golddigger | 9d305cc759365cb7f93abc20b61b5bc0aad03211a25e31494f07c7b00c593867 | Triage

Sharing

General

Target

9d305cc759365cb7f93abc20b61b5bc0aad03211a25e31494f07c7b00c593867.apk
Size

13.4MB
Sample

241105-elvsksvdmn
MD5

235d9867a0a1c24c723e996ea8d96fb5
SHA1

b8b2d0910b5a7b0794b2dc156f3c95814d1ebe77
SHA256

9d305cc759365cb7f93abc20b61b5bc0aad03211a25e31494f07c7b00c593867
SHA512

c9872c7a5b8949ce949de869306c10a7359d8147cf6f17ff0266c947821edcff6939254cc981d6d44ff0c2a45d2101fee11546af60f11da7e5a693f2687d77d0
SSDEEP

196608:GCpN6uQHyaacuFxXMU1DQzjy3uC+B3yk5n3pdk7/Vs6GEkYx6MycWykN+VBY4Gpc:DnmxqxXBwjyAiG4TkYw6bkN+fIMgc

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  9d305cc759365cb7f93abc20b61b5bc0aad03211a25e31494f07c7b00c593867.apk
- Size
  
  13.4MB
- MD5
  
  235d9867a0a1c24c723e996ea8d96fb5
- SHA1
  
  b8b2d0910b5a7b0794b2dc156f3c95814d1ebe77
- SHA256
  
  9d305cc759365cb7f93abc20b61b5bc0aad03211a25e31494f07c7b00c593867
- SHA512
  
  c9872c7a5b8949ce949de869306c10a7359d8147cf6f17ff0266c947821edcff6939254cc981d6d44ff0c2a45d2101fee11546af60f11da7e5a693f2687d77d0
- SSDEEP
  
  196608:GCpN6uQHyaacuFxXMU1DQzjy3uC+B3yk5n3pdk7/Vs6GEkYx6MycWykN+VBY4Gpc:DnmxqxXBwjyAiG4TkYw6bkN+fIMgc
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence