Malware Analysis Report

2024-12-01 22:18

Sample ID 230222-xheajaeg8s
Target 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
SHA256 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc

Threat Level: Known bad

The file 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-22 18:50

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-22 18:50

Reported

2023-02-22 18:51

Platform

android-x64-20220823-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-22 18:50

Reported

2023-02-22 18:51

Platform

android-x64-arm64-20220823-en

Max time kernel

2054650s

Max time network

14s

Command Line

com.royalmine.jdsxcr

Signatures

N/A

Processes

com.royalmine.jdsxcr

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp
GB 216.58.208.110:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp
NL 142.251.39.102:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/user/0/com.royalmine.jdsxcr/files/.fstreaming/fInProgress/currentFile

MD5 11cafc71536b297df2410d49d256716f
SHA1 7082e470de5668b902cf30de77979148cfb18b61
SHA256 56a2bfb5a66d4adc0a0c1886f1e2052c0a3914aeab0b3f96c62e2a6ca799f6f9
SHA512 8dfd3a8699578bdd5ca4c38bb8bef206a89d29bdbbb1200fb290c5dff19ae365947c31c6eedf28174de2aaccda7da4b615527c6c01fbee54d95ca2d98bcb8cda

/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/com.royalmine.jdsxcr/shared_prefs/Setting.xml

MD5 bb4441e2e1e3964820e4dd318f95660e
SHA1 3cdd9fea1a387bd2d4dd6961ca235be24ecad1e4
SHA256 04ee99f8bd62d35045b032150f5beef55f76e13d1597900ffba87d74027e9752
SHA512 2a490a054dc0bb4480b51c35789460515687cacee591f0671215858d9e11818d5c05cdf182455ac68c07318bd8b2542df5faa14483424e62531bb64f4e2d344d

/data/user/0/com.royalmine.jdsxcr/no_backup/.flurryNoBackup/installationNum

MD5 a7606fe388b6ec9e2aee8838d641accb
SHA1 a68112681630dd43e51963cc9d80d09b257e6892
SHA256 430615e1168e6d38739e42fae8567b3eb1eede2f680b72873082530ff90cc8f6
SHA512 9f4c33bc50930f2739aff4a6682b1d25a44960a54ed6e21cd329116842c79a47d5979e8cf67fede230f59b620624f2d9fc17b9fe43fe405225811590249862a1

/data/user/0/com.royalmine.jdsxcr/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 9fd193943da914ec393070cefb7f5ec7
SHA1 b74942f5643d1ff31f9ab0a103dbba88d774c8d7
SHA256 ed2d1944ab976b41b1d48b5a7772ff4cce600512d08e76a0dfda774b254c0aec
SHA512 dc6d2575cec5a25bcc3bd6033aa23ebca4e5e3280eb13dd05e1537b65d8cae255a5280dbd90bd8ae71b46b016bcec306579761e4903cac8c8cea299d391c2794

Analysis: behavioral3

Detonation Overview

Submitted

2023-02-22 18:50

Reported

2023-02-22 18:51

Platform

android-x86-arm-20220823-en

Max time kernel

2051048s

Max time network

11s

Command Line

com.royalmine.jdsxcr

Signatures

N/A

Processes

com.royalmine.jdsxcr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 216.58.214.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp

Files

/data/user/0/com.royalmine.jdsxcr/no_backup/.flurryNoBackup/installationNum

MD5 49898f8b35400fd58776801bf9a9723a
SHA1 a131eba6a613ede026ec3d0c58505997d3e76d3e
SHA256 c7f3f88263d4f0c128d5083569178d2715a8d23d4862480a63bc8f65b4b9d3ac
SHA512 f8893e3c5f62864b125b50b38dde0e603cfb9bf0df3d6b0a4a69b82484b72591318eda02d3188cb4037301a966dade49e3ec2b3b6e14c6c9ce22a4299ad5798e