Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
159s -
max time network
149s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
20/02/2024, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk
Resource
android-x64-20231215-en
General
-
Target
b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk
-
Size
2.7MB
-
MD5
7b6ecf573f7972d9bc594172e36cf3d8
-
SHA1
4e9eb1094a7d9ca54dadf72a376a2ed264c1a923
-
SHA256
b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2
-
SHA512
cd0037fd9ce90b1f22ce32e74b8520c508dbe34e98e29fb6cf8af4a82f7eac190a2b3c5dd3fa9125d6db1e9f8cb767314c01ccd87480439c9916e07e3d878365
-
SSDEEP
49152:D7HKtFW7IKP5Wb3LFNvWkeglhpQf/vfnOmpeTzRnYBo/YE1ZuBoi:D7q67I25WzLTepPOC8RnYC/YEZc7
Malware Config
Extracted
ginp
2.8e
mp15
http://wholepartyhere.top/
http://insideluck.cc/
-
uri
api202
Extracted
ginp
http://wholepartyhere.top/api202/
http://insideluck.cc/api202/
Signatures
-
Ginp
Ginp is an android banking trojan first seen in mid 2019.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.task.explain Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.task.explain Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.task.explain -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
description ioc Process Framework service call android.content.pm.IPackageManager.getInstalledApplications com.task.explain -
pid Process 4470 com.task.explain -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.task.explain/app_DynamicOptDex/ukhrfEB.json 4470 com.task.explain /data/user/0/com.task.explain/app_DynamicOptDex/ukhrfEB.json 4470 com.task.explain -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.task.explain -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.task.explain
Processes
-
com.task.explain1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4470
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
272B
MD5ca1b359432f733a9d4f4c447eb7d4fa9
SHA153f76432113143ec1fecd33ad50853c0aa932cf8
SHA256943d4298bb78c65554b3aa41d5160c74a6eb234f2ba7a0ee654ed5fa9fd6bbe0
SHA512425ef74040cf1dc90339ddce07a13f54d676cb2deba3a1b16a9e7772d3106f58869b34bb0e5481cb5bd0e5caa6e3f52e10799880745a7fe4e95634ad9ea4c6b1
-
Filesize
239KB
MD56af5341b4e7dfed83e58c41fb1ff085d
SHA1db7ebc7cde4331fe9a7ba4ffc5fcfb37c8fb1196
SHA2564caff50d14444916a6d902395b7a494034d12b54a48c82e5c6bee72946d015a0
SHA512462fa5e9e30c16712a4ba438f683e76099a9f2505144dd4498c5adf5eaf4b923a0acbff623c609e36911a6ee815d7247ed3b32ef26983e3aac550d4f9e653281
-
Filesize
239KB
MD5a356b379ab111eb7609c17ac23b7022b
SHA14d1fa3eb0bba094c345a3e905204ded059d388ab
SHA2564954df708fbaedf0d1899fc2076f502a3b58091b85e88f119879d784c28aa99c
SHA5120d8270743348b66f2ac031184d7d4596748ccf9a494d1cd4c79b1f77716dad23a47a43d6e868dabdad69f969228b60e84750a2eaddcaa0f418e95fab1be17a48