Analysis Overview
score
10/10
SHA256
1c00a0bd53a4f42bd3eaf36bac4ee593e57cce5b02f3ac8fe6139338abbe3ab4
Threat Level: Known bad
The file 1c00a0bd53a4f42bd3eaf36bac4ee593e57cce5b02f3ac8fe6139338abbe3ab4 was found to be: Known bad.
Malicious Activity Summary
Ginp
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2021-04-15 09:25
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2021-04-15 09:25
Reported
2021-04-15 09:40
Platform
android-x86_arm
Max time kernel
3571905s
Max time network
154s
Command Line
lounge.margin.member
Signatures
Ginp
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/lounge.margin.member/app_DynamicOptDex/peCpJj.json | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method android.content.res.AssetManager.addAssetPath | N/A | N/A | N/A |
| Invokes method android.app.ContextImpl.getAssets | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method android.content.res.AssetManager.open | N/A | N/A | N/A |
| Invokes method java.io.FilterInputStream.read | N/A | N/A | N/A |
| Invokes method java.io.FilterInputStream.read | N/A | N/A | N/A |
| Invokes method java.io.BufferedInputStream.read | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.BufferedInputStream.close | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.lang.String.getBytes | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.FileOutputStream.write | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.BufferedInputStream.close | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.io.FilterOutputStream.close | N/A | N/A | N/A |
| Invokes method android.app.ActivityThread.currentActivityThread | N/A | N/A | N/A |
| Acesses field android.app.ActivityThread.mPackages | N/A | N/A | N/A |
| Invokes method java.lang.reflect.Field.get | N/A | N/A | N/A |
| Invokes method java.lang.Object.getClass | N/A | N/A | N/A |
| Invokes method java.lang.ref.Reference.get | N/A | N/A | N/A |
| Invokes method java.lang.ref.Reference.get | N/A | N/A | N/A |
| Acesses field android.app.LoadedApk.mClassLoader | N/A | N/A | N/A |
| Invokes method java.lang.reflect.Field.get | N/A | N/A | N/A |
| Acesses field android.app.LoadedApk.mClassLoader | N/A | N/A | N/A |
Processes
lounge.margin.member
Network
| Country | Destination | Domain | Proto |
| N/A | 172.217.17.74:443 | tcp | |
| N/A | 172.217.17.74:443 | tcp | |
| N/A | 142.250.27.188:5228 | mtalk.google.com | tcp |
| N/A | 8.8.8.8:53 | alt8-mtalk.google.com | udp |
| N/A | 8.8.8.8:53 | fonts.gstatic.com | udp |
| N/A | 173.194.200.188:5228 | alt8-mtalk.google.com | tcp |
| N/A | 216.58.211.106:443 | tcp | |
| N/A | 172.217.19.195:443 | fonts.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 172.217.17.74:443 | tcp | |
| N/A | 8.8.8.8:53 | telephonyspamprotect-pa.googleapis.com | udp |
| N/A | 142.250.179.138:443 | telephonyspamprotect-pa.googleapis.com | tcp |
| N/A | 172.217.17.74:443 | tcp | |
| N/A | 8.8.8.8:53 | pagead2.googlesyndication.com | udp |
| N/A | 172.217.168.226:443 | pagead2.googlesyndication.com | tcp |
| N/A | 8.8.8.8:53 | fonts.gstatic.com | udp |
| N/A | 172.217.19.195:443 | fonts.gstatic.com | tcp |
| N/A | 8.8.8.8:53 | phonedeviceverification-pa.googleapis.com | udp |
| N/A | 172.217.168.234:443 | phonedeviceverification-pa.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | cloudconfig.googleapis.com | udp |
| N/A | 216.58.214.10:443 | cloudconfig.googleapis.com | tcp |
| N/A | 216.58.214.10:443 | cloudconfig.googleapis.com | tcp |
| N/A | 216.58.214.10:443 | cloudconfig.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | bigballgame.top | udp |
| N/A | 10.3.0.20:5353 | udp | |
| N/A | 8.8.8.8:53 | jackblack.cc | udp |
| N/A | 8.209.91.118:80 | jackblack.cc | tcp |
| N/A | 142.250.27.188:5228 | mtalk.google.com | tcp |
| N/A | 8.209.91.118:80 | jackblack.cc | tcp |
| N/A | 8.8.8.8:53 | sweetseventeen.top | udp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
| N/A | 8.209.91.118:80 | sweetseventeen.top | tcp |
Files
N/A