Analysis Overview
SHA256
ec1e2ff5c72c233f2b5ad538d44059a06b81b5e5da5e2c82897be1ca4539d490
Threat Level: Known bad
The file lionairthai.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
Loads dropped Dex/Jar
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-03-06 02:57
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-06 02:57
Reported
2023-03-06 02:57
Platform
android-x86-arm-20220823-en
Max time kernel
3030616s
Max time network
14s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.yiwuzhibo
Network
| Country | Destination | Domain | Proto |
| NL | 216.58.214.14:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 172.217.168.234:443 | infinitedata-pa.googleapis.com | tcp |
Files
/data/user/0/com.yiwuzhibo/no_backup/.flurryNoBackup/installationNum
| MD5 | f74a1429664850f14b5fa2b2b718f8d1 |
| SHA1 | b1dad99e0d3b4a4b45b1be6e17d23b97ab3722b4 |
| SHA256 | 39c0df30d5134eebf304964e3a6528dc6822a936e975b5dcd955334fb54f82c9 |
| SHA512 | bf5a1ac4c0eeb90ccd51c22674168f6e055766ef349b697844a0365cbfab59f33976ab9ab96c558d41a86d9542343b1ff20ff1776ad2219ab131c2a04ae6ca01 |
memory/4100-0.dex
| MD5 | 61d8bf475daa5f014d901ac2a7f9c8e6 |
| SHA1 | 415aaf3913e2a8714a024266fc63b04166441e3d |
| SHA256 | 50ada1244139594bb7a6d54500cac3848a18883e78854f7e5251fd11cb12c0aa |
| SHA512 | 70c7314dc904c3ead50d3bb883eb4381f9b6ea6acf9ed02d067f924bfbb9f3afeb35609baeca20b7cfda770d8eebfc08d554a80089770614a68b59d6ff6461ac |
/data/user/0/com.yiwuzhibo/files/.fstreaming/fInProgress/currentFile
| MD5 | ba5035243a03b4f09cb8acb99f556a02 |
| SHA1 | cbc7d729a7a2f1a495b837d03a30f73ed2c8d45f |
| SHA256 | 3457e7afea636e982ca0aa7173f5a9b4680d76839cf798e0985df346849c95d8 |
| SHA512 | 264c0f28361bc6c6efaf927c0b6d7095519cce32c14deb9e4b4a38d3a658c752298c8a9065bc1e88446251354cff56c8fd20e6b030248f15cbce8a32d12e4074 |
/data/user/0/com.yiwuzhibo/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/com.yiwuzhibo/shared_prefs/Setting.xml
| MD5 | e82fdb0ef5c2ddd017662a71c414bb87 |
| SHA1 | cdef99ce759959ee5f128aae74033b7a601e5ee0 |
| SHA256 | eeac6c4849810f62bc1865e17e748b287821f29522636a776f6ba05f1e6963fd |
| SHA512 | 03342a70a296d2a2c9ab6771f8d870220f80fac947fd496927b76db0c74eaf473b78633e517d992fe21e0b39018211cbaa3c9f9789881f7b0567196fd6a0ae44 |