Resubmissions

15-10-2023 19:10

231015-xvd6asag6t 10

10-05-2023 07:39

230510-jhgh1aeg63 10

General

  • Target

    a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66.apk

  • Size

    7.3MB

  • MD5

    ca6aa6c5a7910281a899695e61423079

  • SHA1

    1012a7627b6b82e3afb87380bbfda515764ce0a6

  • SHA256

    a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66

  • SHA512

    058db8896638e4470956896d4bbe6c469ed9ff39fe8d5c431c791356cb454d24525a141d47f6d67b0151e0883fa6c9c7f7ee46ea327a8beccfa663475534df55

  • SSDEEP

    98304:RhF9Z+6viVQ6Dy/uouJiC17g9qzNbAZwP0koBpT0YRG86J0qZj1PRcFiazf47uet:RfX+6oQHu1vCZc0hmYR361rJgz4zqI

Score
10/10

Malware Config

Extracted

Family

gigabud

C2

http://bweri6.cc/x/command?token=

http://8.219.85.91:8888/push-streaming?id=1234

Signatures

  • Gigabud family
  • Requests dangerous framework permissions 8 IoCs

Files

  • a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66.apk
    .apk android arch:arm

    com.cloud.loan

    com.yiwuzhibo.activity.SplashActivity


Android Permissions

a940c9c54ff69dacc6771f1ffb3c91ea05f7f08e6aaf46e9802e42f948dfdb66.apk

Permissions

android.permission.BIND_ACCESSIBILITY_SERVICE

android.permission.REQUEST_DELETE_PACKAGES

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_INSTALLED_APPS

android.permission.ACCESS_NETWORK_STATE

android.permission.FOREGROUND_SERVICE

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CAMERA

android.permission.RECORD_AUDIO

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.READ_SMS

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.SYSTEM_OVERLAY_WINDOW

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.READ_EXTERNAL_STORAGE

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.WRITE_SETTINGS

android.permission.ACCESS_NOTIFICATION_POLICY