Overview

overview

10

Static

static

7

f1625cee7c...40.apk

android-9-x86

10

f1625cee7c...40.apk

android-10-x64

10

f1625cee7c...40.apk

android-11-x64

10

chrome_100_percent.js

windows7-x64

1

chrome_100_percent.js

windows10-2004-x64

1

libglog_init.so

ubuntu-18.04-amd64

libglog_init.so

debian-9-armhf

libglog_init.so

debian-9-mips

libglog_init.so

debian-9-mipsel

libjsinspector.so

ubuntu-18.04-amd64

libjsinspector.so

debian-9-armhf

libjsinspector.so

debian-9-mips

libjsinspector.so

debian-9-mipsel

libvlcjni.so

debian-9-armhf

Analysis

  • max time kernel
    4214779s
  • max time network
    82s
  • platform
    android_x64
  • resource
    android-x64-20230621-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
  • submitted
    15-08-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1625cee7ce79d2ee091fddf945521c71d2dd911af433ca428599fcd83fbf040.apk

  • Size

    2.2MB

  • MD5

    eeac92bd85ce492fbd37f7c3e2f02631

  • SHA1

    d762a88b8c5efa5652fe7c258d4dec44bdd8a03c

  • SHA256

    f1625cee7ce79d2ee091fddf945521c71d2dd911af433ca428599fcd83fbf040

  • SHA512

    d855e104536f4b41b71c36913198b3dcf10bd9eac3649784bb604333cd097ff471348a41f6f12a0a8c9d7eb005c33ccabfa1472e9de144b75731cfdeb4b96ab8

  • SSDEEP

    49152:b7GeiwVInbeuao9Off4/DuGPJ3ZfMu6SxO+zqlPAhu:b7Ti2uaf4/DueZku6EZDo

Score
10/10
ginpmp31bankerinfostealertrojan

Malware Config

Extracted

Family

ginp

Version

2.8d

Botnet

mp31

C2

http://pottershat.top/

http://dopestteam.cc/
Attributes
  • uri

    api201

Extracted

Family

ginp

C2

http://pottershat.top/api201/

http://dopestteam.cc/api201/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

    bankertrojaninfostealerginp
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • toast.rebel.dove
    1⤵
    • Loads dropped Dex/Jar
    PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/toast.rebel.dove/app_DynamicOptDex/XB.json
    Filesize

    380KB

    MD5

    8a5a18bb9dea5eb83ff1746c0a0c343d

    SHA1

    ec005efa785a2f7953492b22b5be5ca37eb961f1

    SHA256

    baa990b3acebeb944f9b74a944897797118cedeb3b67b040f91ad781999e5311

    SHA512

    83255d9f4332a67c335c6873095e7fd01ec0da080b791f414e10bf52fcc06a0999c582deb0cf1f4c4f3e3039639f4c89fd4392dd5f4b601f593d44ac74826a97

    Download Submit

  • /data/user/0/toast.rebel.dove/app_DynamicOptDex/XB.json
    Filesize

    380KB

    MD5

    2ee3515fa3f34fd24a2b6a11578626b6

    SHA1

    4b4debd0ab2df85c4c28261818cb5a7c9a85c762

    SHA256

    607491fcbd43ea5bd9b2a0ed43bb468a9f2dfd50fb01ed2b1d1c75d474f1425e

    SHA512

    5d2b4b623adb6796afd3f19c71b0e650a1e22d2f3c7ce1b56801464f350271aba7fe75fe7a425d1279943f82fa400801f5bf97a122cbd629dbd0f2a78466e838

    Download Submit

  • /data/user/0/toast.rebel.dove/app_DynamicOptDex/XB.json
    Filesize

    380KB

    MD5

    2ee3515fa3f34fd24a2b6a11578626b6

    SHA1

    4b4debd0ab2df85c4c28261818cb5a7c9a85c762

    SHA256

    607491fcbd43ea5bd9b2a0ed43bb468a9f2dfd50fb01ed2b1d1c75d474f1425e

    SHA512

    5d2b4b623adb6796afd3f19c71b0e650a1e22d2f3c7ce1b56801464f350271aba7fe75fe7a425d1279943f82fa400801f5bf97a122cbd629dbd0f2a78466e838

    Download Submit