Analysis

  • max time kernel
    1153608s
  • max time network
    146s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230824-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230824-enlocale:en-usos:android-11-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    YoWhatsApp-08212028-626.apk

  • Size

    83.9MB

  • MD5

    8e50dc6cc25edab2ac108532f602077f

  • SHA1

    339e2a9135d55d4eae80425625020ac5dc8b4398

  • SHA256

    4bd40978ef887eb143a1df76013d41165fc51feb53abdb5271f827ae2241fdb5

  • SHA512

    c03f4f13ad2d4594575ca42ac448568308759c3b5518a7bf0fe42ad2a1a964a52226fbc949e7ca3efc1af175f794077618592652570ec7b17680d3b41351c21a

  • SSDEEP

    1572864:N/JyrSqNXjEL6FsQMmhOI6d3ax1kuaNVsZ8GRTQxR5w50wXtp6LS5HkY:FqNzsihnoakugVURUxzjwXtpX/

Malware Config

Signatures

  • Gigabud

    Gigabud is an Android RAT first seen in July 2022.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.gbbwhatsapp
    1⤵
    • Loads dropped Dex/Jar
    PID:4507
    • chmod 755 /data/user/0/com.gbbwhatsapp/files/.ss/l3ce7c8df.so
      2⤵
        PID:4540

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.gbbwhatsapp/files/.ss/l3ce7c8df.so

      Filesize

      1.6MB

      MD5

      ef543b742269b5d7f1f065f840450ace

      SHA1

      974d006057256da4ac28a4186619ab2d0905533d

      SHA256

      5d95fcb5ce0f716deb8963cbb13a47c3df8171fc7353c401b5cef3bd2057bff2

      SHA512

      3afc2ed3132512bd7e138d6b95a4ec928ea093e52adcdea349d7766939a6576bd3c5938201d228ee5dca101ca9a7c2f37572d4b450f0cd805e303241f06311d2

    • /system_ext/framework/androidx.window.sidecar.jar

      Filesize

      12KB

      MD5

      bdf3529e80318eb14e53a5bf3720c10d

      SHA1

      25c9ace4b1af6e80ebb2572345972c56505969ba

      SHA256

      bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

      SHA512

      48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

    • /system_ext/framework/androidx.window.sidecar.jar

      Filesize

      12KB

      MD5

      bdf3529e80318eb14e53a5bf3720c10d

      SHA1

      25c9ace4b1af6e80ebb2572345972c56505969ba

      SHA256

      bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

      SHA512

      48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b