Malware Analysis Report

2024-09-09 13:27

Sample ID 210415-4dwxw159p2
Target 1c00a0bd53a4f42bd3eaf36bac4ee593e57cce5b02f3ac8fe6139338abbe3ab4
SHA256 1c00a0bd53a4f42bd3eaf36bac4ee593e57cce5b02f3ac8fe6139338abbe3ab4
Tags
ginp banker infostealer obfuscation stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1c00a0bd53a4f42bd3eaf36bac4ee593e57cce5b02f3ac8fe6139338abbe3ab4

Threat Level: Known bad

The file 1c00a0bd53a4f42bd3eaf36bac4ee593e57cce5b02f3ac8fe6139338abbe3ab4 was found to be: Known bad.

Malicious Activity Summary

ginp banker infostealer obfuscation stealth trojan

Ginp

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Uses reflection

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2021-04-15 09:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-04-15 09:25

Reported

2021-04-15 09:40

Platform

android-x86_arm

Max time kernel

3571905s

Max time network

154s

Command Line

lounge.margin.member

Signatures

Ginp

banker trojan infostealer ginp

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/lounge.margin.member/app_DynamicOptDex/peCpJj.json N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method android.content.res.AssetManager.addAssetPath N/A N/A N/A
Invokes method android.app.ContextImpl.getAssets N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method android.content.res.AssetManager.open N/A N/A N/A
Invokes method java.io.FilterInputStream.read N/A N/A N/A
Invokes method java.io.FilterInputStream.read N/A N/A N/A
Invokes method java.io.BufferedInputStream.read N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method java.io.BufferedInputStream.close N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method java.lang.String.getBytes N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method java.io.FileOutputStream.write N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method java.io.BufferedInputStream.close N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method java.io.FilterOutputStream.close N/A N/A N/A
Invokes method android.app.ActivityThread.currentActivityThread N/A N/A N/A
Acesses field android.app.ActivityThread.mPackages N/A N/A N/A
Invokes method java.lang.reflect.Field.get N/A N/A N/A
Invokes method java.lang.Object.getClass N/A N/A N/A
Invokes method java.lang.ref.Reference.get N/A N/A N/A
Invokes method java.lang.ref.Reference.get N/A N/A N/A
Acesses field android.app.LoadedApk.mClassLoader N/A N/A N/A
Invokes method java.lang.reflect.Field.get N/A N/A N/A
Acesses field android.app.LoadedApk.mClassLoader N/A N/A N/A

Processes

lounge.margin.member

Network

Country Destination Domain Proto
N/A 172.217.17.74:443 tcp
N/A 172.217.17.74:443 tcp
N/A 142.250.27.188:5228 mtalk.google.com tcp
N/A 8.8.8.8:53 alt8-mtalk.google.com udp
N/A 8.8.8.8:53 fonts.gstatic.com udp
N/A 173.194.200.188:5228 alt8-mtalk.google.com tcp
N/A 216.58.211.106:443 tcp
N/A 172.217.19.195:443 fonts.gstatic.com tcp
N/A 224.0.0.251:5353 udp
N/A 172.217.17.74:443 tcp
N/A 8.8.8.8:53 telephonyspamprotect-pa.googleapis.com udp
N/A 142.250.179.138:443 telephonyspamprotect-pa.googleapis.com tcp
N/A 172.217.17.74:443 tcp
N/A 8.8.8.8:53 pagead2.googlesyndication.com udp
N/A 172.217.168.226:443 pagead2.googlesyndication.com tcp
N/A 8.8.8.8:53 fonts.gstatic.com udp
N/A 172.217.19.195:443 fonts.gstatic.com tcp
N/A 8.8.8.8:53 phonedeviceverification-pa.googleapis.com udp
N/A 172.217.168.234:443 phonedeviceverification-pa.googleapis.com tcp
N/A 8.8.8.8:53 cloudconfig.googleapis.com udp
N/A 216.58.214.10:443 cloudconfig.googleapis.com tcp
N/A 216.58.214.10:443 cloudconfig.googleapis.com tcp
N/A 216.58.214.10:443 cloudconfig.googleapis.com tcp
N/A 8.8.8.8:53 bigballgame.top udp
N/A 10.3.0.20:5353 udp
N/A 8.8.8.8:53 jackblack.cc udp
N/A 8.209.91.118:80 jackblack.cc tcp
N/A 142.250.27.188:5228 mtalk.google.com tcp
N/A 8.209.91.118:80 jackblack.cc tcp
N/A 8.8.8.8:53 sweetseventeen.top udp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp
N/A 8.209.91.118:80 sweetseventeen.top tcp

Files

N/A