Analysis Overview
score
10/10
SHA256
e778be6a46a47c62e94caf5e79c603c808d794a4b970dcb38400c0b9e26cfc2d
Threat Level: Known bad
The file Gigabud.zip was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-03-29 14:21
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-29 14:21
Reported
2023-03-29 14:21
Platform
android-x86-arm-20220823-en
Max time kernel
767476s
Max time network
24s
Command Line
com.pp.checklist
Signatures
N/A
Processes
com.pp.checklist
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
| NL | 142.251.36.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
Files
/data/user/0/com.pp.checklist/no_backup/.flurryNoBackup/installationNum
| MD5 | ebe89ed89aabc7058c1c4a49591868fe |
| SHA1 | a9e28b849b0f4bbc1d8321a4aef3b92877010795 |
| SHA256 | 3b9b3992e8630ad22d00c13ebb77baac1a40ea365a4aed4379fb1f69d371f2a7 |
| SHA512 | 2e8a30fb06d8843af081b8c1f3e20f86f77198ed15b9de2e0dcd75b1d939a0e93593eb422c956f17b5cb9f1bcda4fb32b9194a6104ff85d18c04355cb848ceff |
/data/user/0/com.pp.checklist/files/.fstreaming/fInProgress/currentFile
| MD5 | 7a35ac58dcf47ee01e283f3e7fe3a1ed |
| SHA1 | 90d835acba46df2060a816ada9c2293494a89cb6 |
| SHA256 | c6d7e14945589b228961c825cf93c5ed96114b7128fbafcfa19eafdcb3e2e57d |
| SHA512 | 265788c7c6ce1db19d5ed2261f95911ef7f833037e11b6046b748d2214ad3966d0abd27f5add6572b536d93a2e47965e42a40d3ef0e704d13f9016eef9e4d595 |
/data/user/0/com.pp.checklist/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
/data/user/0/com.pp.checklist/shared_prefs/Setting.xml
| MD5 | 4a7551de20cce7c7338b0c6e9acf4443 |
| SHA1 | 4e72b8df48f4a95072672435c061d2a21233eeb6 |
| SHA256 | 6b01195c52ca1b15652ce44b1b1c71e829657376e1ec633b88dd4c5a5195d439 |
| SHA512 | 552f853a435c75b060e033bffb27b8a35851ab672abbdea02a4027de85bbf0f8efcdb51eb5427e6f5724a8e4525e4a194ca179b4dc80391659bb5f1cebb96a23 |