golddigger | 3913acdbc1484d443a87853566800f6fe98e33bf5633f89349925210e2110f24 | Triage

Sharing

General

Target

3913acdbc1484d443a87853566800f6fe98e33bf5633f89349925210e2110f24.apk
Size

13.0MB
Sample

241023-bl5e8svhrp
MD5

abead79b1bc4ea76aae281078b71384f
SHA1

7df14e117872b5fbd2265f0c1ab3474c058e2f63
SHA256

3913acdbc1484d443a87853566800f6fe98e33bf5633f89349925210e2110f24
SHA512

007c242537b913095cdb2afbda520f9396935a318b1111249a93dd9916169cec63fbe217619b788eca060049c1607927eaf829456deb227e1e3d1db156636de3
SSDEEP

196608:dwBqgqaPpizsQuFxXmdUS7eRFQ8EQTeIVDqlTNHTrP2UJnc0N59jfvLUg0p5GcYm:dwQ4cUxXu789qlNruGLtYg05GcALagM

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  3913acdbc1484d443a87853566800f6fe98e33bf5633f89349925210e2110f24.apk
- Size
  
  13.0MB
- MD5
  
  abead79b1bc4ea76aae281078b71384f
- SHA1
  
  7df14e117872b5fbd2265f0c1ab3474c058e2f63
- SHA256
  
  3913acdbc1484d443a87853566800f6fe98e33bf5633f89349925210e2110f24
- SHA512
  
  007c242537b913095cdb2afbda520f9396935a318b1111249a93dd9916169cec63fbe217619b788eca060049c1607927eaf829456deb227e1e3d1db156636de3
- SSDEEP
  
  196608:dwBqgqaPpizsQuFxXmdUS7eRFQ8EQTeIVDqlTNHTrP2UJnc0N59jfvLUg0p5GcYm:dwQ4cUxXu789qlNruGLtYg05GcALagM
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence