ginp | 392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238 | Triage

Sharing

General

Target

392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238.bin
Size

2.4MB
Sample

230807-y74gdshc56
MD5

e2ee98f1ec1e546acfd90372f4855975
SHA1

cd0ad67c662d53401d1cfc1cac01e38eef187b7c
SHA256

392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238
SHA512

a3f22aeb971b15c40aa2ecdde9d98fba6e6240775770097990871bcd44d594e8511e5bf80cf4cf3845711afdc55b16c0a1b92a80a25b0e9380bc915f5c67648b
SSDEEP

49152:ALWsSzhcy0kpJD63pfaGHbVQTgAW0DUGWv6+nVTi6gEDiw2OCIt2W:ArBy0kXhM5QsIDYBVbgEmlEQW

Score

10^/10

ginp mp74 android banker evasion infostealer trojan

Malware Config

Extracted

Family

ginp

Version

2.8d

Botnet

mp74

C2

http://gunfirebob.top/

http://jackblack.cc/

Attributes

uri
api201

Extracted

Family

ginp

C2

http://gunfirebob.top/api201/

http://jackblack.cc/api201/

Targets

- Target
  
  392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238.bin
- Size
  
  2.4MB
- MD5
  
  e2ee98f1ec1e546acfd90372f4855975
- SHA1
  
  cd0ad67c662d53401d1cfc1cac01e38eef187b7c
- SHA256
  
  392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238
- SHA512
  
  a3f22aeb971b15c40aa2ecdde9d98fba6e6240775770097990871bcd44d594e8511e5bf80cf4cf3845711afdc55b16c0a1b92a80a25b0e9380bc915f5c67648b
- SSDEEP
  
  49152:ALWsSzhcy0kpJD63pfaGHbVQTgAW0DUGWv6+nVTi6gEDiw2OCIt2W:ArBy0kXhM5QsIDYBVbgEmlEQW
Score

10^/10

ginp mp74 banker evasion infostealer trojan
- Ginp
  Ginp is an android banking trojan first seen in mid 2019.
  banker trojan infostealer ginp
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  CertificateWarning.html
- Size
  
  2KB
- MD5
  
  046dd89c427a6a6e87697c62e587c21a
- SHA1
  
  7b57f146cd64eb61158b2296ef813b5051c882bb
- SHA256
  
  6f9f0b68ebaa3383daa1c62dde25420583b763b6748208a78cc876602219453e
- SHA512
  
  3d18ae2c7dd1ce5c8d7e84efb7a73fc2ac68a60fdaa09fca94d4826d587eb505f8f610b08d29664265524d6112a54ce966ba74c1acecfd0a807f20f0e76a68b4
Score

1^/10
behavioral4 behavioral5
- Target
  
  FileBrowser.html
- Size
  
  5KB
- MD5
  
  596a975ab795b86d09e74c867940fc3f
- SHA1
  
  9de4b7e2f9f8f925329e21b746c893b67c14c76c
- SHA256
  
  f0405916651f535e00e4a63c9fd901ea3ce002962ce41fbf9d673d5ba0ad035d
- SHA512
  
  1b3853fff1da83999404fa92437566c60d7068520dd259b38a1bb62c1d1eb08ac4be90146c332b313f8ccd70ae161e7a370cd8ee08472495981a5670bc9bed05
- SSDEEP
  
  96:sQO/NKbtQXrYK4GvIPbamhWJh9p6ME4xPEQwPLfXGOne4FL:slKQMdluzvMiKL
Score

1^/10
behavioral6 behavioral7
- Target
  
  MediaPlatform.js
- Size
  
  4KB
- MD5
  
  6c5ffb83297852c3ab558122f79f6b6e
- SHA1
  
  3ba8590d7931942ab8467262065fd4d9977fcf90
- SHA256
  
  b399e98740713c09e5e87d1aaa8762069cb7c0cac4330ba5d605d3ad940503ea
- SHA512
  
  928c3ad919d8fe4e8f5b4e7114131e177d7517bb478356a5e265ee12ec7a151df4e3d2379bee2eafd81e9a113728fc77e0c1caf3a93f21eb776af90eab9bc045
- SSDEEP
  
  96:zYMEkHp54D9WQDgBvZ4kQijv0R/kbMaNmv0vex8qZe7pKCvWttisqGBnnL:cRkHp54DIQEBvZ9QijtbMaNg0v9qU1Fy
Score

