Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    159s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20/02/2024, 22:01

General

  • Target

    b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk

  • Size

    2.7MB

  • MD5

    7b6ecf573f7972d9bc594172e36cf3d8

  • SHA1

    4e9eb1094a7d9ca54dadf72a376a2ed264c1a923

  • SHA256

    b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2

  • SHA512

    cd0037fd9ce90b1f22ce32e74b8520c508dbe34e98e29fb6cf8af4a82f7eac190a2b3c5dd3fa9125d6db1e9f8cb767314c01ccd87480439c9916e07e3d878365

  • SSDEEP

    49152:D7HKtFW7IKP5Wb3LFNvWkeglhpQf/vfnOmpeTzRnYBo/YE1ZuBoi:D7q67I25WzLTepPOC8RnYC/YEZc7

Malware Config

Extracted

Family

ginp

Version

2.8e

Botnet

mp15

C2

http://wholepartyhere.top/

http://insideluck.cc/

Attributes
  • uri

    api202

Extracted

Family

ginp

C2

http://wholepartyhere.top/api202/

http://insideluck.cc/api202/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

Processes

  • com.task.explain
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4470

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.task.explain/app_DynamicOptDex/oat/ukhrfEB.json.cur.prof

    Filesize

    272B

    MD5

    ca1b359432f733a9d4f4c447eb7d4fa9

    SHA1

    53f76432113143ec1fecd33ad50853c0aa932cf8

    SHA256

    943d4298bb78c65554b3aa41d5160c74a6eb234f2ba7a0ee654ed5fa9fd6bbe0

    SHA512

    425ef74040cf1dc90339ddce07a13f54d676cb2deba3a1b16a9e7772d3106f58869b34bb0e5481cb5bd0e5caa6e3f52e10799880745a7fe4e95634ad9ea4c6b1

  • /data/user/0/com.task.explain/app_DynamicOptDex/ukhrfEB.json

    Filesize

    239KB

    MD5

    6af5341b4e7dfed83e58c41fb1ff085d

    SHA1

    db7ebc7cde4331fe9a7ba4ffc5fcfb37c8fb1196

    SHA256

    4caff50d14444916a6d902395b7a494034d12b54a48c82e5c6bee72946d015a0

    SHA512

    462fa5e9e30c16712a4ba438f683e76099a9f2505144dd4498c5adf5eaf4b923a0acbff623c609e36911a6ee815d7247ed3b32ef26983e3aac550d4f9e653281

  • /data/user/0/com.task.explain/app_DynamicOptDex/ukhrfEB.json

    Filesize

    239KB

    MD5

    a356b379ab111eb7609c17ac23b7022b

    SHA1

    4d1fa3eb0bba094c345a3e905204ded059d388ab

    SHA256

    4954df708fbaedf0d1899fc2076f502a3b58091b85e88f119879d784c28aa99c

    SHA512

    0d8270743348b66f2ac031184d7d4596748ccf9a494d1cd4c79b1f77716dad23a47a43d6e868dabdad69f969228b60e84750a2eaddcaa0f418e95fab1be17a48