Analysis Overview
SHA256
2792a30e0b600d0f9320c24c98f5c8f43bc19df1843e6bc15410836cd98cc00c
Threat Level: Known bad
The file TCQLDD.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-09-02 07:35
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:38
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
3s
Max time network
103s
Command Line
Signatures
Processes
/tmp/l597c37ee_x64.so
[/tmp/l597c37ee_x64.so]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:38
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Max time network
111s
Command Line
Signatures
Processes
/tmp/l597c37ee_x86.so
[/tmp/l597c37ee_x86.so]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:38
Platform
debian9-armhf-20230831-en
Max time kernel
2s
Max time network
127s
Command Line
Signatures
Processes
/tmp/l597c37ee_a32.so
[/tmp/l597c37ee_a32.so]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:35
Platform
debian9-armhf-en-20211208
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l597c37ee_a64.so
[/tmp/l597c37ee_a64.so]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:35
Platform
debian9-mipsbe-20230831-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/l597c37ee_a64.so
[/tmp/l597c37ee_a64.so]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:35
Platform
debian9-mipsel-20230831-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/l597c37ee_a64.so
[/tmp/l597c37ee_a64.so]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:38
Platform
android-x86-arm-20230831-en
Max time kernel
1423042s
Max time network
82s
Command Line
Signatures
Gigabud
Processes
cmbhql.nlrjyowx.wmx
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.250.179.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
Files
/data/data/cmbhql.nlrjyowx.wmx/files/.ss/l597c37ee.so
| MD5 | f897fbecac65e56f0bdb42fb1810a7ba |
| SHA1 | 44066af9921dc64d983321aed5e2307ede1ed6ea |
| SHA256 | e7b05b84d749695309924cee2afa19eb2ff4689d49e0537b69719e297b15c930 |
| SHA512 | b0a56524ca38e098b3800c933eb1182f00de4edef23cfd80f991e31057d8056c3eb52d608b03f8576867c7a534bf6c2909e51fb053f536f8af517ff19fbdff7e |
Analysis: behavioral3
Detonation Overview
Submitted
2023-09-02 07:35
Reported
2023-09-02 07:35
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l597c37ee_a64.so
[/tmp/l597c37ee_a64.so]