gigabud | 2c94a882439bab72e612f424125b2854314c30e3748585b3ee4501edea5d5f7b | Triage

Sharing

General

Target

2c94a882439bab72e612f424125b2854314c30e3748585b3ee4501edea5d5f7b.apk
Size

13.0MB
Sample

241023-bj81msvhjp
MD5

c99bcdb39aefa4cb6bc9b636a901e18d
SHA1

413d0eb3abc888dd1084c8d45c0215d8f043ef33
SHA256

2c94a882439bab72e612f424125b2854314c30e3748585b3ee4501edea5d5f7b
SHA512

7fb77d22214d06d278ec1d8f05cc08a754a906ff03bccd92d1103106fece6423d1d4b0fd49e075d2a0d53b3b54a05e5ee81b17d84ce3eb22efd3a5a2fbcd06ae
SSDEEP

196608:lpN6uZTK7VmWuFxX+uUubL1Nb7E6MjjjFYkhL7Ila4i+SPEEgWsteZZo9:lnWV+xXvX1d+Xai+SsEgaG9

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  2c94a882439bab72e612f424125b2854314c30e3748585b3ee4501edea5d5f7b.apk
- Size
  
  13.0MB
- MD5
  
  c99bcdb39aefa4cb6bc9b636a901e18d
- SHA1
  
  413d0eb3abc888dd1084c8d45c0215d8f043ef33
- SHA256
  
  2c94a882439bab72e612f424125b2854314c30e3748585b3ee4501edea5d5f7b
- SHA512
  
  7fb77d22214d06d278ec1d8f05cc08a754a906ff03bccd92d1103106fece6423d1d4b0fd49e075d2a0d53b3b54a05e5ee81b17d84ce3eb22efd3a5a2fbcd06ae
- SSDEEP
  
  196608:lpN6uZTK7VmWuFxX+uUubL1Nb7E6MjjjFYkhL7Ila4i+SPEEgWsteZZo9:lnWV+xXvX1d+Xai+SsEgaG9
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence