Malware Analysis Report

2024-12-01 22:19

Sample ID 230221-lx4m7aed29
Target 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
SHA256 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc

Threat Level: Known bad

The file 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-21 09:55

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-21 09:55

Reported

2023-02-21 09:56

Platform

android-x64-arm64-20220823-en

Max time kernel

1936119s

Max time network

15s

Command Line

com.royalmine.jdsxcr

Signatures

N/A

Processes

com.royalmine.jdsxcr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp

Files

/data/user/0/com.royalmine.jdsxcr/files/.fstreaming/fInProgress/currentFile

MD5 93fa5c9e9de2351fe7fc162c5a3deb45
SHA1 eb45f6f5c33f80925eb73cb42173cd307858db27
SHA256 186f2ed61ba8c1542d555ed2e18906b16b0e2be3f758d848b1240ba5e143d280
SHA512 65988889825735318e6467df2ff6c0256e856ab807030c077dc84039166048dfa190e194bd88a5dce5b342671643b76d156100052f0376e2e5f35647b590a9c8

/data/user/0/com.royalmine.jdsxcr/no_backup/.flurryNoBackup/installationNum

MD5 b9dc49cb126138024197650fd6fce8ef
SHA1 76d8b74665e80629aed5089cde0c7a89f223f792
SHA256 eea16d9a6273a06ee923aa51b440efbe2d1cae15ff127920bccd4a4028670c26
SHA512 82d9f8350831caa9bd4277b618697ba4be506e47c8819a9ba26a92945588741a64bc6d97443b458ad758ae81f25af3aa19a910508650153ed8b5fdead17d3ddd

/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/com.royalmine.jdsxcr/shared_prefs/Setting.xml

MD5 96f9fdcab20f6437096bde163ae5ad22
SHA1 4be7ccaa0c70c387763b649940a09fd938b046d2
SHA256 bf93f5be3d08486d4790370df4efb47c1a065ebd016b489caa467939412ce577
SHA512 0a036336d225e30f3c5e43f1739693e7dad06efa3e38fef1c2f54346dd8cc40c7516968ca36cc6caa393ed7e2fd5d3bfe010a6a8445e17c6d9c92377069f00f4

/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 9fd193943da914ec393070cefb7f5ec7
SHA1 b74942f5643d1ff31f9ab0a103dbba88d774c8d7
SHA256 ed2d1944ab976b41b1d48b5a7772ff4cce600512d08e76a0dfda774b254c0aec
SHA512 dc6d2575cec5a25bcc3bd6033aa23ebca4e5e3280eb13dd05e1537b65d8cae255a5280dbd90bd8ae71b46b016bcec306579761e4903cac8c8cea299d391c2794

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-21 09:55

Reported

2023-02-21 09:56

Platform

android-x64-20220823-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A