Malware Analysis Report

2024-12-01 22:19

Sample ID 230227-mym79sdb3s
Target ssoconnect.apk
SHA256 a5952ee34525176b87030ecc0e599a10076136345cfbe7fc8dda53be3a85d686
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a5952ee34525176b87030ecc0e599a10076136345cfbe7fc8dda53be3a85d686

Threat Level: Known bad

The file ssoconnect.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-27 10:52

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-27 10:52

Reported

2023-02-27 10:53

Platform

android-x86-arm-20220823-en

Max time kernel

2454330s

Max time network

13s

Command Line

com.shturmsoft.skedio

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.shturmsoft.skedio

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp

Files

/data/user/0/com.shturmsoft.skedio/no_backup/.flurryNoBackup/installationNum

MD5 5b5185fcfd2bbd524417254cb54b02a3
SHA1 c3205c434b737b4dbbe819ab9c1ae5720d1dbdae
SHA256 eab4c03e6547716b18df8b9dd362ad1b2babe5b039d4f282eaf81abd40a3c03e
SHA512 ec67acdc44dbc1e253643e008b29270a217adc57b19ebc6e12355cc3b97249a29e13e2de49f4ac8cf9cef43afb5d219a8b83beae1a75b2aafa7b4f0069cbb188

memory/4091-0.dex

MD5 c5e6de32a530afdcd461ae614c3d8bbc
SHA1 0675f5e7c60491aba7033a15834d3fff5e3badce
SHA256 8d46b7aa2befb15e1f417ec2a65482cc99a8349acf12ccbaa6ebe1c6c4ce6cb8
SHA512 20d713ef3f69cdce550b31a1c4db5de46ee50f10f10d243d99c4d4065fcae84df17e17888bc9bc572cdf959613b2001b7e29ac62e55b4e44f91a316417aebc2d

/data/user/0/com.shturmsoft.skedio/files/.fstreaming/fInProgress/currentFile

MD5 f31ef672b4c86f3d1c26c63ed073d118
SHA1 7f63124885bb6da6bd310137778fea772ec2930c
SHA256 d67161d16e8997cbfae52826cfd63ab50d09d9bfb2f9f3b1c2c12305cbf5c381
SHA512 3fdd2d2f2fc538fe1423d88c9e41c77b9c07b8447c2abbf020ff6b5efbe6dc52cf36c7c1f7ba7970ec2dcbe37a129b14d43258bc716673410f565a0804bb8e25

/data/user/0/com.shturmsoft.skedio/shared_prefs/Setting.xml

MD5 e3e708db955c4c40ca655cdc0ecbaaeb
SHA1 76cedf866b5194c6d80ed65e3188c5a0f7affbd4
SHA256 91c40ca07af48ba6cb694b9578864b15b97057a10878be23e23e6693087765e8
SHA512 c0248c24abf64e4634fac154431ae72c0750b697e0752ae9191b5842bf5c293e64cc714353ca95b9cf9729e674a7e8479d906902aa44187702d24c9e0ed2b3bf

/data/user/0/com.shturmsoft.skedio/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150