Overview

overview

10

Static

static

6

996de5da04...65.apk

android-9-x86

10

996de5da04...65.apk

android-10-x64

10

996de5da04...65.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    06-08-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    996de5da046786cf585f6ce5fb9ee4446f3afeaac699823506f741a5e55b8665.apk

  • Size

    1.9MB

  • MD5

    dc3567738517d6a03e41efb4fb842e0c

  • SHA1

    eed9c5df2f65b4367c382fd7b96885557c12e1e9

  • SHA256

    996de5da046786cf585f6ce5fb9ee4446f3afeaac699823506f741a5e55b8665

  • SHA512

    a87b475f3d9534bba32aa37763342faa4adea913704f2d7f40baa238e0c592fcfeadd39ef1c395303d795a45511c727536acec6292881ebea98cf8d8a9c5a236

  • SSDEEP

    49152:/Y+h/sOIUfmmGKPepQl0eLYtBDbv4OzSUAhi4dEe0nc+X:/Y+h/sRUfmmGKB03bv45USPdEeC

Score
10/10
ginpmp14bankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Extracted

Family

ginp

Version

2.8d

Botnet

mp14

C2

http://windowtint.top/

http://beastmode.top/
Attributes
  • uri

    api201

Extracted

Family

ginp

C2

http://windowtint.top/api201/

http://beastmode.top/api201/

Signatures

  • Ginp

    Ginp is an android banking trojan first seen in mid 2019.

    bankertrojaninfostealerginp
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery

Processes

  • walnut.minimum.cushion
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    PID:5005

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/walnut.minimum.cushion/app_DynamicOptDex/oat/yjM.json.cur.prof
    Filesize

    308B

    MD5

    7178a9b9d7caf6fd644fc331022e64a4

    SHA1

    01a1af3198b4bf7ce78c167d56f9f1fb840ba3aa

    SHA256

    a02b0138c43b6d6ccb5aa305128dfd7f4fa59a9015657ed510ea6a0fe747c669

    SHA512

    9f13d86b838472bdc6cf1b523805a2c09ff1f6d9469fb1fe2c7922449680478d8c5b5c6394e3f84f7f7bf9cc0ba73239207a90408985769495e81e2c5e66b874

    Download Submit

  • /data/data/walnut.minimum.cushion/app_DynamicOptDex/yjM.json
    Filesize

    384KB

    MD5

    68ca7b957db260782067fec25b7a09de

    SHA1

    c62dcb481748549bec193ad088cfef9b8e7d2026

    SHA256

    4ed7c82954a5384fc5d5a1ac81dd35452360a6c2dc5b737990c908ebec77ff85

    SHA512

    b778a678bd14a417a956020d54b1c67a6442dbec101528128743bd546f7c4f0d715905eebc5c80ab7e1bbcb54e43b1451bd4c20829fcce6a790cc4980cc05b28

    Download Submit

  • /data/data/walnut.minimum.cushion/app_DynamicOptDex/yjM.json
    Filesize

    384KB

    MD5

    4cb3cb0123b1a4e4d99b72fd32bf43a7

    SHA1

    1991593edab633d3011a3724faac33839068076d

    SHA256

    15a2a9a85cbc9539d99a77bb047914b255906094e3d08d2ece7d208bf8b5014f

    SHA512

    7816b82595278750d9db4e37e5d0834a240bc619523efdb9a76a591bf7e0d354fa53ac9e782e92a232bb7e3521b5aabc4596fd2293d9ab2c81a1a9935c9f80a0

    Download Submit