Analysis Overview
SHA256
05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
Threat Level: Known bad
The file 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-02-22 18:50
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-22 18:50
Reported
2023-02-22 18:51
Platform
android-x64-20220823-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-02-22 18:50
Reported
2023-02-22 18:51
Platform
android-x64-arm64-20220823-en
Max time kernel
2054650s
Max time network
14s
Command Line
Signatures
Processes
com.royalmine.jdsxcr
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 172.217.168.226:443 | tcp | |
| NL | 142.251.39.102:443 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
Files
/data/user/0/com.royalmine.jdsxcr/files/.fstreaming/fInProgress/currentFile
| MD5 | 11cafc71536b297df2410d49d256716f |
| SHA1 | 7082e470de5668b902cf30de77979148cfb18b61 |
| SHA256 | 56a2bfb5a66d4adc0a0c1886f1e2052c0a3914aeab0b3f96c62e2a6ca799f6f9 |
| SHA512 | 8dfd3a8699578bdd5ca4c38bb8bef206a89d29bdbbb1200fb290c5dff19ae365947c31c6eedf28174de2aaccda7da4b615527c6c01fbee54d95ca2d98bcb8cda |
/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/com.royalmine.jdsxcr/shared_prefs/Setting.xml
| MD5 | bb4441e2e1e3964820e4dd318f95660e |
| SHA1 | 3cdd9fea1a387bd2d4dd6961ca235be24ecad1e4 |
| SHA256 | 04ee99f8bd62d35045b032150f5beef55f76e13d1597900ffba87d74027e9752 |
| SHA512 | 2a490a054dc0bb4480b51c35789460515687cacee591f0671215858d9e11818d5c05cdf182455ac68c07318bd8b2542df5faa14483424e62531bb64f4e2d344d |
/data/user/0/com.royalmine.jdsxcr/no_backup/.flurryNoBackup/installationNum
| MD5 | a7606fe388b6ec9e2aee8838d641accb |
| SHA1 | a68112681630dd43e51963cc9d80d09b257e6892 |
| SHA256 | 430615e1168e6d38739e42fae8567b3eb1eede2f680b72873082530ff90cc8f6 |
| SHA512 | 9f4c33bc50930f2739aff4a6682b1d25a44960a54ed6e21cd329116842c79a47d5979e8cf67fede230f59b620624f2d9fc17b9fe43fe405225811590249862a1 |
/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 9fd193943da914ec393070cefb7f5ec7 |
| SHA1 | b74942f5643d1ff31f9ab0a103dbba88d774c8d7 |
| SHA256 | ed2d1944ab976b41b1d48b5a7772ff4cce600512d08e76a0dfda774b254c0aec |
| SHA512 | dc6d2575cec5a25bcc3bd6033aa23ebca4e5e3280eb13dd05e1537b65d8cae255a5280dbd90bd8ae71b46b016bcec306579761e4903cac8c8cea299d391c2794 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-02-22 18:50
Reported
2023-02-22 18:51
Platform
android-x86-arm-20220823-en
Max time kernel
2051048s
Max time network
11s
Command Line
Signatures
Processes
com.royalmine.jdsxcr
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
Files
/data/user/0/com.royalmine.jdsxcr/no_backup/.flurryNoBackup/installationNum
| MD5 | 49898f8b35400fd58776801bf9a9723a |
| SHA1 | a131eba6a613ede026ec3d0c58505997d3e76d3e |
| SHA256 | c7f3f88263d4f0c128d5083569178d2715a8d23d4862480a63bc8f65b4b9d3ac |
| SHA512 | f8893e3c5f62864b125b50b38dde0e603cfb9bf0df3d6b0a4a69b82484b72591318eda02d3188cb4037301a966dade49e3ec2b3b6e14c6c9ce22a4299ad5798e |