Analysis Overview
score
10/10
SHA256
e71d005aaf3a71519a192bed82fda07a6f3f0e7d06c209f877ce7cfd07cbc31c
Threat Level: Known bad
The file TG8024_xjh.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-07-27 15:01
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Required to be able to connect to paired Bluetooth devices. | android.permission.BLUETOOTH_CONNECT | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-27 15:01
Reported
2023-07-27 15:02
Platform
android-x86-arm-20230621-en
Max time kernel
2547980s
Max time network
10s
Command Line
org.telegram.messenger
Signatures
Gigabud
Processes
org.telegram.messenger
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
Files
/data/user/0/org.telegram.messenger/files/.ss/l77952c79.so
| MD5 | 70bf8ff5e3f15b4e57a8a453f69b4347 |
| SHA1 | ff808df0f697ad51ba8ce88aabb7bec653967b3f |
| SHA256 | b76d3e228da1f4e829f1cff3ff67a5c1172e05a50e5e003f2b3a6f19683e7b7c |
| SHA512 | be15508ed524de82c6d0574d76500623bbdcf81385578503441fa7c013c7311b65432ad573fd7618ec069a2f0e9ce248f738df4a2744575202796e80fdb6d418 |