General

  • Target

    cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

  • Size

    2.7MB

  • Sample

    210319-vxyg8aqfka

  • MD5

    70631fb6b1230cdf37297cd4663ee3f7

  • SHA1

    b3afc81d7e6e0c76dd384ded11cb132948888bba

  • SHA256

    cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

  • SHA512

    e5a62f09e2eabf6ed788fe316377a992d766faaa8940eb22134e1fd3bf4b9cc2e6a96360cc62be6ea0bf95353e8115577e37a2183983805eb8d90fb1b6201316

Malware Config

Extracted

Family

ginp

C2

http://fatgoose.top/api201/

http://purefoe.cc/api201/

Targets

    • Target

      cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

    • Size

      2.7MB

    • MD5

      70631fb6b1230cdf37297cd4663ee3f7

    • SHA1

      b3afc81d7e6e0c76dd384ded11cb132948888bba

    • SHA256

      cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

    • SHA512

      e5a62f09e2eabf6ed788fe316377a992d766faaa8940eb22134e1fd3bf4b9cc2e6a96360cc62be6ea0bf95353e8115577e37a2183983805eb8d90fb1b6201316

    • Ginp

      Ginp is an android banking trojan first seen in mid 2019.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

MITRE ATT&CK Matrix

Tasks