Analysis Overview
SHA256
a5952ee34525176b87030ecc0e599a10076136345cfbe7fc8dda53be3a85d686
Threat Level: Known bad
The file ssoconnect.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Loads dropped Dex/Jar
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-02-27 10:52
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-27 10:52
Reported
2023-02-27 10:53
Platform
android-x86-arm-20220823-en
Max time kernel
2454330s
Max time network
13s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.shturmsoft.skedio
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
Files
/data/user/0/com.shturmsoft.skedio/no_backup/.flurryNoBackup/installationNum
| MD5 | 5b5185fcfd2bbd524417254cb54b02a3 |
| SHA1 | c3205c434b737b4dbbe819ab9c1ae5720d1dbdae |
| SHA256 | eab4c03e6547716b18df8b9dd362ad1b2babe5b039d4f282eaf81abd40a3c03e |
| SHA512 | ec67acdc44dbc1e253643e008b29270a217adc57b19ebc6e12355cc3b97249a29e13e2de49f4ac8cf9cef43afb5d219a8b83beae1a75b2aafa7b4f0069cbb188 |
memory/4091-0.dex
| MD5 | c5e6de32a530afdcd461ae614c3d8bbc |
| SHA1 | 0675f5e7c60491aba7033a15834d3fff5e3badce |
| SHA256 | 8d46b7aa2befb15e1f417ec2a65482cc99a8349acf12ccbaa6ebe1c6c4ce6cb8 |
| SHA512 | 20d713ef3f69cdce550b31a1c4db5de46ee50f10f10d243d99c4d4065fcae84df17e17888bc9bc572cdf959613b2001b7e29ac62e55b4e44f91a316417aebc2d |
/data/user/0/com.shturmsoft.skedio/files/.fstreaming/fInProgress/currentFile
| MD5 | f31ef672b4c86f3d1c26c63ed073d118 |
| SHA1 | 7f63124885bb6da6bd310137778fea772ec2930c |
| SHA256 | d67161d16e8997cbfae52826cfd63ab50d09d9bfb2f9f3b1c2c12305cbf5c381 |
| SHA512 | 3fdd2d2f2fc538fe1423d88c9e41c77b9c07b8447c2abbf020ff6b5efbe6dc52cf36c7c1f7ba7970ec2dcbe37a129b14d43258bc716673410f565a0804bb8e25 |
/data/user/0/com.shturmsoft.skedio/shared_prefs/Setting.xml
| MD5 | e3e708db955c4c40ca655cdc0ecbaaeb |
| SHA1 | 76cedf866b5194c6d80ed65e3188c5a0f7affbd4 |
| SHA256 | 91c40ca07af48ba6cb694b9578864b15b97057a10878be23e23e6693087765e8 |
| SHA512 | c0248c24abf64e4634fac154431ae72c0750b697e0752ae9191b5842bf5c293e64cc714353ca95b9cf9729e674a7e8479d906902aa44187702d24c9e0ed2b3bf |
/data/user/0/com.shturmsoft.skedio/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |