ginp | 7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3

Resubmissions

15-05-2023 13:26

230515-qpg7fadh7y 10

16-04-2021 13:12

210416-zkqwzxaw7j 10

Analysis

max time kernel
3671197s
max time network
151s
platform
android_x86
resource
android-x86_arm
submitted
16-04-2021 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3.apk
Size

2.4MB
MD5

1f0e4bab258a2d3f5bc1148c7e90558f
SHA1

906b985c2826b0a9f8a7617a7c5305a0a9c7e742
SHA256

7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3
SHA512

9ce0b61ef0cd95ab29a11ebe12676ba2fb02dfff3acf929ff2930f94b5ba260cd383739ef7e45a94c41d45c1fd3d3e235f3182e3fafbe2fc525caf6712c63123

Score

10^/10

ginp banker infostealer obfuscation stealth trojan

Malware Config

Extracted

Family

ginp

http://kingsallivan.top/api201/

http://silverball.cc/api201/

Signatures

Ginp
Ginp is an android banking trojan first seen in mid 2019.
banker trojan infostealer ginp
Removes its main activity from the application launcher 1 IoCs
stealth trojan

Processes:

dove.stamp.car

pid process

4661 dove.stamp.car
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

dove.stamp.car

ioc pid process

/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json 4661 dove.stamp.car

pid	process
4661	dove.stamp.car

ioc	pid	process
/data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json	4661	dove.stamp.car

Uses reflection 25 IoCs

obfuscation

Processes:

dove.stamp.car

description	pid	process
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method android.content.res.AssetManager.addAssetPath	4661	dove.stamp.car
Invokes method android.app.ContextImpl.getAssets	4661	dove.stamp.car
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method android.content.res.AssetManager.open	4661	dove.stamp.car
Invokes method java.io.FilterInputStream.read	4661	dove.stamp.car
Invokes method java.io.FilterInputStream.read	4661	dove.stamp.car
Invokes method java.io.BufferedInputStream.read	4661	dove.stamp.car
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method java.io.BufferedInputStream.close	4661	dove.stamp.car
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method java.lang.String.getBytes	4661	dove.stamp.car
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method java.io.FileOutputStream.write	4661	dove.stamp.car
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method java.io.FilterOutputStream.close	4661	dove.stamp.car
Invokes method android.app.ActivityThread.currentActivityThread	4661	dove.stamp.car
Acesses field android.app.ActivityThread.mPackages	4661	dove.stamp.car
Invokes method java.lang.reflect.Field.get	4661	dove.stamp.car
Invokes method java.lang.Object.getClass	4661	dove.stamp.car
Invokes method java.lang.ref.Reference.get	4661	dove.stamp.car
Invokes method java.lang.ref.Reference.get	4661	dove.stamp.car
Acesses field android.app.LoadedApk.mClassLoader	4661	dove.stamp.car
Invokes method java.lang.reflect.Field.get	4661	dove.stamp.car
Acesses field android.app.LoadedApk.mClassLoader	4661	dove.stamp.car

dove.stamp.car
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Uses reflection
PID:4661

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads