Analysis

  • max time kernel
    1279827s
  • max time network
    146s
  • platform
    android_x86_64
  • resource
    android-x86_64
  • submitted
    19-03-2021 20:55

General

  • Target

    f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184.apk

  • Size

    2.7MB

  • MD5

    894c537df61c9e9390fac65486db464f

  • SHA1

    b59c6320e0cb6c35f8626104fc0baf7a04bd87a8

  • SHA256

    f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184

  • SHA512

    6bcce45ddbd0d5b49cad214c9025cebc40e50f70f991bee71422f060e8a96cc63fa415f882e55b7de63e6d9b4f3ad550b54d6ee49860f31dac4c4f23fb1e2697

Malware Config

Extracted

Family

ginp

C2

http://fatgoose.top/api201/

http://purefoe.cc/api201/

http://nicemovement.top/api201/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 27 IoCs

Processes

  • net.quality.notice
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:3629

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads