Overview

overview

10

Static

static

6

b267bca20b...18.apk

android-9-x86

10

b267bca20b...18.apk

android-10-x64

10

b267bca20b...18.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    16-06-2024 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b267bca20bc365a9e7529eb217bd0e9c_JaffaCakes118.apk

  • Size

    1.4MB

  • MD5

    b267bca20bc365a9e7529eb217bd0e9c

  • SHA1

    a686bc3454fd57796653590e3ddd34783d1f04af

  • SHA256

    e10099c6468ad5c05ff606e2a03780ba424696380bbb4c6dacd005fe46f11b99

  • SHA512

    8b750202ec9e2ee22368c0fe2a47657a388eb0c2c44d9a5caaf65960a49f38e40ee2e4cec631709780111b6e3ff989d23fb6d3d3a22ac5f579c5cd3835d5d169

  • SSDEEP

    24576:ymPMupbe+lGFxxPJxhqY5INn+d04bs7OFnac4s3UIuiZEfEvON:xMupvl90d04bsSFnb43rxfEve

Score
10/10
ginpmp-4bankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

ginp

Version

2.8c

Botnet

mp-4

C2

http://wingaffordnasty.com/

http://change923.ru/
Attributes
  • uri

    api147

Extracted

Family

ginp

C2

http://wingaffordnasty.com/api147/

http://change923.ru/api147/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

    bankertrojaninfostealerginp
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery

Processes

  • jffgxrlkjcrsqz.igtddgdtxbtarzhxar.nglslmkxojhkmfclysafamyleu
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    PID:5055

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/jffgxrlkjcrsqz.igtddgdtxbtarzhxar.nglslmkxojhkmfclysafamyleu/app_DynamicOptDex/hf.json
    Filesize

    374KB

    MD5

    a9885271de91b6664fcb40e3e268139e

    SHA1

    a9c4fa498a09e17af468b8391af40f5167f95aa3

    SHA256

    64e625bb0f9c7d18680d8444b48087f3c0a316c35c6fdccb0a264e0850783f60

    SHA512

    c9be0b53ccb0ce2b80fab0783284fb0dac34fb037db819f5f71e248f04427a3847eadfda890d43f76cfe902619958f3dbde1c5d85846f12a3f792bb37b8dedde

    Download Submit

  • /data/data/jffgxrlkjcrsqz.igtddgdtxbtarzhxar.nglslmkxojhkmfclysafamyleu/app_DynamicOptDex/hf.json
    Filesize

    374KB

    MD5

    54de7eab470a4eabc743f3c0bb35ac26

    SHA1

    94b20038a9a917f7c95674aa18ef8315203c0e6c

    SHA256

    0741f08f9ea71be64feb1eb6388922a822e60bbeaf2901810d90d89e02a44388

    SHA512

    35021a8b3aa58a2e7861fbe8ba67ad942d5f5a2019edceef05a88e745e5e735025a7be983f8589892be9037bb65eb8d400bcaac253a8ed5cdfda3e5b86497d0f

    Download Submit

  • /data/data/jffgxrlkjcrsqz.igtddgdtxbtarzhxar.nglslmkxojhkmfclysafamyleu/app_DynamicOptDex/oat/hf.json.cur.prof
    Filesize

    405B

    MD5

    39fc06f9ac06a570afd7eb9d9b635a4c

    SHA1

    9c4fb29cd0cdaed3e7475695d61a3bb24332a501

    SHA256

    9ca21ef097db46dcbfe604eb5cae26ffde839df0f05e05fc2e8b367c12db24e4

    SHA512

    76d813a9ff84836d2ad7a7e48233ce89cd63540b02e1f2b0a6a1c4abf69f24119d3e1a89dd82904f23a69a802a711433ae289a641f9686093cc82f4c1a0010ad

    Download Submit