cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

General
Target

cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

Size

2MB

Sample

210319-vxyg8aqfka

Score
10 /10
MD5

70631fb6b1230cdf37297cd4663ee3f7

SHA1

b3afc81d7e6e0c76dd384ded11cb132948888bba

SHA256

cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

SHA512

e5a62f09e2eabf6ed788fe316377a992d766faaa8940eb22134e1fd3bf4b9cc2e6a96360cc62be6ea0bf95353e8115577e37a2183983805eb8d90fb1b6201316

Malware Config

Extracted

Family ginp
C2

http://fatgoose.top/api201/

http://purefoe.cc/api201/

Targets
Target

cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

MD5

70631fb6b1230cdf37297cd4663ee3f7

Filesize

2MB

Score
10 /10
SHA1

b3afc81d7e6e0c76dd384ded11cb132948888bba

SHA256

cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

SHA512

e5a62f09e2eabf6ed788fe316377a992d766faaa8940eb22134e1fd3bf4b9cc2e6a96360cc62be6ea0bf95353e8115577e37a2183983805eb8d90fb1b6201316

Tags

Signatures

  • Ginp

    Description

    Ginp is an android banking trojan first seen in mid 2019.

    Tags

  • Removes its main activity from the application launcher

  • Loads dropped Dex/Jar

    Description

    Runs executable file dropped to the device during analysis.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks