golddigger | 963fac088db79aa85dd74791c78da007b5402a8b9df1e75cf919f9ae14ef3fda | Triage

Sharing

General

Target

963fac088db79aa85dd74791c78da007b5402a8b9df1e75cf919f9ae14ef3fda.apk
Size

13.3MB
Sample

241023-bz1n7svclh
MD5

22589c88ea4433d63de48cee420f0022
SHA1

5261b6094f1a662f80eb6e844bbd9a85a9e56f2d
SHA256

963fac088db79aa85dd74791c78da007b5402a8b9df1e75cf919f9ae14ef3fda
SHA512

5e0b4066942ecfcb16fe7021d332a460f43bee6636128132ccd3b0069cb75f9fdcc21f133c3543771a72e93bed7010562c960d72d21d5ffc9c448f96d0475586
SSDEEP

196608:D7pN6ujPb248uFxXEuUtxwgUuKYC9yfI8iL/MffAno1WEL9loVH8MLcM3JV4teZs:XnjCKxXaxwosAWL/MfYno1GHmMdOgo

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  963fac088db79aa85dd74791c78da007b5402a8b9df1e75cf919f9ae14ef3fda.apk
- Size
  
  13.3MB
- MD5
  
  22589c88ea4433d63de48cee420f0022
- SHA1
  
  5261b6094f1a662f80eb6e844bbd9a85a9e56f2d
- SHA256
  
  963fac088db79aa85dd74791c78da007b5402a8b9df1e75cf919f9ae14ef3fda
- SHA512
  
  5e0b4066942ecfcb16fe7021d332a460f43bee6636128132ccd3b0069cb75f9fdcc21f133c3543771a72e93bed7010562c960d72d21d5ffc9c448f96d0475586
- SSDEEP
  
  196608:D7pN6ujPb248uFxXEuUtxwgUuKYC9yfI8iL/MffAno1WEL9loVH8MLcM3JV4teZs:XnjCKxXaxwosAWL/MfYno1GHmMdOgo
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence