Analysis Overview
score
10/10
SHA256
f077475f6f3a6d31791e6a9fc6555fc9fce8792a4722388d829047eb61b28941
Threat Level: Known bad
The file FM_b196010hsz.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud
Requests dangerous framework permissions
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-08-07 05:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to advertise and connect to nearby devices via Wi-Fi. | android.permission.NEARBY_WIFI_DEVICES | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read audio files from external storage. | android.permission.READ_MEDIA_AUDIO | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read video files from external storage. | android.permission.READ_MEDIA_VIDEO | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-07 05:06
Reported
2023-08-07 10:46
Platform
android-x86-arm-20230621-en
Max time kernel
3483019s
Max time network
9s
Command Line
com.fmwhatsapp
Signatures
Gigabud
Processes
com.fmwhatsapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| NL | 142.251.36.10:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
Files
/data/user/0/com.fmwhatsapp/files/.ss/l79d99133.so
| MD5 | bc537869af01e2887edd0b4b89c92c02 |
| SHA1 | 256e148d059c7d8bf36871cdbfbfe7d11524a371 |
| SHA256 | b283e34299d59dacec9d8feb829a91715c60a2a1e6521f52c5da0af1bf3085ff |
| SHA512 | 96f06637888787615f636b1d866748c48fff683f3eda6aae3fe908ec63c964767362b0472324c4d6cf10e685f1905a6cfc8004d9f51042f77f1cd66b10ee6bd6 |