Malware Analysis Report

2024-12-01 22:19

Sample ID 230306-dfq2rshh4z
Target lionairthai.apk
SHA256 ec1e2ff5c72c233f2b5ad538d44059a06b81b5e5da5e2c82897be1ca4539d490
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ec1e2ff5c72c233f2b5ad538d44059a06b81b5e5da5e2c82897be1ca4539d490

Threat Level: Known bad

The file lionairthai.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

Loads dropped Dex/Jar

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-06 02:57

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-06 02:57

Reported

2023-03-06 02:57

Platform

android-x86-arm-20220823-en

Max time kernel

3030616s

Max time network

14s

Command Line

com.yiwuzhibo

Signatures

Loads dropped Dex/Jar

Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.yiwuzhibo

Network

Country Destination Domain Proto
NL 216.58.214.14:443 udp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 172.217.168.234:443 infinitedata-pa.googleapis.com tcp

Files

/data/user/0/com.yiwuzhibo/no_backup/.flurryNoBackup/installationNum

MD5 f74a1429664850f14b5fa2b2b718f8d1
SHA1 b1dad99e0d3b4a4b45b1be6e17d23b97ab3722b4
SHA256 39c0df30d5134eebf304964e3a6528dc6822a936e975b5dcd955334fb54f82c9
SHA512 bf5a1ac4c0eeb90ccd51c22674168f6e055766ef349b697844a0365cbfab59f33976ab9ab96c558d41a86d9542343b1ff20ff1776ad2219ab131c2a04ae6ca01

memory/4100-0.dex

MD5 61d8bf475daa5f014d901ac2a7f9c8e6
SHA1 415aaf3913e2a8714a024266fc63b04166441e3d
SHA256 50ada1244139594bb7a6d54500cac3848a18883e78854f7e5251fd11cb12c0aa
SHA512 70c7314dc904c3ead50d3bb883eb4381f9b6ea6acf9ed02d067f924bfbb9f3afeb35609baeca20b7cfda770d8eebfc08d554a80089770614a68b59d6ff6461ac

/data/user/0/com.yiwuzhibo/files/.fstreaming/fInProgress/currentFile

MD5 ba5035243a03b4f09cb8acb99f556a02
SHA1 cbc7d729a7a2f1a495b837d03a30f73ed2c8d45f
SHA256 3457e7afea636e982ca0aa7173f5a9b4680d76839cf798e0985df346849c95d8
SHA512 264c0f28361bc6c6efaf927c0b6d7095519cce32c14deb9e4b4a38d3a658c752298c8a9065bc1e88446251354cff56c8fd20e6b030248f15cbce8a32d12e4074

/data/user/0/com.yiwuzhibo/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/com.yiwuzhibo/shared_prefs/Setting.xml

MD5 e82fdb0ef5c2ddd017662a71c414bb87
SHA1 cdef99ce759959ee5f128aae74033b7a601e5ee0
SHA256 eeac6c4849810f62bc1865e17e748b287821f29522636a776f6ba05f1e6963fd
SHA512 03342a70a296d2a2c9ab6771f8d870220f80fac947fd496927b76db0c74eaf473b78633e517d992fe21e0b39018211cbaa3c9f9789881f7b0567196fd6a0ae44