Malware Analysis Report

2024-12-01 22:18

Sample ID 230221-lxwycaed27
Target a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
SHA256 a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612

Threat Level: Known bad

The file a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612 was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-21 09:55

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-21 09:55

Reported

2023-02-21 09:56

Platform

android-x64-20220823-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-21 09:55

Reported

2023-02-21 09:56

Platform

android-x64-arm64-20220823-en

Max time kernel

1936115s

Max time network

16s

Command Line

ru.yandex.taxi

Signatures

N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
DE 142.250.184.234:443 udp
DE 142.250.184.234:443 tcp
DE 142.250.186.174:443 tcp
DE 142.250.186.174:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.8:443 ssl.google-analytics.com tcp

Files

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 ab056a00c61e948cc5de879c3721063d
SHA1 dd8a8ec9a29e3cc8bf6d39708a62756364629120
SHA256 c121681e46dc1221b159b65db86c05b1275d33faace252c5a1ed74e06593e2c4
SHA512 45d9bb04778d4627e031efd000b50824a97ada63c7679405282b2a3df3b77db55cadafc099179433cfa71b9359eb677e0f5f69a6d66befac08b08e1b505d50c5

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 218ff230370f21512ce252e96d6de94e
SHA1 7891ac6741a7d8786c0d5e74fccdecd10ddcafdc
SHA256 afac089c0d8dedb64ce79de969d34d7d1cc6a3e183b80ff46cb6e42761135175
SHA512 6c0b0b311664245aa3946234704be7d7e45f3c50f0c6b66107abc46fe46466f4536613a70bd4303a73c0b2b08d2b09c85c63bf2b4264efa8710912b8e2576e2c

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml

MD5 080b75c5d1e66e447b9bd42837aeb31b
SHA1 85e78634419ffc23351ba0828e5fc29b1a3f13c3
SHA256 e36b392e6eca258c32bb61d0498cd60d17d0b8c3b1eb8f9bdbe1cac5d51a4d92
SHA512 784004789dfddedc027ad67a2e938098108fe9e87c9810d46afff4ca7d6d89194d0f23102776c1dd1f0354c5f9aaebe349d01af79460778f7c554b5c19319c9f

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 ff4cf87396bf3045b739983b95fb10d3
SHA1 c628e32963235efdaa5ece4e119fc780577cf1ca
SHA256 49bdb50810b2f74b9717bc959ebb7357250d9dd1d26b32977a940216fc8355c7
SHA512 123aafb84b3c68ee39067e909eb9553f4a396b82ecebc08413c14b5345cf3347d00698f77281104da7242760646b9c181b65c66101e9ce9a6a96feef39bbf769

Analysis: behavioral3

Detonation Overview

Submitted

2023-02-21 09:55

Reported

2023-02-21 09:56

Platform

android-x86-arm-20220823-en

Max time kernel

1932515s

Max time network

15s

Command Line

ru.yandex.taxi

Signatures

N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 d7d0f3b8ba75c75c4f0ef13cf30ed20f
SHA1 e43bcbbe8db9194813a157c20d802c6fb25b583d
SHA256 6303ae32d59815d1dd562fbd86ddaa3a37f052df9a2f20ce5f77fa33103cda41
SHA512 77d430a2e6af88d767d7d8b602452ce1f6e91c2703d97c09872b69fbc7d2fa43ab4a88d0c7638287d4e555d0548e5db077e7d04e9441833befe215b50d2ba29d

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e