Overview

overview

10

Static

static

7

7970f77d8a...d3.apk

android-10-x64

10

7970f77d8a...d3.apk

android-11-x64

10

7970f77d8a...d3.apk

android-9-x86

10

Resubmissions

15-05-2023 13:26

230515-qpg7fadh7y 10

16-04-2021 13:12

210416-zkqwzxaw7j 10

Analysis

  • max time kernel
    530149s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    15-05-2023 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3.apk

  • Size

    2.4MB

  • MD5

    1f0e4bab258a2d3f5bc1148c7e90558f

  • SHA1

    906b985c2826b0a9f8a7617a7c5305a0a9c7e742

  • SHA256

    7970f77d8abcfbbc16157d92e25b72a0924af067afec4b41be8d64df9d94bbd3

  • SHA512

    9ce0b61ef0cd95ab29a11ebe12676ba2fb02dfff3acf929ff2930f94b5ba260cd383739ef7e45a94c41d45c1fd3d3e235f3182e3fafbe2fc525caf6712c63123

  • SSDEEP

    49152:2BQO2V821lTHU/jkkfLKKW2CL9WPn+PMlhgQA0sp33wYzTG:NZaaTHmjk0LKKW9L9W2AhgxHp33wYzTG

Score
10/10
ginpmp51bankerinfostealertrojan

Malware Config

Extracted

Family

ginp

Version

2.8d

Botnet

mp51

C2

http://kingsallivan.top/

http://silverball.cc/
Attributes
  • uri

    api201

Extracted

Family

ginp

C2

http://kingsallivan.top/api201/

http://silverball.cc/api201/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

    bankertrojaninfostealerginp
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • dove.stamp.car
    1⤵
    • Loads dropped Dex/Jar
    PID:4789

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json
    Filesize

    452KB

    MD5

    fe241a1ec5210ac6c9e30132a332abdf

    SHA1

    fb580f40dd554eb76ed54597142212450f71603f

    SHA256

    0578313a15f52a3f68cf5c19cac9515cc38523eb70aa3f063549ca34f2741fc3

    SHA512

    88593bf4ba703dcbbd070aefc973bfc3106ca92c508ff9a5e2a9459341fee7c4e72d568db4a5ec85386acfe4e84ccbd4e578448ff277f841430fbb0bff410b0d

    Download Submit

  • /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json
    Filesize

    452KB

    MD5

    05688cbaafa85a19456ffa0a55489320

    SHA1

    47dc98e32fe01c9c4355bc49dd5ff3387c1baf31

    SHA256

    4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745

    SHA512

    97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

    Download Submit

  • /data/user/0/dove.stamp.car/app_DynamicOptDex/dFeJS.json
    Filesize

    452KB

    MD5

    05688cbaafa85a19456ffa0a55489320

    SHA1

    47dc98e32fe01c9c4355bc49dd5ff3387c1baf31

    SHA256

    4d37221e4697d4b22acb0a48aa73617993a3113dd439c358dc67f05a21010745

    SHA512

    97ac4110f97eedc1ea9f9c9b51d916982e578fa2e7efeb83fd857915ee81bee0251c2d90ea1c00fe5bfd94fbe0c3bdfb797a2668ed48a6dc0bff173a77c05ccd

    Download Submit