Analysis Overview
score
10/10
SHA256
489dd2e0414ee0e93519e9134fb10c1d7b89fccd747014c78e22060ce08d4166
Threat Level: Known bad
The file Visafe.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-05-07 11:03
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-07 11:03
Reported
2023-05-07 11:03
Platform
android-x86-arm-20220823-en
Max time kernel
4125218s
Max time network
12s
Command Line
com.air.paz
Signatures
N/A
Processes
com.air.paz
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.174:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
Files
/data/user/0/com.air.paz/no_backup/.flurryNoBackup/installationNum
| MD5 | 9eb1116ce8b04969733074d6e280e662 |
| SHA1 | db663b7da877ea371cff15edc9bac9161c335789 |
| SHA256 | 6ee4e9b8a6297582aed9c530767d00f448360a5a379927576ce4f1a67c79e8c3 |
| SHA512 | c33df85e76184c1094918dd1ffab764fec151c68e403e9d87a1ab13246a1f2003f6ef8c9bbf3c0f834143b25076fc801daa0cb9ecf5f6ef97fd7dbbb7001f28e |
/data/user/0/com.air.paz/files/.fstreaming/fInProgress/currentFile
| MD5 | 6d161226b5d4307d0fff1ce0a317b25a |
| SHA1 | f88cc077e6a66d0bd74345af36b6192659e6cf31 |
| SHA256 | d4b650862a9b9c3212d2bdbca0e3c3a04a1264c729485be98eabae100f3d0bf4 |
| SHA512 | 8776476d3b080280a1e57278ef9dd61a9f37754e35b492c8795e153aefc7da4f9ab8a84384ac6f427f571bb1a4ad259143593b63100fa088c4925c36b1af3ef0 |
/data/user/0/com.air.paz/shared_prefs/Setting.xml
| MD5 | 57a133566374ae2f53ecdd1a76fecb62 |
| SHA1 | d2c80ae839a18241333f864ff9113d296a00aadb |
| SHA256 | 29edc96f84701d3f4d95d5cb148d9495d222259cf38d8555224da2a592d80118 |
| SHA512 | 0d91b00f7b8b61d2bd13cd6ce55cc40f56b950f352ed9db16ae895dcf43959921b391ae3ec094ca01e3c7fac3d87ba3c5e3e5ca1f5d968f66b66cf1a6c09920d |
/data/user/0/com.air.paz/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |