ginp | b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2 | Triage

Submit
Reports

Overview

overview

Static

static

6

b9aaea12b1...d2.apk

android-9-x86

b9aaea12b1...d2.apk

android-10-x64

b9aaea12b1...d2.apk

android-11-x64

Sharing

General

Target

b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.bin
Size

2.7MB
Sample

240220-1xl6gafe4w
MD5

7b6ecf573f7972d9bc594172e36cf3d8
SHA1

4e9eb1094a7d9ca54dadf72a376a2ed264c1a923
SHA256

b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2
SHA512

cd0037fd9ce90b1f22ce32e74b8520c508dbe34e98e29fb6cf8af4a82f7eac190a2b3c5dd3fa9125d6db1e9f8cb767314c01ccd87480439c9916e07e3d878365
SSDEEP

49152:D7HKtFW7IKP5Wb3LFNvWkeglhpQf/vfnOmpeTzRnYBo/YE1ZuBoi:D7q67I25WzLTepPOC8RnYC/YEZc7

Score

10^/10

ginp mp15 android banker evasion infostealer stealth trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk

Resource

android-x86-arm-20231215-en

ginp mp15 banker evasion infostealer stealth trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk

Resource

android-x64-20231215-en

ginp mp15 banker infostealer stealth trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.apk

Resource

android-x64-arm64-20231215-en

ginp mp15 banker evasion infostealer stealth trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

ginp

Version

2.8e

Botnet

mp15

C2

http://wholepartyhere.top/

http://insideluck.cc/

Attributes

uri
api202

Extracted

Family

ginp

C2

http://wholepartyhere.top/api202/

http://insideluck.cc/api202/

Targets

- Target
  
  b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2.bin
- Size
  
  2.7MB
- MD5
  
  7b6ecf573f7972d9bc594172e36cf3d8
- SHA1
  
  4e9eb1094a7d9ca54dadf72a376a2ed264c1a923
- SHA256
  
  b9aaea12b136cbab6e9692470a268ca18c9a8bb4fb505fef775e73b7ce110dd2
- SHA512
  
  cd0037fd9ce90b1f22ce32e74b8520c508dbe34e98e29fb6cf8af4a82f7eac190a2b3c5dd3fa9125d6db1e9f8cb767314c01ccd87480439c9916e07e3d878365
- SSDEEP
  
  49152:D7HKtFW7IKP5Wb3LFNvWkeglhpQf/vfnOmpeTzRnYBo/YE1ZuBoi:D7q67I25WzLTepPOC8RnYC/YEZc7
Score

10^/10

ginp mp15 banker evasion infostealer stealth trojan
- Ginp
  Ginp is an android banking trojan first seen in mid 2019.
  banker trojan infostealer ginp
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ginpmp15bankerevasioninfostealerstealthtrojan

behavioral2

ginpmp15bankerinfostealerstealthtrojan

behavioral3

ginpmp15bankerevasioninfostealerstealthtrojan

© 2018-2024

Terms | Privacy