Resubmissions

22-02-2023 18:59

230222-xm7gwaeh2y 10

22-02-2023 18:50

230222-xheajaeg8s 10

21-02-2023 09:55

230221-lx4m7aed29 10

General

  • Target

    05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc

  • Size

    6.4MB

  • MD5

    b1ac7692a5078de774c4b9f5fb3a0c1c

  • SHA1

    82bfa27f22268c6980118a92cfd36af84ee43622

  • SHA256

    05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc

  • SHA512

    0588edf638be6dfc35ea91a025a9304e16b0085c1ced5c3d5cfd07c2832b4952a0c6e46d893ac51260224dbdd96e73c6da3528570e7d6fafe2cc3d682753bb13

  • SSDEEP

    98304:YKulus8Ln/mEOep/I+R9ms/vopc8Gcwta4QdGrtsArEGzQ3afrYNz:puluPbO3+RIsnW5G0GxsArEGcPz

Score
10/10

Malware Config

Extracted

Family

gigabud

C2

http://adcf6.cc/x/command?token=

http://8.219.85.91:8888/push-streaming?id=1234

Signatures

  • Gigabud family
  • Requests dangerous framework permissions 9 IoCs

Files

  • 05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc
    .apk android arch:arm

    com.royalmine.jdsxcr

    com.mobilelive.showCommunity.activity.SplashActivity


Android Permissions

05e10c7397c667e4b01f45e1b49d17402e7dca3d5d8aa6c76364d5ebd77d6fcc

Permissions

android.permission.BIND_ACCESSIBILITY_SERVICE

android.permission.REQUEST_DELETE_PACKAGES

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_INSTALLED_APPS

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.READ_FRAME_BUFFER

android.permission.INTERNET

android.permission.FOREGROUND_SERVICE

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.RECORD_AUDIO

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.READ_SMS

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.SYSTEM_OVERLAY_WINDOW

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.READ_EXTERNAL_STORAGE

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.WRITE_SETTINGS

android.permission.ACCESS_NOTIFICATION_POLICY