Analysis Overview
SHA256
489dd2e0414ee0e93519e9134fb10c1d7b89fccd747014c78e22060ce08d4166
Threat Level: Known bad
The file Visafe.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-05-08 06:44
Signatures
Gigabud family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-05-08 06:43
Reported
2023-05-08 06:44
Platform
android-x64-arm64-20220823-en
Max time kernel
4196044s
Max time network
14s
Command Line
Signatures
Processes
com.air.paz
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| DE | 172.217.23.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| GB | 216.58.208.106:443 | growth-pa.googleapis.com | tcp |
| NL | 142.250.179.138:443 | growth-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | growth-pa.googleapis.com | tcp |
| NL | 142.251.36.10:443 | growth-pa.googleapis.com | tcp |
| DE | 172.217.23.202:443 | growth-pa.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.202:443 | growth-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.10:443 | growth-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.36.40:443 | ssl.google-analytics.com | tcp |
Files
/data/user/0/com.air.paz/files/.fstreaming/fInProgress/currentFile
| MD5 | bff92f52c1ffca5f42a2b1b40f3175f0 |
| SHA1 | 9411cd44efb4eaf8351bcb774a3a392924035e36 |
| SHA256 | 77bf83e67c88485a81610308657a2ff8ef1658bf61434459f98fbf78610325e7 |
| SHA512 | 7b708791725356e6e0d4248604e3f3566894bb646a573ac60c45e4ae9dde75d13cbdfb389da6d93c6eea41dd3992dfdf68a0ccecf16bdc32045f2a4927eec9a6 |
/data/user/0/com.air.paz/no_backup/.flurryNoBackup/installationNum
| MD5 | 560e2cef0ae8672ba2c1def6fe4a2a7a |
| SHA1 | 4e91946867b1ff73f421a1b15e7875d0e7465b09 |
| SHA256 | ced57a5974d62794b237f5f00cf2d1827735f52eeaaefbad7a06238416e1c927 |
| SHA512 | c5215a5e3fa4703a47dee41c0a66fece571775d6fa6556d31a970209f7bc07efe5318991592650f9823d5678577c693ea2f58de544123629a782755b3e6291b6 |
/data/user/0/com.air.paz/shared_prefs/Setting.xml
| MD5 | a1b8f3b075d96cb863e9527b1bbfedbd |
| SHA1 | 9d1d9647841805ac3df7ea9f159525bf9438f69f |
| SHA256 | 9135037ebe0fdef4e3bbb546ab351c794e6fe9c873bf47601ab21d2cb10312d9 |
| SHA512 | 0e2d9f0656e1720ff4d770fba3462b0373880f43482a7985a9d4e5f88dbf903edf3ac97489e3147324e28100dd934f9339ae515ca6bd525c8138108595899b2a |
/data/user/0/com.air.paz/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-05-08 06:43
Reported
2023-05-08 06:44
Platform
android-x86-arm-20220823-en
Max time kernel
4196044s
Max time network
13s
Command Line
Signatures
Processes
com.air.paz
Network
| Country | Destination | Domain | Proto |
| NL | 216.58.214.14:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 172.217.168.238:443 | android.apis.google.com | tcp |
| NL | 172.217.168.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| GB | 216.58.208.106:443 | infinitedata-pa.googleapis.com | tcp |
Files
/data/user/0/com.air.paz/no_backup/.flurryNoBackup/installationNum
| MD5 | 672b15ebce3741141e8cf68ed12c6127 |
| SHA1 | d62bb1d349d51aa34db8d7ef5347635bc6fc5a35 |
| SHA256 | cdb1ce54750f4a021e1432cb7631d0b849788b2d1baf508134f082649850fa83 |
| SHA512 | 982d60fc905bcd5bc78e801f10c7239e09b57c6dd195ed22fb747e68645f8efd92a11ac62f6d437ce84fec8d86b66c2033b19e91d8e211abfb631d170e63909d |
/data/user/0/com.air.paz/files/.fstreaming/fInProgress/currentFile
| MD5 | c9fd0867761133eee608047af9c65021 |
| SHA1 | 72ca370310338f515de01e73d9907ba4fda32984 |
| SHA256 | 55bd31cc56f620cf1986f66e7bc66c66011efc63ce19533b89e4b598b79b4be2 |
| SHA512 | 4655ead98c4fb05e786afb7bfcd0111758fc5e7547d8ea26a34ec62811a2fef6f8a55e1b425ebc1d76203d0a2e6f05a6c1a329d12f7902c135eacc6b61eac622 |
/data/user/0/com.air.paz/shared_prefs/FLURRY_SHARED_PREFERENCES.xml
| MD5 | 724bca6ef2ed083e2540fad0721c37e0 |
| SHA1 | abccb5f0864b73ef98aea948b91d2e104ec4bc45 |
| SHA256 | a0c9f1ba6c24359dd619f80ccd2885919505b10080c7d262d8d2e5005f639211 |
| SHA512 | 27f8375c9654d0a3b37e87e82792077f821361f7aa3282e81a198ec5dd354e4dee77bd60e5ec7e9e89569afbcb86038cd9b1196b8875183f7a5fda44f3fb1150 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-08 06:43
Reported
2023-05-08 06:44
Platform
android-x64-20220823-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 216.58.214.4:443 | udp | |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| NL | 216.58.214.4:443 | udp |