Malware Analysis Report

2024-12-01 22:18

Sample ID 230222-xhqzbsch88
Target a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
SHA256 a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612

Threat Level: Known bad

The file a611d499b9528df337068120ad26aed967fad6c3fd1af7fd3f7473698760c612 was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-22 18:51

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-22 18:51

Reported

2023-02-22 18:51

Platform

android-x64-20220823-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
DE 142.250.185.130:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-22 18:51

Reported

2023-02-22 18:51

Platform

android-x64-arm64-20220823-en

Max time kernel

2054662s

Max time network

14s

Command Line

ru.yandex.taxi

Signatures

N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
US 1.1.1.1:53 growth-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
GB 216.58.208.110:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp

Files

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 5773ce64f42c35157ab936cdf6aec680
SHA1 e8e856490b8b1342c787e6dde6d3514a8fe3bae0
SHA256 7fec6cfa8f0ff639fbfda189490d06e6cc083ae84e962e65d35bf9d45fa2cc7d
SHA512 48919f0c22b34217b1634d1ea893c23cb5d5df289066f029ea80b5d0fe2694404e602f8e211e78020f366c4fe3551d4c19f1532dfe6976768c7bb889cf35bc48

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 cdab4162d97dea9823089a642b85dc79
SHA1 80d6af68c86fcfe83160fc35422c9dee0213da4f
SHA256 88679da57193c223d36a32b4e4966d0df6e38195f9ef193e76917505c24e5ca0
SHA512 159cf6ef53a2a093be2af12aac3fa3f399c3c7807b156a38334288cbcbbc9f7f704b6977e6d47c889d87cadc8bb7ec8f3525cb9929101328c2a639c375c49de9

/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml

MD5 740ec267ee6659e70767c8b254b8b883
SHA1 e360e41830e76e34dbcc584cc8c68c3159e0f873
SHA256 3506880e92f0b055f145dbdbbbc74949e3d7870f2243aad1cd558d6377bb3522
SHA512 62a41c986701a0602ed5a9baf41d17040d9cab0d252e123d6a2e387f96efd959f7c06c3a7e14afb4236e0e2c8457f073ca58c4e65cdf1fdc58a783ad984ef93a

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 ff4cf87396bf3045b739983b95fb10d3
SHA1 c628e32963235efdaa5ece4e119fc780577cf1ca
SHA256 49bdb50810b2f74b9717bc959ebb7357250d9dd1d26b32977a940216fc8355c7
SHA512 123aafb84b3c68ee39067e909eb9553f4a396b82ecebc08413c14b5345cf3347d00698f77281104da7242760646b9c181b65c66101e9ce9a6a96feef39bbf769

Analysis: behavioral3

Detonation Overview

Submitted

2023-02-22 18:51

Reported

2023-02-22 18:51

Platform

android-x86-arm-20220823-en

Max time kernel

2051064s

Max time network

11s

Command Line

ru.yandex.taxi

Signatures

N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 fc95953df14448c1fb92118349a3140a
SHA1 17239cd0e310040b699b0aba7c546eb806154062
SHA256 d909263ae59f5b1971bc4fe5d40a5e9a6631d07ca511923654363ae03cf5702f
SHA512 4c33750ae9dec355c01f713e44cc9c899b4bc1a588b98fd88e8d83223d6dded2f7025c3eff2b837332f09661f33612237dbe11b8acda83df3e6bd15ed5276f9c

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 9fbf9a2f1be32cf74f377ca9f3d2f742
SHA1 d28fd8aaac2c3c16dd19895d0e736dbbe7dab7f3
SHA256 9d59b9d74a901699c1411ee9974c9f2a79197fe34c5de4b92592f230ecff5fa6
SHA512 75712a1c6936e457491b44e38a7fbacd1c497fd529864058d1f02c532e1dc8b52f7ac30a7d4be0eea7e3e36c03c8153682bbf67a9b104e089c1dfb0d090a4476