Overview

overview

10

Static

static

7

6a770d4c5b...1a.apk

android_x64

10

Resubmissions

15-05-2023 13:16

230515-qh2mhadh4y 10

15-05-2023 13:09

230515-qd7b7afe46 10

22-12-2022 10:46

221222-mt6h2she4s 8

10-01-2022 13:52

220110-q6w2xsefbq 10

Analysis

  • max time kernel
    1145681s
  • max time network
    80s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    10-01-2022 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a770d4c5ba6ec625850de3ba3bd6310d86c229b6bccb50b09a54d3ec038cc1a.apk

  • Size

    3.3MB

  • MD5

    8ca486570b19cc54f9c32a8e76470512

  • SHA1

    4396a2c67dae81a4c8d9dd6b790a832e1b8828ec

  • SHA256

    6a770d4c5ba6ec625850de3ba3bd6310d86c229b6bccb50b09a54d3ec038cc1a

  • SHA512

    6c60e5e8f9850dfa5fac9dfd04768665aca7835a04a4a85f94e2557df952f3a044a1dede341bbbdb4d94894e74b5cd39486e81f3104f99794f7640502bf8634b

Score
10/10
ginpbankerinfostealertrojan

Malware Config

Extracted

Family

ginp

C2

http://closedcloset.top/api202/

http://insideluck.cc/api202/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

    bankertrojaninfostealerginp
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • someone.audit.crawl
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads