Analysis Overview
score
10/10
SHA256
f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184
Threat Level: Known bad
The file f9e0fd26bdf1ef7a5cc255616368c8d0df6bb68e4d787e3bc1cee1b104f05184 was found to be: Known bad.
Malicious Activity Summary
Ginp
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2021-03-19 20:55
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2021-03-19 20:55
Reported
2021-03-19 20:59
Platform
android-x86_64
Max time kernel
1279827s
Max time network
146s
Command Line
net.quality.notice
Signatures
Ginp
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/net.quality.notice/app_DynamicOptDex/dUNteYu.json | N/A | N/A |
| N/A | /data/user/0/net.quality.notice/app_DynamicOptDex/dUNteYu.json | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method android.content.res.AssetManager.addAssetPath | N/A | N/A | N/A |
| Invokes method android.app.ContextImpl.getAssets | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method android.content.res.AssetManager.open | N/A | N/A | N/A |
| Invokes method java.io.FilterInputStream.read | N/A | N/A | N/A |
| Invokes method java.io.FilterInputStream.read | N/A | N/A | N/A |
| Invokes method java.io.BufferedInputStream.read | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.BufferedInputStream.close | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.lang.String.getBytes | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.FileOutputStream.write | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.BufferedInputStream.close | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.FilterOutputStream.close | N/A | N/A | N/A |
| Invokes method android.app.ActivityThread.currentActivityThread | N/A | N/A | N/A |
| Acesses field android.app.ActivityThread.mPackages | N/A | N/A | N/A |
| Invokes method java.lang.reflect.Field.get | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.lang.ref.Reference.get | N/A | N/A | N/A |
| Invokes method java.lang.ref.Reference.get | N/A | N/A | N/A |
| Acesses field android.app.LoadedApk.mClassLoader | N/A | N/A | N/A |
| Invokes method java.lang.reflect.Field.get | N/A | N/A | N/A |
| Acesses field android.app.LoadedApk.mClassLoader | N/A | N/A | N/A |
Processes
net.quality.notice
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 8.8.8.8:53 | play.googleapis.com | udp |
| N/A | 216.239.35.8:123 | time.android.com | udp |
| N/A | 8.8.4.4:53 | play.googleapis.com | udp |
| N/A | 8.8.8.8:53 | fatgoose.top | udp |
| N/A | 8.8.8.8:53 | play.googleapis.com | udp |
| N/A | 8.8.8.8:53 | purefoe.cc | udp |
| N/A | 8.8.4.4:53 | play.googleapis.com | udp |
| N/A | 47.254.151.225:80 | purefoe.cc | tcp |
| N/A | 47.254.151.225:80 | purefoe.cc | tcp |
| N/A | 8.8.8.8:53 | nicemovement.top | udp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 10.3.0.20:5353 | udp | |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
| N/A | 47.254.151.225:80 | nicemovement.top | tcp |
Files
N/A