Malware Analysis Report

2024-12-01 22:18

Sample ID 230329-rnz7asac5s
Target Gigabud.zip
SHA256 e778be6a46a47c62e94caf5e79c603c808d794a4b970dcb38400c0b9e26cfc2d
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e778be6a46a47c62e94caf5e79c603c808d794a4b970dcb38400c0b9e26cfc2d

Threat Level: Known bad

The file Gigabud.zip was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-29 14:21

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-29 14:21

Reported

2023-03-29 14:21

Platform

android-x86-arm-20220823-en

Max time kernel

767476s

Max time network

24s

Command Line

com.pp.checklist

Signatures

N/A

Processes

com.pp.checklist

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp
NL 142.251.36.14:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 216.58.214.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp

Files

/data/user/0/com.pp.checklist/no_backup/.flurryNoBackup/installationNum

MD5 ebe89ed89aabc7058c1c4a49591868fe
SHA1 a9e28b849b0f4bbc1d8321a4aef3b92877010795
SHA256 3b9b3992e8630ad22d00c13ebb77baac1a40ea365a4aed4379fb1f69d371f2a7
SHA512 2e8a30fb06d8843af081b8c1f3e20f86f77198ed15b9de2e0dcd75b1d939a0e93593eb422c956f17b5cb9f1bcda4fb32b9194a6104ff85d18c04355cb848ceff

/data/user/0/com.pp.checklist/files/.fstreaming/fInProgress/currentFile

MD5 7a35ac58dcf47ee01e283f3e7fe3a1ed
SHA1 90d835acba46df2060a816ada9c2293494a89cb6
SHA256 c6d7e14945589b228961c825cf93c5ed96114b7128fbafcfa19eafdcb3e2e57d
SHA512 265788c7c6ce1db19d5ed2261f95911ef7f833037e11b6046b748d2214ad3966d0abd27f5add6572b536d93a2e47965e42a40d3ef0e704d13f9016eef9e4d595

/data/user/0/com.pp.checklist/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

/data/user/0/com.pp.checklist/shared_prefs/Setting.xml

MD5 4a7551de20cce7c7338b0c6e9acf4443
SHA1 4e72b8df48f4a95072672435c061d2a21233eeb6
SHA256 6b01195c52ca1b15652ce44b1b1c71e829657376e1ec633b88dd4c5a5195d439
SHA512 552f853a435c75b060e033bffb27b8a35851ab672abbdea02a4027de85bbf0f8efcdb51eb5427e6f5724a8e4525e4a194ca179b4dc80391659bb5f1cebb96a23