Analysis Overview
SHA256
a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
Threat Level: Known bad
The file a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612 was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-02-22 18:51
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-22 18:51
Reported
2023-02-22 18:51
Platform
android-x64-20220823-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| DE | 142.250.185.130:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-02-22 18:51
Reported
2023-02-22 18:51
Platform
android-x64-arm64-20220823-en
Max time kernel
2054662s
Max time network
14s
Command Line
Signatures
Processes
ru.yandex.taxi
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.208.110:443 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
Files
/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile
| MD5 | 5773ce64f42c35157ab936cdf6aec680 |
| SHA1 | e8e856490b8b1342c787e6dde6d3514a8fe3bae0 |
| SHA256 | 7fec6cfa8f0ff639fbfda189490d06e6cc083ae84e962e65d35bf9d45fa2cc7d |
| SHA512 | 48919f0c22b34217b1634d1ea893c23cb5d5df289066f029ea80b5d0fe2694404e602f8e211e78020f366c4fe3551d4c19f1532dfe6976768c7bb889cf35bc48 |
/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum
| MD5 | cdab4162d97dea9823089a642b85dc79 |
| SHA1 | 80d6af68c86fcfe83160fc35422c9dee0213da4f |
| SHA256 | 88679da57193c223d36a32b4e4966d0df6e38195f9ef193e76917505c24e5ca0 |
| SHA512 | 159cf6ef53a2a093be2af12aac3fa3f399c3c7807b156a38334288cbcbbc9f7f704b6977e6d47c889d87cadc8bb7ec8f3525cb9929101328c2a639c375c49de9 |
/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml
| MD5 | 740ec267ee6659e70767c8b254b8b883 |
| SHA1 | e360e41830e76e34dbcc584cc8c68c3159e0f873 |
| SHA256 | 3506880e92f0b055f145dbdbbbc74949e3d7870f2243aad1cd558d6377bb3522 |
| SHA512 | 62a41c986701a0602ed5a9baf41d17040d9cab0d252e123d6a2e387f96efd959f7c06c3a7e14afb4236e0e2c8457f073ca58c4e65cdf1fdc58a783ad984ef93a |
/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | ff4cf87396bf3045b739983b95fb10d3 |
| SHA1 | c628e32963235efdaa5ece4e119fc780577cf1ca |
| SHA256 | 49bdb50810b2f74b9717bc959ebb7357250d9dd1d26b32977a940216fc8355c7 |
| SHA512 | 123aafb84b3c68ee39067e909eb9553f4a396b82ecebc08413c14b5345cf3347d00698f77281104da7242760646b9c181b65c66101e9ce9a6a96feef39bbf769 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-02-22 18:51
Reported
2023-02-22 18:51
Platform
android-x86-arm-20220823-en
Max time kernel
2051064s
Max time network
11s
Command Line
Signatures
Processes
ru.yandex.taxi
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp |
Files
/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum
| MD5 | fc95953df14448c1fb92118349a3140a |
| SHA1 | 17239cd0e310040b699b0aba7c546eb806154062 |
| SHA256 | d909263ae59f5b1971bc4fe5d40a5e9a6631d07ca511923654363ae03cf5702f |
| SHA512 | 4c33750ae9dec355c01f713e44cc9c899b4bc1a588b98fd88e8d83223d6dded2f7025c3eff2b837332f09661f33612237dbe11b8acda83df3e6bd15ed5276f9c |
/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile
| MD5 | 9fbf9a2f1be32cf74f377ca9f3d2f742 |
| SHA1 | d28fd8aaac2c3c16dd19895d0e736dbbe7dab7f3 |
| SHA256 | 9d59b9d74a901699c1411ee9974c9f2a79197fe34c5de4b92592f230ecff5fa6 |
| SHA512 | 75712a1c6936e457491b44e38a7fbacd1c497fd529864058d1f02c532e1dc8b52f7ac30a7d4be0eea7e3e36c03c8153682bbf67a9b104e089c1dfb0d090a4476 |