Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

6a770d4c5b...1a.apk

android-10-x64

10

6a770d4c5b...1a.apk

android-11-x64

10

6a770d4c5b...1a.apk

android-9-x86

10

Resubmissions

15/05/2023, 13:16 UTC

230515-qh2mhadh4y 10

15/05/2023, 13:09 UTC

230515-qd7b7afe46 10

22/12/2022, 10:46 UTC

221222-mt6h2she4s 8

10/01/2022, 13:52 UTC

220110-q6w2xsefbq 10

Analysis

  • max time kernel
    529582s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    15/05/2023, 13:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a770d4c5ba6ec625850de3ba3bd6310d86c229b6bccb50b09a54d3ec038cc1a.apk

  • Size

    3.3MB

  • MD5

    8ca486570b19cc54f9c32a8e76470512

  • SHA1

    4396a2c67dae81a4c8d9dd6b790a832e1b8828ec

  • SHA256

    6a770d4c5ba6ec625850de3ba3bd6310d86c229b6bccb50b09a54d3ec038cc1a

  • SHA512

    6c60e5e8f9850dfa5fac9dfd04768665aca7835a04a4a85f94e2557df952f3a044a1dede341bbbdb4d94894e74b5cd39486e81f3104f99794f7640502bf8634b

  • SSDEEP

    49152:wrUHKdXkwog2tPajlu95sb9z1p/MUL+geWaOiNGyahG/5rovr/OIZKDLzFGih/P:Gp6spVz1p/FL+caNGyahGkr/ncDLzlP

Score
10/10
ginpmp6bankerevasioninfostealertrojan

Malware Config

Extracted

Family

ginp

Version

2.8e

Botnet

mp6

C2

http://closedcloset.top/

http://insideluck.cc/
Attributes
  • uri

    api202

Extracted

Family

ginp

C2

http://closedcloset.top/api202/

http://insideluck.cc/api202/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

    bankertrojaninfostealerginp
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • someone.audit.crawl
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4291

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.251.36.46
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.251.36.46
  • flag-us
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
    Response
    infinitedata-pa.googleapis.com
    IN A
    142.251.39.106
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.138
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.170
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.42
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.10
    infinitedata-pa.googleapis.com
    IN A
    172.217.168.234
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.202
    infinitedata-pa.googleapis.com
    IN A
    172.217.23.202
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
    Response
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
    Response
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
    Response
  • flag-us
    DNS
    closedcloset.top
    Remote address:
    1.1.1.1:53
    Request
    closedcloset.top
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.251.39.110
  • flag-us
    DNS
    insideluck.cc
    Remote address:
    1.1.1.1:53
    Request
    insideluck.cc
    IN A
    Response
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • 142.251.36.46:443
    android.apis.google.com
    tls
    867 B
     4.6kB
     6
    5
  • 142.251.36.46:443
    android.apis.google.com
    tls
    919 B
     4.6kB
     7
    5
  • 172.217.168.226:443
    520 B
     10
  • 142.251.39.102:443
    520 B
     10
  • 142.251.39.106:443
    infinitedata-pa.googleapis.com
    tls
    1.5kB
     6.0kB
     13
    12
  • 142.251.39.110:443
    android.apis.google.com
    tls
    10.2kB
     12.2kB
     34
    33
  • 142.251.39.110:443
    android.apis.google.com
    tls
    2.5kB
     5.9kB
     9
    7
  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.251.36.46

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.251.36.46

  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    76 B
     204 B
     1
    1

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Response

    142.251.39.106
    142.250.179.138
    142.250.179.170
    142.251.36.42
    142.251.36.10
    172.217.168.234
    142.250.179.202
    172.217.23.202

  • 1.1.1.1:53
    closedcloset.top
    dns
    124 B
     2

    DNS Request

    closedcloset.top

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
     2

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

  • 1.1.1.1:53
    closedcloset.top
    dns
    124 B
     2

    DNS Request

    closedcloset.top

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    closedcloset.top
    dns
    62 B
     132 B
     1
    1

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    closedcloset.top
    dns
    124 B
     2

    DNS Request

    closedcloset.top

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    closedcloset.top
    dns
    62 B
     132 B
     1
    1

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    closedcloset.top
    dns
    62 B
     132 B
     1
    1

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    closedcloset.top
    dns
    62 B
     132 B
     1
    1

    DNS Request

    closedcloset.top

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.251.39.110

  • 1.1.1.1:53
    insideluck.cc
    dns
    59 B
     126 B
     1
    1

    DNS Request

    insideluck.cc

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
     2

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/someone.audit.crawl/app_DynamicOptDex/cZf.json
    Filesize

    246KB

    MD5

    6c28bd2b1d1983c4d560cc6c72a26e1c

    SHA1

    eb212ea0794609c98812ff8bd5fec0a094c6ecf6

    SHA256

    013e1afe493332baa48d16230678463f60c603b1e6b808b371b20d1bfbf27435

    SHA512

    c252ebc9c33fa377fcb8955c420dbdffd693110303f560e4b5b2896ad6712dac9ff619e456985f2ed973a9ed8fb0d339bf80e8d17120f0e74842553a87bfa164

    Download Submit

  • /data/user/0/someone.audit.crawl/app_DynamicOptDex/cZf.json
    Filesize

    246KB

    MD5

    0bb2f793db509eeb9b64b2e7dbadb3b0

    SHA1

    b0a08381dbec074b669e8a13990be9450f0c8c9f

    SHA256

    2777d7506b8afdf6dfea88a03dcc35e8b046eb8d0a6b796b2b02b1a321de3a00

    SHA512

    472369787b7257937120682168624b2c094733572d02392ca7fbb9954afe00035a3b69e7848d501476d7e76513699f4493392422b74b5e2553535c2bab1acfbf

    Download Submit

  • /data/user/0/someone.audit.crawl/app_DynamicOptDex/cZf.json
    Filesize

    246KB

    MD5

    0bb2f793db509eeb9b64b2e7dbadb3b0

    SHA1

    b0a08381dbec074b669e8a13990be9450f0c8c9f

    SHA256

    2777d7506b8afdf6dfea88a03dcc35e8b046eb8d0a6b796b2b02b1a321de3a00

    SHA512

    472369787b7257937120682168624b2c094733572d02392ca7fbb9954afe00035a3b69e7848d501476d7e76513699f4493392422b74b5e2553535c2bab1acfbf

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.