General

  • Target

    1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.bin

  • Size

    2.7MB

  • Sample

    240806-1z3w1awbqd

  • MD5

    4429db8d2ccc93686bb64ea88e1de583

  • SHA1

    78ac0bba6aab7e94466050d9c3ddedb7d276ec94

  • SHA256

    1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31

  • SHA512

    1e1e596bca6b9085ad9d87bdb34ad6a3287a7a81970e560a832f872a20a8ff6f41edbc43f63457009356eb1d290702cda5df9dcd219bc299cb40628c7d07765b

  • SSDEEP

    49152:RfMZIxKJf80Ca6QEl+mHsk7YG82yvH/4WJSKXXOQurvFfB+bH7IR4oWYe3a:RUZNE0CaG3H+b2yvHAWJSY1uD5BdzY3a

Malware Config

Extracted

Family

ginp

Version

2.8d

Botnet

mp43

C2

http://sorryfordelay.top/

http://silverball.cc/

Attributes
  • uri

    api201

Extracted

Family

ginp

C2

http://sorryfordelay.top/api201/

http://silverball.cc/api201/

Targets

    • Target

      1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31.bin

    • Size

      2.7MB

    • MD5

      4429db8d2ccc93686bb64ea88e1de583

    • SHA1

      78ac0bba6aab7e94466050d9c3ddedb7d276ec94

    • SHA256

      1467d2ecd513e319a32c42d85d6087cc4c6d0e5f7460bd0c2c997b86a56e3c31

    • SHA512

      1e1e596bca6b9085ad9d87bdb34ad6a3287a7a81970e560a832f872a20a8ff6f41edbc43f63457009356eb1d290702cda5df9dcd219bc299cb40628c7d07765b

    • SSDEEP

      49152:RfMZIxKJf80Ca6QEl+mHsk7YG82yvH/4WJSKXXOQurvFfB+bH7IR4oWYe3a:RUZNE0CaG3H+b2yvHAWJSY1uD5BdzY3a

    • Ginp

      Ginp is an android banking trojan first seen in mid 2019.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Requests accessing notifications (often used to intercept notifications before users become aware).

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Requests enabling of the accessibility settings.

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.