gigabud | COJ[.]apk

General

Target

COJ.apk
Size

12.8MB
MD5

3c92503c30fb125486f943838a7de5af
SHA1

f6a86d20930f1ab46c6545d623cc9035e1d0553d
SHA256

570d051b3bc3e982c90785b89678020651c4ef87c2ad6102957c95bb38e9b1f4
SHA512

2c5cc98ae69979c76b43d6ccd6b30e2042abb83dcc254d40e96272a19e141917bd3e542c06f61722950fafe538c2d76ae3af02057276f320e4d4f2c5a759ce74
SSDEEP

393216:XmWdhuNh0tnti4fsqNUUP3HtMoN3BhIaqEubH+70rj:X3GNWtntrE8P3GoHWaqEdGj

Score

10^/10

gigabud

Malware Config

Extracted

Family

gigabud

C2

http://kbap1.cc/x/command?token=

http://8.219.85.91:8888/push-streaming?id=1234

Signatures

Gigabud family
gigabud

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

COJ.apk
.apk android arch:arm

com.pp.checklist

com.mobilelive.sho.activity.SplashActivity

Activities

com.mobilelive.sho.activity.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.REQUEST_DELETE_PACKAGES
android.permission.QUERY_ALL_PACKAGES
android.permission.GET_INSTALLED_APPS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_FRAME_BUFFER
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.DISABLE_KEYGUARD
android.permission.WAKE_LOCK
android.permission.INTERNET
android.permission.FOREGROUND_SERVICE
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.WRITE_SETTINGS
android.permission.ACCESS_NOTIFICATION_POLICY

Receivers

com.mobilelive.sho.receiver.GlobalBroadcast

com.mobilelive.sho.show.dialog
com.mobilelive.sho.close.dialog

Services

com.blankj.utilcode.util.MessengerUtils$ServerService

com.pp.checklist.messenger

Android Permissions

COJ.apk

Permissions

android.permission.REQUEST_DELETE_PACKAGES

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_INSTALLED_APPS

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.READ_FRAME_BUFFER

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.DISABLE_KEYGUARD

android.permission.WAKE_LOCK

android.permission.INTERNET

android.permission.FOREGROUND_SERVICE

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.RECORD_AUDIO

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.READ_SMS

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.READ_EXTERNAL_STORAGE

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.WRITE_SETTINGS

android.permission.ACCESS_NOTIFICATION_POLICY

Sharing

General

Malware Config

Extracted

Signatures

Files

com.pp.checklist

com.mobilelive.sho.activity.SplashActivity

Activities

com.mobilelive.sho.activity.SplashActivity

Permissions

Receivers

com.mobilelive.sho.receiver.GlobalBroadcast

Services

com.blankj.utilcode.util.MessengerUtils$ServerService

Android Permissions

COJ.apk