golddigger | 258efc562b67f0fbecfd4dd8af98d134085073511765ccc7c9d818679b374ae0 | Triage

Sharing

General

Target

258efc562b67f0fbecfd4dd8af98d134085073511765ccc7c9d818679b374ae0.apk
Size

13.4MB
Sample

241106-cpw4psshmh
MD5

1702fc0ea816bbc6608d468c55ce7876
SHA1

4ded0409d30fb58b0577f26f7b01f2b80e385dbf
SHA256

258efc562b67f0fbecfd4dd8af98d134085073511765ccc7c9d818679b374ae0
SHA512

412d5e642b1c09e14310f2876b9766a1f8d988371465be21b3f889094eae8f0de89c577da6b2bfee9df6a27db8ee230285ddf7746810c2064f5065672dfc0795
SSDEEP

393216:ynmxqxXYFCkIV1tVFtcqZ4dF5m+r6efiNpqpMgo:ywTqHczdF5m+rlgpqpM/

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  258efc562b67f0fbecfd4dd8af98d134085073511765ccc7c9d818679b374ae0.apk
- Size
  
  13.4MB
- MD5
  
  1702fc0ea816bbc6608d468c55ce7876
- SHA1
  
  4ded0409d30fb58b0577f26f7b01f2b80e385dbf
- SHA256
  
  258efc562b67f0fbecfd4dd8af98d134085073511765ccc7c9d818679b374ae0
- SHA512
  
  412d5e642b1c09e14310f2876b9766a1f8d988371465be21b3f889094eae8f0de89c577da6b2bfee9df6a27db8ee230285ddf7746810c2064f5065672dfc0795
- SSDEEP
  
  393216:ynmxqxXYFCkIV1tVFtcqZ4dF5m+r6efiNpqpMgo:ywTqHczdF5m+rlgpqpM/
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence