gigabud | c07fac1761889432546b464bc97c892ce7219b90c88e2e7cccd89bbd49893cda | Triage

Submit
Reports

Overview

overview

Static

static

9e00e23077...3d.apk

android-9-x86

7

Sharing

General

Target

6270c107c32174763caf5ee3013abb96.bin
Size

13.4MB
Sample

241023-bqf87stfqf
MD5

14be9ac5aad597ad129e5ebde3ee3c7a
SHA1

f3f3ee4e6596d2637fb1acf606c7d5febce4deee
SHA256

c07fac1761889432546b464bc97c892ce7219b90c88e2e7cccd89bbd49893cda
SHA512

d914cdc49f3851779d88962915e8a575ce16e92265632f8469ae652c2a711c8cba503cde506893a8b13836eedcbc06521fc0360fa1ec87b8246b6cfe4c19d262
SSDEEP

196608:MkSE2Z3qGdVRP4FsSpY56AOhM+XI7O5UwwqW0cViFcMG+l7I5ym07ZYBVRKxPs4l:MQ4jdVRP4FsSm6dlwkmYGHA9YBVRKxEg

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Static task

static1

golddigger gigabud

7 signatures

Behavioral task

behavioral1

Sample

9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk

Resource

android-x86-arm-20240624-en

collection credential_access discovery evasion execution impact persistence

android-9-x86

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d.apk
- Size
  
  14.9MB
- MD5
  
  6270c107c32174763caf5ee3013abb96
- SHA1
  
  f6d3c9b2cf10ef3edb3c1d6b732fd558c89251f5
- SHA256
  
  9e00e23077fd90ab4fc5cd98375591161bf8508fc959265605c47b10efa2a73d
- SHA512
  
  20316f727da990c31fad7364d5a4966b80ab1ea0cf65abb358bd87995ac0b0048dfbb02f2074cb61738396bddc29166fe8f289bdb6f61b969e1b0f920ebe3e4f
- SSDEEP
  
  196608:8pN6uUP8op7rZXtEF022Mrkx/PznXfHc3OuRwXGgE5oFdqXcbpNFqkLPQFugFQ4J:8ne8qJ+RxYT8+4LoFPckLSugvpO6s3gB
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

© 2018-2025

Terms | Privacy