Malware Analysis Report

2024-12-01 22:18

Sample ID 230508-hhfe9sbb4t
Target Visafe.apk
SHA256 489dd2e0414ee0e93519e9134fb10c1d7b89fccd747014c78e22060ce08d4166
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

489dd2e0414ee0e93519e9134fb10c1d7b89fccd747014c78e22060ce08d4166

Threat Level: Known bad

The file Visafe.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-08 06:44

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-05-08 06:43

Reported

2023-05-08 06:44

Platform

android-x64-arm64-20220823-en

Max time kernel

4196044s

Max time network

14s

Command Line

com.air.paz

Signatures

N/A

Processes

com.air.paz

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 216.58.208.106:443 growth-pa.googleapis.com tcp
NL 142.250.179.138:443 growth-pa.googleapis.com tcp
NL 142.251.39.106:443 growth-pa.googleapis.com tcp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
DE 172.217.23.202:443 growth-pa.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 142.250.179.202:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.10:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.40:443 ssl.google-analytics.com tcp

Files

/data/user/0/com.air.paz/files/.fstreaming/fInProgress/currentFile

MD5 bff92f52c1ffca5f42a2b1b40f3175f0
SHA1 9411cd44efb4eaf8351bcb774a3a392924035e36
SHA256 77bf83e67c88485a81610308657a2ff8ef1658bf61434459f98fbf78610325e7
SHA512 7b708791725356e6e0d4248604e3f3566894bb646a573ac60c45e4ae9dde75d13cbdfb389da6d93c6eea41dd3992dfdf68a0ccecf16bdc32045f2a4927eec9a6

/data/user/0/com.air.paz/no_backup/.flurryNoBackup/installationNum

MD5 560e2cef0ae8672ba2c1def6fe4a2a7a
SHA1 4e91946867b1ff73f421a1b15e7875d0e7465b09
SHA256 ced57a5974d62794b237f5f00cf2d1827735f52eeaaefbad7a06238416e1c927
SHA512 c5215a5e3fa4703a47dee41c0a66fece571775d6fa6556d31a970209f7bc07efe5318991592650f9823d5678577c693ea2f58de544123629a782755b3e6291b6

/data/user/0/com.air.paz/shared_prefs/Setting.xml

MD5 a1b8f3b075d96cb863e9527b1bbfedbd
SHA1 9d1d9647841805ac3df7ea9f159525bf9438f69f
SHA256 9135037ebe0fdef4e3bbb546ab351c794e6fe9c873bf47601ab21d2cb10312d9
SHA512 0e2d9f0656e1720ff4d770fba3462b0373880f43482a7985a9d4e5f88dbf903edf3ac97489e3147324e28100dd934f9339ae515ca6bd525c8138108595899b2a

/data/user/0/com.air.paz/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

Analysis: behavioral3

Detonation Overview

Submitted

2023-05-08 06:43

Reported

2023-05-08 06:44

Platform

android-x86-arm-20220823-en

Max time kernel

4196044s

Max time network

13s

Command Line

com.air.paz

Signatures

N/A

Processes

com.air.paz

Network

Country Destination Domain Proto
NL 216.58.214.14:443 udp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.238:443 android.apis.google.com tcp
NL 172.217.168.238:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
GB 216.58.208.106:443 infinitedata-pa.googleapis.com tcp

Files

/data/user/0/com.air.paz/no_backup/.flurryNoBackup/installationNum

MD5 672b15ebce3741141e8cf68ed12c6127
SHA1 d62bb1d349d51aa34db8d7ef5347635bc6fc5a35
SHA256 cdb1ce54750f4a021e1432cb7631d0b849788b2d1baf508134f082649850fa83
SHA512 982d60fc905bcd5bc78e801f10c7239e09b57c6dd195ed22fb747e68645f8efd92a11ac62f6d437ce84fec8d86b66c2033b19e91d8e211abfb631d170e63909d

/data/user/0/com.air.paz/files/.fstreaming/fInProgress/currentFile

MD5 c9fd0867761133eee608047af9c65021
SHA1 72ca370310338f515de01e73d9907ba4fda32984
SHA256 55bd31cc56f620cf1986f66e7bc66c66011efc63ce19533b89e4b598b79b4be2
SHA512 4655ead98c4fb05e786afb7bfcd0111758fc5e7547d8ea26a34ec62811a2fef6f8a55e1b425ebc1d76203d0a2e6f05a6c1a329d12f7902c135eacc6b61eac622

/data/user/0/com.air.paz/shared_prefs/FLURRY_SHARED_PREFERENCES.xml

MD5 724bca6ef2ed083e2540fad0721c37e0
SHA1 abccb5f0864b73ef98aea948b91d2e104ec4bc45
SHA256 a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211
SHA512 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-08 06:43

Reported

2023-05-08 06:44

Platform

android-x64-20220823-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 216.58.214.4:443 udp
US 1.1.1.1:53 g.tenor.com udp
NL 216.58.214.4:443 udp

Files

N/A