1^/10
behavioral8 behavioral9
- Target
  
  OPENLCS.js
- Size
  
  9KB
- MD5
  
  ef6fc39a0d2d39b69758c1758eb3e43a
- SHA1
  
  b64f47016c6c05cac32d8a83c58080ab9a9d3adc
- SHA256
  
  1eb69b91d748d027bcfefb3adbf1904242e0002587451fb9d1ae5ec588dbe1ed
- SHA512
  
  1d2577947cb449302d75a3da8ea56d504f8029756a6e8e4ed420a3fe5d8efac6f19724281e2b8cc10ec857305b219605a5b646532c4afb335ba0073e6b3216da
- SSDEEP
  
  192:YkkbXoEWaTTnTDrTgkCUcutOB0oF5DOYf/sfkeVSJfQdGjjZBFUa:/Ar/rd1oWYxeVSJ7
Score

1^/10
behavioral10 behavioral11
- Target
  
  POLITICAS.html
- Size
  
  4KB
- MD5
  
  f46056bc8e46659971ce2d3fb24141b5
- SHA1
  
  c3d351783f8ed9d4dba97006c0a55b4c6e6e7926
- SHA256
  
  f95e3e5be63531b79df9bf966b19e33cbe779fbdfdf977f1fd242a487e4b6c1e
- SHA512
  
  9463195227d39e2f4ad729a5319873334171e50045d4ddfea4d2bb2d82aa1c74e244d7dafbfc7195b14fc7f6416b0dda5df589c42797d9d0e97cc59910b53b65
- SSDEEP
  
  96:Fq4oz9/mCDMtr386BFwynS3hlFJ9aMFR/pa85cjl8mOke46eoaqJ608UzGiVaT:FzA9ToouEh3tHZ6FicT
Score

1^/10
behavioral12 behavioral13
- Target
  
  WeReadApi.js
- Size
  
  9KB
- MD5
  
  06332778addf971f1fcd820ab6b61886
- SHA1
  
  99a8ff7f89f1deb905a57890edce7ee30af9ee23
- SHA256
  
  835bbfb93e6f84fccefc5c9e31734c25ca936fc1dd09198aa9df4d6a043d2792
- SHA512
  
  2dc3c7cd74b725506029db0e022887260a85e12d0fa9b762935e9fbd49ca9cb6658a39619737f711673e1cfbcdf321d6822722a4e2afb1ba3144e3ba156d5452
- SSDEEP
  
  192:czRGPAH7LjXtm2UZtnpqs2Gv9Zf63X0A1dSUtEhUUh+3:GbUARj3
Score

1^/10
behavioral14 behavioral15
- Target
  
  YTPlayerView-iframe-player.html
- Size
  
  2KB
- MD5
  
  20d599077968a461fa3213f01702f679
- SHA1
  
  da773a359a6255187c6dff5dddad0ecda7153347
- SHA256
  
  f29b93839eb1a6d2384d717b071b93f418f1612d3a55aa60df681b2839896154
- SHA512
  
  476ddf393afa973e7146d8dc9f3f83a51187695e1dd7015c65605c713f02990592aefba82e73137a3067c9f3c583209fd57bf6674c7923459ae012700966270b
Score

1^/10
behavioral16 behavioral17
- Target
  
  angular-translate.min.js
- Size
  
  20KB
- MD5
  
  2bc05f5304f479d6f7d362d71b12c6e6
- SHA1
  
  9fe2fbb51983a56cb0c38f206d2199c66a05d8c1
- SHA256
  
  ce8bcbd11d35627a3286e9a8656b0e8a5bba0a48bdcab03cd5394c802830ef17
- SHA512
  
  022e2cce2f7506115e44e30f37956b78cf20b8d4f6ff232f29a80d5f772b27132e87ccd28c7cd2a242922211e33a6c2a451baca89936e23ac99f7d52a30482af
- SSDEEP
  
  192:5QIqRmP8YZBmQIqH1SVXGHbi9gl6CYWPiHv7Ui0fqEmRpoSn1Q2LI0Nn/09GbVOh:5EQIqHsVQ6CU7Ui849n35/0o0O93Y
Score

1^/10
behavioral18 behavioral19
- Target
  
  angular.sanitize.min.js
- Size
  
  5KB
- MD5
  
  dcdddd1980ed1ff84b84461dd3bfabb2
- SHA1
  
  0694b7ae45016c90e56edc5f1a0ae7f280ae7466
- SHA256
  
  1662627713909c4114002e4a424a9994dec43243608deb18a41ef72722af41fa
- SHA512
  
  68771fd390e64d25f04e70e51daaa50bdc3f4dda0c471f2da0d469fc5d1de7c795635c1cce9f8ade853e01a9674818132ba5a02e4497567d89a71db8687080df
- SSDEEP
  
  96:+lcmIMNhhHuZ2aVY8avsMBML+T0zmVVwghu2GiMUey4M/evu62YJy/5T/GzRJ:+DluZ2aVZesMmaozmlhu71U3eRJ65T/+
Score

1^/10
behavioral20 behavioral21
- Target
  
  apimiddleware.js
- Size
  
  5KB
- MD5
  
  21c6abf37087ff1e72b4cc9c420ce97d
- SHA1
  
  24826c9ae7af5521bd066b6eb40b4495215a2e16
- SHA256
  
  b5f777fcfc7d06049991393aecb6242a2d3bd6b41e2e7778ef25c4a18dca7c4b
- SHA512
  
  d8296b7a4688745aeba33e18b65bd865e5bc72103e063a83a8c4a3562141e5b22ab757a8bc641d38b362cca054239efdf0fda3c8c305964e04bed67d99b665f4
- SSDEEP
  
  96:FAksZ3JTHUpdngKJn2dSXkv95gabj2qG/1j7y1mJYQiQq:/jV1XkFia6hO1m5q
Score

1^/10
behavioral22 behavioral23
- Target
  
  app.js
- Size
  
  1KB
- MD5
  
  dc1405a24150a7c2289a679565f778c7
- SHA1
  
  35216e9df7ac5cf107b6a1a0a4d0aff08b17e82c
- SHA256
  
  9504420ab57b1eceffc6ed64c59431fba40eafdd3292448a590ec88e0c51ba35
- SHA512
  
  3078db971a8974925abc5e5f26e1144e59dbe88a1ddbc5d9724fd81f02be17759fe2d4b9274c4eac31386c84bf6c359946e4034811e8a5c0855fcc33dfad0c7f
Score

1^/10
behavioral24 behavioral25
- Target
  
  base.bundle
- Size
  
  3KB
- MD5
  
  8798336f40c45168569ecf541dc7e5e5
- SHA1
  
  31e31f7e2116b320f1f17a673ccfbf0ec51a3091
- SHA256
  
  4531d092f42a39e8fd6fccdcdba3d290c07d86afd415db39a7be84026e8b0399
- SHA512
  
  121521cf01bc68499fdb1d62a6f0afe2c986cac048f7412f5488f8c1dbc4a83842fb1fbb76e3197c44e220809d79dcdf57c9aa44d2fdda590aaee61bd750cc6c
Score

1^/10
behavioral26 behavioral27
- Target
  
  blank.html
- Size
  
  61B
- MD5
  
  974b6ce2c0efceca370033373e13a48f
- SHA1
  
  30b9a598a4e7f639a8c7937191aa27fe2b4b329b
- SHA256
  
  d70369ea01b52f3491844cb84125a5bd31556df3ae16e1c0ff1503c2655748b7
- SHA512
  
  41fd25cebabc5b08a88b6ce2fb8a82bf543d66ad2e5793d24cdc4504350c42335e2c2a2d2b14022ac42113a892864714a8074a33c0242542127347aa2f9fa390
Score

1^/10
behavioral28 behavioral29
- Target
  
  bootstrap.min.js
- Size
  
  36KB
- MD5
  
  26412a9ee704fb23bb3d8cf69b353c29
- SHA1
  
  50386fec416483c063a6fc3c900c649e2c154dfc
- SHA256
  
  575115c40a171b327ad17e90cad7a3632845727fabaf5b750d6bd30093ac3065
- SHA512
  
  52f3fb3d3989ee441a7b6c264ae8f258d6f3a99aededf3b97ec2db95b364b6c8316e3ce32904288a64546898c96a6ad112d2aa7d007fa27c1e12e741d12c2b6f
- SSDEEP
  
  768:4UfYD27UwlNHMl9lqNuCPNjhqg8epm5CCJFXflA8Gf3ZTb6:z/76whqKGvlm3ZX6
Score

1^/10
behavioral30 behavioral31
- Target
  
  chmod.js
- Size
  
  3KB
- MD5
  
  8875cda26be6d962fdba9aa908d819fd
- SHA1
  
  478e0e883e562cafb92c7f6c4ea952782d32127e
- SHA256
  
  53b4663c755026617b1b199737a71d6f363baea1743f14ff8c535542436f6d2f
- SHA512
  
  3a0217ec08e5c5525c4a18702d6aae20d80590b268cdcc1ca182808b05529f01242a9b7739f75432546afab29be9ce64f675d4b78313922d4575332691a5a0a3
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ginpmp74bankerevasioninfostealertrojan

behavioral2

ginpmp74bankerinfostealertrojan

behavioral3

ginpmp74bankerevasioninfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32