gigabud | caf75ee813e8e3d61842828ca82963d9063c6ea6784f28f74e071059716b2d4c | Triage

Sharing

General

Target

caf75ee813e8e3d61842828ca82963d9063c6ea6784f28f74e071059716b2d4c.apk
Size

14.6MB
Sample

241024-cpf3gszdph
MD5

be20d3214d771aaf24481d293a390afc
SHA1

68fd1800decfbf568c772e4dfe062d0e3d44fe09
SHA256

caf75ee813e8e3d61842828ca82963d9063c6ea6784f28f74e071059716b2d4c
SHA512

a168c468ff190ba65fb2e907d6f6fa1e5c2d1033e3d8587b7c1634fd72d5b298c64298d0b1b12c955dc805ce29c94ff25a18c653fcb08dc8cfa10cd0cb3026ea
SSDEEP

393216:p/kKCxXu8kwPR7j1kX38U+/Vtso1tsAyz+Otf9JgT:x7IbPRli38UsVxr6+ilJ+

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  caf75ee813e8e3d61842828ca82963d9063c6ea6784f28f74e071059716b2d4c.apk
- Size
  
  14.6MB
- MD5
  
  be20d3214d771aaf24481d293a390afc
- SHA1
  
  68fd1800decfbf568c772e4dfe062d0e3d44fe09
- SHA256
  
  caf75ee813e8e3d61842828ca82963d9063c6ea6784f28f74e071059716b2d4c
- SHA512
  
  a168c468ff190ba65fb2e907d6f6fa1e5c2d1033e3d8587b7c1634fd72d5b298c64298d0b1b12c955dc805ce29c94ff25a18c653fcb08dc8cfa10cd0cb3026ea
- SSDEEP
  
  393216:p/kKCxXu8kwPR7j1kX38U+/Vtso1tsAyz+Otf9JgT:x7IbPRli38UsVxr6+ilJ+
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence