Analysis Overview
SHA256
05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
Threat Level: Known bad
The file 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-02-21 09:55
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-02-21 09:55
Reported
2023-02-21 09:56
Platform
android-x64-arm64-20220823-en
Max time kernel
1936119s
Max time network
15s
Command Line
Signatures
Processes
com.royalmine.jdsxcr
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | tcp |
Files
/data/user/0/com.royalmine.jdsxcr/files/.fstreaming/fInProgress/currentFile
| MD5 | 93fa5c9e9de2351fe7fc162c5a3deb45 |
| SHA1 | eb45f6f5c33f80925eb73cb42173cd307858db27 |
| SHA256 | 186f2ed61ba8c1542d555ed2e18906b16b0e2be3f758d848b1240ba5e143d280 |
| SHA512 | 65988889825735318e6467df2ff6c0256e856ab807030c077dc84039166048dfa190e194bd88a5dce5b342671643b76d156100052f0376e2e5f35647b590a9c8 |
/data/user/0/com.royalmine.jdsxcr/no_backup/.flurryNoBackup/installationNum
| MD5 | b9dc49cb126138024197650fd6fce8ef |
| SHA1 | 76d8b74665e80629aed5089cde0c7a89f223f792 |
| SHA256 | eea16d9a6273a06ee923aa51b440efbe2d1cae15ff127920bccd4a4028670c26 |
| SHA512 | 82d9f8350831caa9bd4277b618697ba4be506e47c8819a9ba26a92945588741a64bc6d97443b458ad758ae81f25af3aa19a910508650153ed8b5fdead17d3ddd |
/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/com.royalmine.jdsxcr/shared_prefs/Setting.xml
| MD5 | 96f9fdcab20f6437096bde163ae5ad22 |
| SHA1 | 4be7ccaa0c70c387763b649940a09fd938b046d2 |
| SHA256 | bf93f5be3d08486d4790370df4efb47c1a065ebd016b489caa467939412ce577 |
| SHA512 | 0a036336d225e30f3c5e43f1739693e7dad06efa3e38fef1c2f54346dd8cc40c7516968ca36cc6caa393ed7e2fd5d3bfe010a6a8445e17c6d9c92377069f00f4 |
/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 9fd193943da914ec393070cefb7f5ec7 |
| SHA1 | b74942f5643d1ff31f9ab0a103dbba88d774c8d7 |
| SHA256 | ed2d1944ab976b41b1d48b5a7772ff4cce600512d08e76a0dfda774b254c0aec |
| SHA512 | dc6d2575cec5a25bcc3bd6033aa23ebca4e5e3280eb13dd05e1537b65d8cae255a5280dbd90bd8ae71b46b016bcec306579761e4903cac8c8cea299d391c2794 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-21 09:55
Reported
2023-02-21 09:56
Platform
android-x64-20220823-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |