Skip to content

Hide Navigation Hide TOC

Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b)

Ginp is an Android banking trojan that has been used to target Spanish banks. Some of the code was taken directly from Anubis.(Citation: ThreatFabric Ginp)

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware 1
Ginp - S0423 (6146be90-470c-4049-bb3a-9986b8ffb65b) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2