Malware Analysis Report

2024-12-01 22:18

Sample ID 230807-frdxpadf63
Target FM_b196010hsz.apk
SHA256 f077475f6f3a6d31791e6a9fc6555fc9fce8792a4722388d829047eb61b28941
Tags
gigabud infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f077475f6f3a6d31791e6a9fc6555fc9fce8792a4722388d829047eb61b28941

Threat Level: Known bad

The file FM_b196010hsz.apk was found to be: Known bad.

Malicious Activity Summary

gigabud infostealer rat trojan

Gigabud

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-07 05:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to advertise and connect to nearby devices via Wi-Fi. android.permission.NEARBY_WIFI_DEVICES N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-07 05:06

Reported

2023-08-07 10:46

Platform

android-x86-arm-20230621-en

Max time kernel

3483019s

Max time network

9s

Command Line

com.fmwhatsapp

Signatures

Gigabud

rat trojan infostealer gigabud

Processes

com.fmwhatsapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
NL 142.251.36.10:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp

Files

/data/user/0/com.fmwhatsapp/files/.ss/l79d99133.so

MD5 bc537869af01e2887edd0b4b89c92c02
SHA1 256e148d059c7d8bf36871cdbfbfe7d11524a371
SHA256 b283e34299d59dacec9d8feb829a91715c60a2a1e6521f52c5da0af1bf3085ff
SHA512 96f06637888787615f636b1d866748c48fff683f3eda6aae3fe908ec63c964767362b0472324c4d6cf10e685f1905a6cfc8004d9f51042f77f1cd66b10ee6bd6