gigabud | 56fbad2c9567b7efbc53b2684e5c3f18d914404227255efe9cb5c938df92d3d1 | Triage

Submit
Reports

Overview

overview

Static

static

ทาง�...09.apk

android-9-x86

7

Sharing

General

Target

20240909.7z
Size

10.5MB
Sample

240909-pya9ta1arh
MD5

03939cf87b756de110a7865a2c313d03
SHA1

f76fb1b584eaf2e44726dcd056bbe7a266218970
SHA256

56fbad2c9567b7efbc53b2684e5c3f18d914404227255efe9cb5c938df92d3d1
SHA512

f6d353ab517a70ec99b499eeea48cb3e622fe8b44831053413c7155bbfa07829861a6379b5c61e5c163d51c0ca98b71d8a25b5e537fa7a8afa192ceaa557435f
SSDEEP

196608:X518qVE2ywNzXjQbbXa+I41pCu643qBiSmdRpm+VAmE+5n61uIObAS72n+:X5CqVrywNrkb+uDHqrKRc+VxEgnyuRPZ

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Static task

static1

golddigger gigabud

7 signatures

Behavioral task

behavioral1

Sample

ทางรัฐ_2024-09-09.apk

Resource

android-x86-arm-20240624-en

collection credential_access discovery evasion execution impact persistence

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ทางรัฐ_2024-09-09.apk
- Size
  
  12.2MB
- MD5
  
  55c730ee53c5219d5560f0458f597b0c
- SHA1
  
  0502f8da6cdb72e4219d1419283822770e2f5dcb
- SHA256
  
  b7f463544f358f027da0fdb27632d8f6a693bb6dc1eebd452267573a675d3e2d
- SHA512
  
  3ee2fa06955d55b2689a25c5925efd87749db328c9330d90dcd99d51cbc6b5e7f46ea1969c065572a3aa0d44a08e830a71dbfeb5f355428f1ba2c645ab6b8ab1
- SSDEEP
  
  196608:RjnYPwZmu4xX7EJIHWC3+oGxLVnu/6EL5ko1iF+EiCOGBvE2XHU7gGt6BZXKE:RmrxX7EuHWsTmRny6ELT1/1UvdWgnXn
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

© 2018-2025

Terms | Privacy