Malware Analysis Report

2024-12-01 22:18

Sample ID 230507-m5tnmagc2y
Target Visafe.apk
SHA256 489dd2e0414ee0e93519e9134fb10c1d7b89fccd747014c78e22060ce08d4166
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

489dd2e0414ee0e93519e9134fb10c1d7b89fccd747014c78e22060ce08d4166

Threat Level: Known bad

The file Visafe.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-07 11:03

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-07 11:03

Reported

2023-05-07 11:03

Platform

android-x86-arm-20220823-en

Max time kernel

4125218s

Max time network

12s

Command Line

com.air.paz

Signatures

N/A

Processes

com.air.paz

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp

Files

/data/user/0/com.air.paz/no_backup/.flurryNoBackup/installationNum

MD5 9eb1116ce8b04969733074d6e280e662
SHA1 db663b7da877ea371cff15edc9bac9161c335789
SHA256 6ee4e9b8a6297582aed9c530767d00f448360a5a379927576ce4f1a67c79e8c3
SHA512 c33df85e76184c1094918dd1ffab764fec151c68e403e9d87a1ab13246a1f2003f6ef8c9bbf3c0f834143b25076fc801daa0cb9ecf5f6ef97fd7dbbb7001f28e

/data/user/0/com.air.paz/files/.fstreaming/fInProgress/currentFile

MD5 6d161226b5d4307d0fff1ce0a317b25a
SHA1 f88cc077e6a66d0bd74345af36b6192659e6cf31
SHA256 d4b650862a9b9c3212d2bdbca0e3c3a04a1264c729485be98eabae100f3d0bf4
SHA512 8776476d3b080280a1e57278ef9dd61a9f37754e35b492c8795e153aefc7da4f9ab8a84384ac6f427f571bb1a4ad259143593b63100fa088c4925c36b1af3ef0

/data/user/0/com.air.paz/shared_prefs/Setting.xml

MD5 57a133566374ae2f53ecdd1a76fecb62
SHA1 d2c80ae839a18241333f864ff9113d296a00aadb
SHA256 29edc96f84701d3f4d95d5cb148d9495d222259cf38d8555224da2a592d80118
SHA512 0d91b00f7b8b61d2bd13cd6ce55cc40f56b950f352ed9db16ae895dcf43959921b391ae3ec094ca01e3c7fac3d87ba3c5e3e5ca1f5d968f66b66cf1a6c09920d

/data/user/0/com.air.paz/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150