gigabud | 167c273fb50dc0d0c177f4d624b6e0dc9182cdf551511bbf4b9e9b715e4ce7f9 | Triage

Sharing

General

Target

167c273fb50dc0d0c177f4d624b6e0dc9182cdf551511bbf4b9e9b715e4ce7f9.apk
Size

12.2MB
Sample

241024-bhme9azdkq
MD5

6af0dc98d98ad1143d71b5c4897abf14
SHA1

e03ff8a53d692e105b945dc773ae9f66a95f1af9
SHA256

167c273fb50dc0d0c177f4d624b6e0dc9182cdf551511bbf4b9e9b715e4ce7f9
SHA512

7a87584dfd1bd574cdbabe5a62e3a33afed1a027e6461aa1fedc3814eb86ee74101aa40c956ed420cced0ed5d3d1cd3fffea810baf1b983e3ec4e6280fc60c4e
SSDEEP

196608:xMPJZ59SuFxXGuUTyKsyt7xAlK8VeZui0+l9DS6NdndTpps8hCgaZXteD:WffbxXpytsi0a1ndrdggKq

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  167c273fb50dc0d0c177f4d624b6e0dc9182cdf551511bbf4b9e9b715e4ce7f9.apk
- Size
  
  12.2MB
- MD5
  
  6af0dc98d98ad1143d71b5c4897abf14
- SHA1
  
  e03ff8a53d692e105b945dc773ae9f66a95f1af9
- SHA256
  
  167c273fb50dc0d0c177f4d624b6e0dc9182cdf551511bbf4b9e9b715e4ce7f9
- SHA512
  
  7a87584dfd1bd574cdbabe5a62e3a33afed1a027e6461aa1fedc3814eb86ee74101aa40c956ed420cced0ed5d3d1cd3fffea810baf1b983e3ec4e6280fc60c4e
- SSDEEP
  
  196608:xMPJZ59SuFxXGuUTyKsyt7xAlK8VeZui0+l9DS6NdndTpps8hCgaZXteD:WffbxXpytsi0a1ndrdggKq
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence