gigabud | 2b77b3d26d3197aff31a8bb3bd536347310d7a166e952f97d83039281b64b05e | Triage

Sharing

General

Target

2b77b3d26d3197aff31a8bb3bd536347310d7a166e952f97d83039281b64b05e.apk
Size

13.3MB
Sample

241023-bjzrzatdke
MD5

649d3570b0469d915d7bdadc7c280b13
SHA1

36c06934e3939284908a7f6137005d8869500b7f
SHA256

2b77b3d26d3197aff31a8bb3bd536347310d7a166e952f97d83039281b64b05e
SHA512

d5a24417ded6c5d674ae1b0cfe7a20f6f62b18fb7d3b70e5fcd4209092d02b65c90512e938a81147ae2dcc0407b0a8382ccf9204d5379d9b3d8aba6fafe355dc
SSDEEP

196608:LkpN6ujPb248uKxXAuUhJeFxBpMuo21SzUtKNxQpfFRDxvSOiimMjMmZBET3vSz4:onjCRxXlsd2KNxWPLirSMmqTatQDg14

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  2b77b3d26d3197aff31a8bb3bd536347310d7a166e952f97d83039281b64b05e.apk
- Size
  
  13.3MB
- MD5
  
  649d3570b0469d915d7bdadc7c280b13
- SHA1
  
  36c06934e3939284908a7f6137005d8869500b7f
- SHA256
  
  2b77b3d26d3197aff31a8bb3bd536347310d7a166e952f97d83039281b64b05e
- SHA512
  
  d5a24417ded6c5d674ae1b0cfe7a20f6f62b18fb7d3b70e5fcd4209092d02b65c90512e938a81147ae2dcc0407b0a8382ccf9204d5379d9b3d8aba6fafe355dc
- SSDEEP
  
  196608:LkpN6ujPb248uKxXAuUhJeFxBpMuo21SzUtKNxQpfFRDxvSOiimMjMmZBET3vSz4:onjCRxXlsd2KNxWPLirSMmqTatQDg14
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence