Analysis
-
max time kernel
179s -
max time network
188s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
01-08-2024 22:03
General
-
Target
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367.apk
-
Size
3.2MB
-
MD5
1b2373f564e753a89759dad9ebef7881
-
SHA1
a76e21464c04c7fffb0ebe6422c16eb12bce58a7
-
SHA256
b698518ac071ba29e81ab8ebba49c364f5e8e7392e0c7814eb16ed9ab5735367
-
SHA512
2a1f677f52201f2ce70f65b5028680504d7186dfe1eb49361714932b7402c58156432d96e2830e49b194e5f07abc8bee8f2d99063ef619902ac53e16dad2ade3
-
SSDEEP
98304:VDhdjz8JfSdyXBilBrY1dzpIeQzL8ynPLmBFqno45U:/dj4JKdyXWBQ5QzIumx4i
Malware Config
Extracted
ginp
2.8d
mp72
http://sweetseventeen.top/
http://jackblack.cc/
-
uri
api201
Extracted
ginp
http://sweetseventeen.top/api201/
http://jackblack.cc/api201/
Signatures
-
Ginp
Ginp is an android banking trojan first seen in mid 2019.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes
-
appear.shaft.uphold1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
418KB
MD59041c15d5965b11f1a841ce8a7c388ad
SHA1b9acc1b33291878409ba4060fb554fa2b9a8b3a5
SHA256c108fe547e30f4c72aa0e3c522347a63f52b63d539b6f699bedcc2d789d87901
SHA512c136b5214fd62203160d1d648e1a23142d11d1fecfff14c3867eb65a089f29968fe8a347736d015d0d2d64ee6cddd9d96a0c883804b913a1544d3ce49d8c0212
-
Filesize
418KB
MD56be6f93b229d65858d93172f04cf3582
SHA1ecdf8dccb82f0bafe49655da0dd6b5e775ba5877
SHA256ac66df32152bcd1f27decde4bb92068703113dc833a1e94395c73a967f21be86
SHA512d72ea79302e81453e6974bd26950b5034a2e0e954f85b3091bff5c8142232de9f80be85833f6d8dd8c366ba18f4a912487a50486bea1cff3d674150fffe6d88f
-
Filesize
350B
MD57e797406b11cc81e52087d6de94f2a14
SHA107b497fd23b16af47359b5a7c68e9f61ff20d1e4
SHA256c709328b8427f54296bcfbce566d3bc37022ef3804ad352a650166e521b78230
SHA512e0d12dacb46141abdee24c0d091891ab39097764f35176d5ea26b6509e8238456094267a13741110c6ea19fbc452fe82d1e245e6c8591967c528f9359e6de65e