ginp | cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9

Analysis

max time kernel
1279920s
max time network
158s
platform
android_x86_64
resource
android-x86_64_arm64
submitted
19-03-2021 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9.apk
Size

2.7MB
MD5

70631fb6b1230cdf37297cd4663ee3f7
SHA1

b3afc81d7e6e0c76dd384ded11cb132948888bba
SHA256

cf7072af58c9f9b6659ff0399238b46bd5e00757d97f05ebb7aa5def9d7e8cf9
SHA512

e5a62f09e2eabf6ed788fe316377a992d766faaa8940eb22134e1fd3bf4b9cc2e6a96360cc62be6ea0bf95353e8115577e37a2183983805eb8d90fb1b6201316

Score

10^/10

ginp banker infostealer obfuscation stealth trojan

Malware Config

Extracted

Family

ginp

http://fatgoose.top/api201/

http://purefoe.cc/api201/

Signatures

Ginp
Ginp is an android banking trojan first seen in mid 2019.
banker trojan infostealer ginp

Removes its main activity from the application launcher 1 IoCs

stealth trojan

Processes:

perfect.purpose.announce

pid	Process
4524	perfect.purpose.announce

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

perfect.purpose.announce

ioc	pid	Process
/data/user/0/perfect.purpose.announce/app_DynamicOptDex/MWHheST.json	4524	perfect.purpose.announce
/data/user/0/perfect.purpose.announce/app_DynamicOptDex/MWHheST.json	4524	perfect.purpose.announce

Uses reflection 27 IoCs

obfuscation

Processes:

perfect.purpose.announce

description	pid	Process
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method android.content.res.AssetManager.addAssetPath	4524	perfect.purpose.announce
Invokes method android.app.ContextImpl.getAssets	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method android.content.res.AssetManager.open	4524	perfect.purpose.announce
Invokes method java.io.FilterInputStream.read	4524	perfect.purpose.announce
Invokes method java.io.FilterInputStream.read	4524	perfect.purpose.announce
Invokes method java.io.BufferedInputStream.read	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method java.io.BufferedInputStream.close	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method java.lang.String.getBytes	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method java.io.FileOutputStream.write	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method java.io.BufferedInputStream.close	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method java.io.FilterOutputStream.close	4524	perfect.purpose.announce
Invokes method android.app.ActivityThread.currentActivityThread	4524	perfect.purpose.announce
Acesses field android.app.ActivityThread.mPackages	4524	perfect.purpose.announce
Invokes method java.lang.reflect.Field.get	4524	perfect.purpose.announce
Invokes method java.lang.Object.getClass	4524	perfect.purpose.announce
Invokes method java.lang.ref.Reference.get	4524	perfect.purpose.announce
Invokes method java.lang.ref.Reference.get	4524	perfect.purpose.announce
Acesses field android.app.LoadedApk.mClassLoader	4524	perfect.purpose.announce
Invokes method java.lang.reflect.Field.get	4524	perfect.purpose.announce
Acesses field android.app.LoadedApk.mClassLoader	4524	perfect.purpose.announce

perfect.purpose.announce
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Uses reflection
PID:4524

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads