Analysis
-
max time kernel
150s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
20-02-2024 22:01
General
-
Target
b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk
-
Size
2.7MB
-
MD5
7b6ecf573f7972d9bc594172e36cf3d8
-
SHA1
4e9eb1094a7d9ca54dadf72a376a2ed264c1a923
-
SHA256
b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2
-
SHA512
cd0037fd9ce90b1f22ce32e74b8520c508dbe34e98e29fb6cf8af4a82f7eac190a2b3c5dd3fa9125d6db1e9f8cb767314c01ccd87480439c9916e07e3d878365
-
SSDEEP
49152:D7HKtFW7IKP5Wb3LFNvWkeglhpQf/vfnOmpeTzRnYBo/YE1ZuBoi:D7q67I25WzLTepPOC8RnYC/YEZc7
Malware Config
Extracted
ginp
2.8e
mp15
http://wholepartyhere.top/
http://insideluck.cc/
-
uri
api202
Extracted
ginp
http://wholepartyhere.top/api202/
http://insideluck.cc/api202/
Signatures
-
Ginp
Ginp is an android banking trojan first seen in mid 2019.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
com.task.explain1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.task.explain/app_DynamicOptDex/ukhrfEB.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.task.explain/app_DynamicOptDex/oat/x86/ukhrfEB.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
293B
MD5c3f48dea43ad54784bdc65612f2382f0
SHA19c6ef5432caa9b4c1e744c3afca4d5edad96a155
SHA256e854f35153ff6abdc275e99f5eb36034ba0b8c4e319451a9600bd802994b2e5f
SHA5128334696534b076f72cb35cb93d5d7e612093ed175cbbe9554e4e66a3e2e4b48c968aa01c486de02a4088f0098f7777ba53c7d5723163a524ab1066f994439287
-
Filesize
239KB
MD56af5341b4e7dfed83e58c41fb1ff085d
SHA1db7ebc7cde4331fe9a7ba4ffc5fcfb37c8fb1196
SHA2564caff50d14444916a6d902395b7a494034d12b54a48c82e5c6bee72946d015a0
SHA512462fa5e9e30c16712a4ba438f683e76099a9f2505144dd4498c5adf5eaf4b923a0acbff623c609e36911a6ee815d7247ed3b32ef26983e3aac550d4f9e653281
-
Filesize
239KB
MD5a356b379ab111eb7609c17ac23b7022b
SHA14d1fa3eb0bba094c345a3e905204ded059d388ab
SHA2564954df708fbaedf0d1899fc2076f502a3b58091b85e88f119879d784c28aa99c
SHA5120d8270743348b66f2ac031184d7d4596748ccf9a494d1cd4c79b1f77716dad23a47a43d6e868dabdad69f969228b60e84750a2eaddcaa0f418e95fab1be17a48
-
Filesize
239KB
MD503212b40ade4d4a0c181764d35843d9c
SHA15c6e1c14d3c5eacd5c7a1397b28cb49abcb562d0
SHA256dc781ec607a585db8ad003ab9ebb739e6478303445456533336e3e632a9447ac
SHA512c46e7af47b14ba5e4c59a9c48742dd409a0032e5e88540268741ff83d83e07ca01cada290471012e2087f9fe051399dde1b1a83d2616713b14fa843d267a8656