Malware Analysis Report

2024-12-01 22:19

Sample ID 230510-jhgh1aeg63
Target a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66.apk
SHA256 a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66
Tags
gigabud
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66

Threat Level: Known bad

The file a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66.apk was found to be: Known bad.

Malicious Activity Summary

gigabud

Gigabud family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-05-10 07:40

Signatures

Gigabud family

gigabud

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-10 07:39

Reported

2023-05-10 07:41

Platform

android-x86-arm-20220823-en

Max time kernel

77274s

Max time network

9s

Command Line

com.cloud.loan

Signatures

N/A

Processes

com.cloud.loan

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

/data/user/0/com.cloud.loan/no_backup/.flurryNoBackup/installationNum

MD5 0dd6e98230d244b057e4b91a775e702a
SHA1 6b27a26d41b4832367271eda0c74c68dcae80188
SHA256 f4c4ee228a9697f02bd0536e049d3490ffe22f6e5c1e799e64132b979afc0b59
SHA512 e3bc2c940b4e53abb0b2996450c1c88ff10a4680b487d3589f2ef57dcdb16364f0ae28bd28bf114394f3fc9075a4afa3d56e19eba5e81a61d7556a50b2c452e9