f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184

General
Target

f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184

Size

2MB

Sample

210319-abewf1vxbe

Score
10 /10
MD5

894c537df61c9e9390fac65486db464f

SHA1

b59c6320e0cb6c35f8626104fc0baf7a04bd87a8

SHA256

f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184

SHA512

6bcce45ddbd0d5b49cad214c9025cebc40e50f70f991bee71422f060e8a96cc63fa415f882e55b7de63e6d9b4f3ad550b54d6ee49860f31dac4c4f23fb1e2697

Malware Config

Extracted

Family ginp
C2

http://fatgoose.top/api201/

http://purefoe.cc/api201/

http://nicemovement.top/api201/

Targets
Target

f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184

MD5

894c537df61c9e9390fac65486db464f

Filesize

2MB

Score
10 /10
SHA1

b59c6320e0cb6c35f8626104fc0baf7a04bd87a8

SHA256

f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184

SHA512

6bcce45ddbd0d5b49cad214c9025cebc40e50f70f991bee71422f060e8a96cc63fa415f882e55b7de63e6d9b4f3ad550b54d6ee49860f31dac4c4f23fb1e2697

Tags

Signatures

  • Ginp

    Description

    Ginp is an android banking trojan first seen in mid 2019.

    Tags

  • Removes its main activity from the application launcher

  • Loads dropped Dex/Jar

    Description

    Runs executable file dropped to the device during analysis.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks