Malware Analysis Report

2024-12-01 22:18

Sample ID 230302-jyt42abf6s
Target 7c62
SHA256 5c23f5d3e75d0fd28aa30a84bfae5d35f0b13d351b3eb1aa086efed7fc2cd60a
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5c23f5d3e75d0fd28aa30a84bfae5d35f0b13d351b3eb1aa086efed7fc2cd60a

Threat Level: Known bad

The file 7c62 was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-02 08:05

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-02 08:05

Reported

2023-03-02 08:05

Platform

android-x86-arm-20220823-en

Max time kernel

2703472s

Max time network

10s

Command Line

ru.yandex.taxi

Signatures

N/A

Processes

ru.yandex.taxi

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp
NL 142.250.179.170:443 tcp

Files

/data/user/0/ru.yandex.taxi/no_backup/.flurryNoBackup/installationNum

MD5 aeeebaf934180f96f0729d17c1e4d192
SHA1 b1210e61a5aca89f4240914942c12eb461579b9f
SHA256 4affe5e0dec8aab46bdf69af361def0d13c6a4596f2e1b51f38eae305d329568
SHA512 aa87b6732f191678b8f3944e28fb889064980d83e5a2e02b51891acdf32a1f1bea7bc1208f93b9f395039957be8254c40e6afef821354a2ccfd4428ea75c26c6

/data/user/0/ru.yandex.taxi/files/.fstreaming/fInProgress/currentFile

MD5 8aa994f5bedd427c3b5ced5716608a10
SHA1 5b54f6b18586bbe3cbfa7690e3f090ce4a918489
SHA256 94ea47a72ad9908b35647d7fe0aa3fe6a252744f44a59657b7f6bb47eaf0de9c
SHA512 68d2e419361b0da0732537de1d97765bf6931d9b7f5acca950849b439890d9fd64579e19c93301ff821fa939f508bc56d0d6bc39ad7b787bb207c0e7f7e3c7d7

/data/user/0/ru.yandex.taxi/shared_prefs/Setting.xml

MD5 b256dcd8d5eb7d9a3b442105f606c7dc
SHA1 ab034ef7df8132248b1387d421a0785011e6fd44
SHA256 dff11f1d35ce586ac51f31c051a06b7d54f2b3a147f39abe1d8a4a614a5b8512
SHA512 6940ce696a8c2c141d8ff278ea0bc1c177a78c7423c648bdc9a4f055790e49c52ef04df83e396753719cadb733db9d54b64b86e642a96dd77aa1a20d4ed5dbbc

/data/user/0/ru.yandex.taxi/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150