.8MB
-
MD5
459697ba8c760c82c9d2c84e2ebedd8a
-
SHA1
e7f531016d07ca6c8332e9a4071725a21837be40
-
SHA256
4b4c1064e3994b59904749fb706c8dfdcc6a50c203694bb45a6d1b4ce11795b3
-
SHA512
6ef8e8b9c60d6f801ef7035d87f540833ece3ada82613f63957a9a792b85ef29ebe41a40b4594fcf8257cb23784cd07ad6e392d2db9a9637e712f288c8ce4ddc
-
SSDEEP
393216:3xMU8OOsJA35z7A79L+eA31mbgafiubcEZrbRT9i/zVN2I+TXOlyKpPbNiRSKcsQ:32oJA35z7c54FmbBffcGrLi/zVN2Ik+j
Malware Config
Signatures
-
AndrMonitor
AndrMonitor is an Android stalkerware.
-
Andrmonitor family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
gzsiseqw.llrlhdvhbe1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
su2⤵
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD583f9d1be51c0ef0019952bd962f70f05
SHA18f9e2782d24b692b46e6aa8974e61fb6aa7d903e
SHA2569623d7ebba654211ee8fe37878dba389a66331142db2401a66207d308d29528b
SHA512586686fe26bac50335757548d758303a9adc54ccaf923f9ed977d05ffb927a4c406480b8fd8723a6d8adbad5d079843931d7b1d20aab2c369e88e6a62b928a53
-
Filesize
100KB
MD53c8e2f9b1c960f3b4dfcd0b78952bd54
SHA13fa9a5204fb700716fdf802edcd86cc9a6bafd4d
SHA2565914e9594fbc889ab17c465108a92b4177f37cb11371ead8ad7752d2d0015ccf
SHA512dbf68020a3a53fee89dd6e2623aa0d3e4d7df2adea26baa2c0cd932e005d976c9a4a27c533bdee53698037adb0b4cd5279cda0b66234c2c4114144be430a155a
-
Filesize
60KB
MD5b84ec3ac5c1e79f72c55ea19bb82f981
SHA12a911a0494b171906a25ce812a25847c9f550a2f
SHA256cd2acafa436796594063fa7599247531a5a1faf91b5035d85bf692a395cd3841
SHA5129faa7a08293d0d00f9d0ec1b8c217d86d99e938a0e81f6d0324befefaf8c3a4226a64c1f1ee44119c07035c643e46f7fab51b6421819f346619382bae75ad2fb
-
Filesize
52KB
MD5b6815b344f6926d458cea05acd052cdd
SHA188f524aff1d4c5fee979a203dd952427871a7097
SHA256028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366
SHA5120431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade
-
Filesize
100KB
MD5f1588852d9362522045ff018de74eb05
SHA106aeabb6a14659980ba21eb6de378608d7d83b83
SHA256a85864311bb270dac402e31b777b8eac9bfe5a04b712542a3f7da3e1e9e3c81d
SHA51288378526e6e7b35aa268619ecc9d597aaa681d0ab10d701b0011240f36fe47fa3762c0669730f573d5de6bbdd593f8654d6b956a5e40f9587261081a08f0d873
-
Filesize
148KB
MD55c251df5822985918de664d7a2d971d2
SHA1f57a23e7eb9dedcc799ff5073c3bc201ec019dde
SHA2564cca030a3e3299264b32e7d45e8c950858a2b500b1c2133fca4a754dd09f885b
SHA51262c525a102e8c04eecb00d61f872cbd630c4586cf8ddcfc4318c3202ca5338fa2fd347b98862c17f9c1c71a9d90be1c431dcf3e0d4f263fc87e506bfab9d80b1
-
Filesize
512B
MD5c7726ea6e7ceda5cb27f7ed3bcbd46d0
SHA12b0d2d1f5f4b2317962fdad2c2677c2602f6a2d7
SHA256330aaded668e0bc5ee8cbde71fbd18e63b2bd66b32280066b9e98198671db290
SHA512e1ef262395eb8aea0b9863f6989922193eb94dc0569d08ab62defb4922e8076e1252dc09f8a2b4feaef3451d7979d57f3fbc43fa1131dd9741ecf484576f730a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
410KB
MD5c52991403887912015183d020fd965b5
SHA1119e1f972c17e989d292fc814b9c6f1515cb83ca
SHA2564ca070a8bca94701097ae24173a776e4d69633ba8c80b8a79deed0c913f760c7
SHA5129e9861b3987363e5b0e31a710bcfc460da6646d571142c7bc7531392a30633876cd8e051adf91d38fa3ac95e88dae9f1441375436b6d320816f8ba063d046636
-
Filesize
8KB
MD5aa55214383b4690a35da4c99a99a12f0
SHA16c19163964c6e04cce7ec6c7c7119185b6040ee6
SHA25638364ea461df4e0869125020905fd5430ade1d266e87fd414a0dabca73abfe65
SHA512b564eef8db5c9035be42bf39eb36fc3878c67db6cb2f1ccbdfe5b9576398c2499265614d27f644ab0b8c271528d3b713d2666662fb5224abc06f76bfe2e3f992
-
Filesize
4KB
MD5a9d3fbaaa227d51dbb7a06255b0fef48
SHA13dd0d55234f02404fd0b741d5fb2329faf07b0b7
SHA256b68de469c998b8e88fb0a792a741534edca91ab2e7db4f03632c3e81eca66562
SHA5120ffad18bb3735f61ea9f82f1aa1fcb0f43fe9057d19205959e50a2a7936a8c3cbed8edb4bc40a567c32751d6265ae1d4fa1af71a65a3af31e6fcdd9f0521f8d5
-
Filesize
4KB
MD51bc6cab5e16924c36975afb97f800a7c
SHA111f85e08289762608dbe4b5f2c506832ff73bffe
SHA256c876caf83abed17190073288d707d158a959c9d5e703b595d711a36ff502c3b3
SHA5121a3b56a465fb52a9f8a58e03c179464aedd7fecda7b6837cdcbc7ce79a21f2efaa91a0f0b0b8501220cd8e726de4d5e9893074d8f19161dcfebbf8c4f23286e8
-
Filesize
8KB
MD51caf46b1bae04071d06f20f98edf9c50
SHA1b10e41dcc9b2df76fbb77429adb13f435273dc4b
SHA256e2b359af1a1d90cf22b743c1d18ba6f090286eda60ddce65d0be76dcc576e6e2
SHA51272d51c27708084c3271441618c34fe8fbd73e09a0b9597ad7e748f4db8613fcc401db704b9cf556c6ec3613fcc79907c45ee66fd3c54d7fefd5007379a13883e
-
Filesize
418KB
MD52a046380282d81caa5fb1fb853138b58
SHA1e46780dcbf0fe3549d4bb0a2a1b1918d4eb16643
SHA25624a2de79e08460b3b20a3e2922556e781594a6e1d144f32ac753b5113d2f9a69
SHA512ed092d619db4180d0f89ca55d429ed6dcaadee5ee460b39a88db09371968b0473f9cb620040ee70097dbbedaae20489b49e323ac2a58e6ab646ae483371672bd
-
Filesize
2.7MB
MD53b8f44aab76b03f9ce67c3cf47025583
SHA1600f55c2e141b15934f0cec78188911ca30c50b5
SHA256a9306e582190a99b965bacce7a58f74442c59a6ba2ef33c29ef5202afc6a99f4
SHA512a908c09a2215ff5b6ef4abe9ddf82a7631a011bf6657b7767e5d41178b333314b9c124d70a5c91a7a8ea7cf83d38ad8608ce21d8ff2cc82cd7717340f9a57d61
-
Filesize
1.2MB
MD5c81c51456766e174d6b23e17e56b3151
SHA12b8f21a13af6efdfe1bfa00c011ba6a1bc5d6f20
SHA25679ceb49440a30e4e0b9ab83015384650cc535a1f54d457cf4a0873f9621c0822
SHA512a88c8290d5804d10cbbe811eb3b041d122c66cb75b44c5095f3e03ebf90e8f39d58d6d7e20066df046e9999b3341337094336b35c987ed6af34852c8a049a13b
-
Filesize
134B
MD5243c56a15bf39686f56af765b982eeac
SHA1714541ebe203ca0db41f9c96ae7c62cc035f447f
SHA2560ae8664f29c463d433958652583cefdd9621f50cab1553a0516ac68e635d4a2b
SHA512981f6f2da34eecf88e75b588f751b7c75796d31265f38d8cfffe110d08b0920f533c8596c0b1ae84ccd52315a7e69456d8b8c2b8bd11a0561ee4a5e374d84fc6
-
Filesize
171B
MD5f0c899cc02928d28f63ff5a9e3702c04
SHA1503e4949351905ee9572d59fabb6af2da76b6213
SHA25679dec494942b654c2c98dcf876b46ebccc8b536dda5d96eb673c11ccde0a2a97
SHA5129e41d2ee72014746a76e4476ff15c7b67c88042dbdeb89e9e7986f7dc5aa5311686d8bfc10f45e9346b32ceb0d818bd97e7445de1930fe1ac89b51eba1618ea7
-
Filesize
3KB
MD5824e41232dfc7bf860550cfca466c99f
SHA13e942b07782aa3621dc7e63ea4b7ba5f763ff7fa
SHA256eeabcdabb46a4db5a2c768cc81cb834f798a7bf23182efe2f2efbc251047ddf7
SHA512636e5fde654c5ae1475de430990abb0486d63bda498c49db9006337b108bd315b8bb58759761bf20cc58ecc82c6b9ba4be492d8d3269e5b97e907e6499b284b7
-
Filesize
62B
MD5e9ab24035aa50dbb14927712774c728e
SHA187297648b2dff5d569e3df4631e56d247974b746
SHA256fb8e8996ceef1ddd3012fbe0477a71df0f8ea516f5342626c4b279ac7fee6b52
SHA51276a01ec441e5e728f537c1c1905235584e9ed2f837f9115c5eccff5a747f766c93933237356726bd93d19c83289f0785c779dd487e681dcb388bdc44b4240ec4
-
Filesize
70B
MD503f6031b08c9498f0d217d5ef125fb73
SHA158896c441c77f5c901b0222d8411434771868fb4
SHA2565abdc6568dd60ee890f74f364fb8893db0cd9c5f0b4bb6130f19d5dd1fbbc0c8
SHA512f9b4022bb48abfe84698d10bba641d46c6bf98fd00e03c9f062ea30af206311c15c367da9ae57b47a8bcb076f97ede7f3e12e6a3762dab8b6d920eda51b533bc
-
Filesize
59B
MD52e760f33dde67d5766e213336430c4a0
SHA1ec5243da69177240d7c4141a1749d3d471781569
SHA25608f670d6bf7560b51d4f20cdd1959416991066d8bbfa762248a0fcf5b297070c
SHA5123738b9e037e90c947d401a4bce77c2918c678b09c801a15867936214a4d974d63d0a4c7783430db9836122c3291edc1bb809ba0cde9ca6251da9bfd453b28532
-
Filesize
165B
MD591469388e656934252d50a5fb27b339e
SHA13a02cf8c7f4a52b09ebe17d23d55b3b1cdd68502
SHA2562c9952de05f288eae9382ba16606e8b7d7ec220c26d77ef306f3b96ca0cf3587
SHA5129a55792a83c69e5e3960d7e94062172b9cb3142e801f27b9b0575af053b10619d8856827a89de1f2bf809e1d97c2e4d20c32a5049a34dae496c5c0598616ce3c
-
Filesize
41KB
MD5e614d54fcabadbb8d05d82fab8113d46
SHA1b54f237b01b7c286b23a266b48a55e7e75919c39
SHA2565275ea5e7587b1cf4370811d9ea5c1fa895344ff46adef84fc8e77225ee46f3e
SHA51271ac3ec1f7cae270620f51b860a730d6dc98d23eeb1c76fe9488b79fddee3df1652b1b9de65a698feffd4e4e28f831b248a28e9012590e9b2f9bd354e6480c61
-
Filesize
8KB
MD5725d430e1f1cdc12d7386def01c0c37c
SHA15a70b8c7d74106ec24eefe8e8e79de12d493252a
SHA256cc647657d0ba3a67c7ce465ebe044ecd45409983043f65912320c2c864cc6297
SHA512ff46219d6fc208dcd60ddb8e8b06771b3384cfe6908bd6663a28cf64636a5010a8f6765ada18ee16627a732e2db314d57b66de6908e418b492aa97eceed61260
-
Filesize
218B
MD5328c251f4d2ed54ec4f0a7810b267a47
SHA1d09e0e879f3c11e863e97ebef05bac32bda4bfb0
SHA25637e139e42acb98c35566cd5399a97c54ea7bf66a50cf6071182d84749ae5cbeb
SHA5124dcc9d39753fb69ab187c1fe420742275d6325d3bf515b3a511588a9ca9b8c3f135e307f59433880939a688a4cac0e00b7786e516a1634a0ce653fba864d225f
-
Filesize
96B
MD59a7b2f3009638ea69bdc6a039140c59d
SHA17538e55dbfa9a4abff83e69ed179eedb9ffb8fa6
SHA256e43c028722f303535f437e3e707dd68d2b1f312ea171dd10c5a72383d1e80227
SHA5123e31af0f2de1d5c76b2cbc93cd0c2fa971f09c641b65c48e153c4ad8a096687706a44d3e8d18f412117699d102a3f642407dbf34146203bf2d496d9b44b0ff11
-
Filesize
94B
MD59ce04389dadce7e24c45bd0f7f251293
SHA1d4496348f5648eb78b755d0eb4dca409f40d95da
SHA256efd3040779dd20bec6946d2c0ad66ffcf7ed7a95c1c7787c1321f43d4a39404b
SHA512c280ab057e73993c0cbcf46b106c63110dfcf65e4f44365a56e233a4642dc3037ca693ce33a3cb50af6f31c0dfdb2b10f85ff756e50f71afe899c105f9c33c5d
-
Filesize
1.2MB
MD54768956e02a41b7e2032707b7c65a52a
SHA1eb730a2e6f2b0497ee9731c488b02f0e68105942
SHA256c50c0434ac58766df76b0ffb3fdd9489a6d8ea7b8789f0bfbb3fb78299a00060
SHA512afae3c09e482e6577f4e79013b6d2dc1ce89a00a2ef5571074931da9bc91aceb53a01298dd3072325034ecd1ea0ec92dda630c06433dcd458ba7ac574778848c
-
Filesize
2.7MB
MD55907bdc6596cfe0108c63176fefd23c4
SHA1c4d71fe62de457f85bf8e084b0ed76090c92fca6
SHA256398a1da4927ee13b67fda9f440b013bedd7169db36925ef057ae06ec1dd64094
SHA512bbd04701e9652928ebf45468b027c211470c4cccc9333e644f42f27e97e4df2ebb4dd9301e35a7d4d744f570b9ad11951ba871f9812fcd6f85472c6f9dc42a44