gigabud | ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999 | Triage

Sharing

General

Target

ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999.apk
Size

13.0MB
Sample

241022-cey6basdmr
MD5

4d0f9c686f81f95666a6f22d88d5da46
SHA1

31df016c69c989479f624001da67e0c7fcb0e750
SHA256

ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999
SHA512

076d6dc6a6e6111dba5728ae39f6d01350c0b40c9789c212d098691b508b9c91ed9a0d2b0b6d98bad13ad703ce4e6b79630ea6501339f9ca4ac8a8046267cee5
SSDEEP

196608:CpN6utSK7VmWuFxX+uUZIrzIRliSS4jo5nNIceyLdapE5oQryApUoXaI6oCHYV41:CnFV+xXJrtSS4+N7xaSoixantRgaf

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999.apk
- Size
  
  13.0MB
- MD5
  
  4d0f9c686f81f95666a6f22d88d5da46
- SHA1
  
  31df016c69c989479f624001da67e0c7fcb0e750
- SHA256
  
  ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999
- SHA512
  
  076d6dc6a6e6111dba5728ae39f6d01350c0b40c9789c212d098691b508b9c91ed9a0d2b0b6d98bad13ad703ce4e6b79630ea6501339f9ca4ac8a8046267cee5
- SSDEEP
  
  196608:CpN6utSK7VmWuFxX+uUZIrzIRliSS4jo5nNIceyLdapE5oQryApUoXaI6oCHYV41:CnFV+xXJrtSS4+N7xaSoixantRgaf
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence