golddigger | c3284ec2e2cde50fc39093a5066f1fbf5a137c6087fcfad1abdbf2bd677cf505 | Triage

Sharing

General

Target

923ce041e1fd4967ef69251d6412fba7.zip
Size

10.2MB
Sample

241029-t9ylpsxbkj
MD5

923ce041e1fd4967ef69251d6412fba7
SHA1

ea1d067a6b69d7cee2cf4f86251d546b7c0a848b
SHA256

c3284ec2e2cde50fc39093a5066f1fbf5a137c6087fcfad1abdbf2bd677cf505
SHA512

db9c4ae6078bc34bddb0b4337a3d248ed796bccd5b057bcf4e49df117cb598c0c4f1013de518d177c307edfe06097b823732fb6ce21007c8f90d3d6b4170d9e6
SSDEEP

196608:KTbyEE+6MWPxSEn5FA93xFKgIABp9KKGRbgKvlPKCkGV5+bzSLWzolGtPH:qZErMyxSELwsgIk4Hvlwg5+b3oMtPH

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  latamAirLines.apk
- Size
  
  11.5MB
- MD5
  
  9afe6e6e327470ce68ba5fc75671b8e0
- SHA1
  
  939f1334f1ecb5c6467fe680af53f5db5d44731f
- SHA256
  
  913d666dfbb782f735eec14efa1f1768e2a2ec3b06264cf680fb7a8a082d6d48
- SHA512
  
  6fe178a7c9dc5230e50e1edc4a3435aea1317201d246f460a870ef3e2097bfbecf3aa78ed293a3298a6da526c63748f4be47cbea9d0414b997d85d142d88beed
- SSDEEP
  
  196608:OSsqoCAkKAJmkUuaygfaEO6Z3ET4egYtCZIYIUUxXYuyrtF74i2GZjrPVW:O9/bAJmazz3gpsxXoP7XjE
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence