Malware Analysis Report

2024-12-01 22:19

Sample ID 230219-d58m4sea2x
Target ShopeeTH_no.apk
SHA256 d5e2cc1b4c7c0aa843267e0aa833c36f19bec5d1ebd1a3152da30a8265c99b1e
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d5e2cc1b4c7c0aa843267e0aa833c36f19bec5d1ebd1a3152da30a8265c99b1e

Threat Level: Known bad

The file ShopeeTH_no.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-19 03:36

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-19 03:36

Reported

2023-02-19 03:37

Platform

android-x86-arm-20220823-en

Max time kernel

1736985s

Max time network

13s

Command Line

com.optsimoroute.optimoroute

Signatures

N/A

Processes

com.optsimoroute.optimoroute

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.36.42:443 infinitedata-pa.googleapis.com tcp

Files

/data/user/0/com.optsimoroute.optimoroute/no_backup/.flurryNoBackup/installationNum

MD5 c7578d629f8345e1d7725ba6ea9d1036
SHA1 5fcd27bcf1519cb409d24fb02c1aeee573a49309
SHA256 94c8ad7f844a2cb3e128d64d528b39da9b0fdd659f61217d043d8d32d45c4696
SHA512 61a5a1d48cb9500decb07c3fabbdb0ba87cf588339ecbb74cc2be1912282e143b29327fcba7b48facc1b6ea98a57446da69244ba8d0f994f97a42596a130218e