Analysis Overview
score
10/10
SHA256
5c23f5d3e75d0fd28aa30a84bfae5d35f0b13d351b3eb1aa086efed7fc2cd60a
Threat Level: Known bad
The file 7c62 was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-03-02 08:05
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-02 08:05
Reported
2023-03-02 08:05
Platform
android-x86-arm-20220823-en
Max time kernel
2703472s
Max time network
10s
Command Line
ru.yandex.taxi
Signatures
N/A
Processes
ru.yandex.taxi
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 1.1.1.1:853 | tcp | |
| NL | 142.250.179.170:443 | tcp |
Files
/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum
| MD5 | aeeebaf934180f96f0729d17c1e4d192 |
| SHA1 | b1210e61a5aca89f4240914942c12eb461579b9f |
| SHA256 | 4affe5e0dec8aab46bdf69af361def0d13c6a4596f2e1b51f38eae305d329568 |
| SHA512 | aa87b6732f191678b8f3944e28fb889064980d83e5a2e02b51891acdf32a1f1bea7bc1208f93b9f395039957be8254c40e6afef821354a2ccfd4428ea75c26c6 |
/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile
| MD5 | 8aa994f5bedd427c3b5ced5716608a10 |
| SHA1 | 5b54f6b18586bbe3cbfa7690e3f090ce4a918489 |
| SHA256 | 94ea47a72ad9908b35647d7fe0aa3fe6a252744f44a59657b7f6bb47eaf0de9c |
| SHA512 | 68d2e419361b0da0732537de1d97765bf6931d9b7f5acca950849b439890d9fd64579e19c93301ff821fa939f508bc56d0d6bc39ad7b787bb207c0e7f7e3c7d7 |
/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml
| MD5 | b256dcd8d5eb7d9a3b442105f606c7dc |
| SHA1 | ab034ef7df8132248b1387d421a0785011e6fd44 |
| SHA256 | dff11f1d35ce586ac51f31c051a06b7d54f2b3a147f39abe1d8a4a614a5b8512 |
| SHA512 | 6940ce696a8c2c141d8ff278ea0bc1c177a78c7423c648bdc9a4f055790e49c52ef04df83e396753719cadb733db9d54b64b86e642a96dd77aa1a20d4ed5dbbc |
/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |