golddigger | d19a134f8e4961ec53e53fc21b3606063d821579ef4427ddaac011c7624b0af4 | Triage

Sharing

General

Target

d19a134f8e4961ec53e53fc21b3606063d821579ef4427ddaac011c7624b0af4
Size

10.5MB
Sample

240812-l2k2mszfra
MD5

4d1d13cb7ce979cdb3a22838c8885794
SHA1

327c041ba063d32e7378483aa7ebdf73ea6787db
SHA256

d19a134f8e4961ec53e53fc21b3606063d821579ef4427ddaac011c7624b0af4
SHA512

f9ceff0bead2d199619f6b0351422d48e192ec359c7675860fa6fdac36f02c0b43020a1227fe451e24e653275d023af2b0f2c28b90af63e6cf120e54742e3123
SSDEEP

196608:N2T2K0ghECuU1aZNrAH2TPpshQ+L7kYsa3Ykvr0YDIgD3tzcjtqsg7xXsu2OwNE5:N2T2IE5tRP7+L7uEYk4UI4Ig7xXGOwy5

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  d19a134f8e4961ec53e53fc21b3606063d821579ef4427ddaac011c7624b0af4
- Size
  
  10.5MB
- MD5
  
  4d1d13cb7ce979cdb3a22838c8885794
- SHA1
  
  327c041ba063d32e7378483aa7ebdf73ea6787db
- SHA256
  
  d19a134f8e4961ec53e53fc21b3606063d821579ef4427ddaac011c7624b0af4
- SHA512
  
  f9ceff0bead2d199619f6b0351422d48e192ec359c7675860fa6fdac36f02c0b43020a1227fe451e24e653275d023af2b0f2c28b90af63e6cf120e54742e3123
- SSDEEP
  
  196608:N2T2K0ghECuU1aZNrAH2TPpshQ+L7kYsa3Ykvr0YDIgD3tzcjtqsg7xXsu2OwNE5:N2T2IE5tRP7+L7uEYk4UI4Ig7xXGOwy5
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence