golddigger | 6db38d31b7d4161d6481d36d63beb4c4334af0ab052215b7e7b00cb1b4ca29d9 | Triage

Sharing

General

Target

6db38d31b7d4161d6481d36d63beb4c4334af0ab052215b7e7b00cb1b4ca29d9.apk
Size

12.4MB
Sample

241106-dbwfpasnhx
MD5

52ccf4cbfcc91f7b2a3bdb9802fc8bc1
SHA1

834825ff5f0e18c6f460f21e952e211089a06f7f
SHA256

6db38d31b7d4161d6481d36d63beb4c4334af0ab052215b7e7b00cb1b4ca29d9
SHA512

63d958da4f1ee8bbcb617f3d61b30a0c14832320c2f2ade2d48668880c818614d43ceea371b86788412e0f6c4398a93017dc08c5940d696ab1af54f8e9dbafa3
SSDEEP

196608:8AEP4dDuuFxXkM9U2WWGJ22TFlgfsi8EtYCa+Az99mrCVTkpdAq0KcF3KMOgbZST:yQ3xXkMDWruYIY7+Az9f8deZGg9QX7

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  6db38d31b7d4161d6481d36d63beb4c4334af0ab052215b7e7b00cb1b4ca29d9.apk
- Size
  
  12.4MB
- MD5
  
  52ccf4cbfcc91f7b2a3bdb9802fc8bc1
- SHA1
  
  834825ff5f0e18c6f460f21e952e211089a06f7f
- SHA256
  
  6db38d31b7d4161d6481d36d63beb4c4334af0ab052215b7e7b00cb1b4ca29d9
- SHA512
  
  63d958da4f1ee8bbcb617f3d61b30a0c14832320c2f2ade2d48668880c818614d43ceea371b86788412e0f6c4398a93017dc08c5940d696ab1af54f8e9dbafa3
- SSDEEP
  
  196608:8AEP4dDuuFxXkM9U2WWGJ22TFlgfsi8EtYCa+Az99mrCVTkpdAq0KcF3KMOgbZST:yQ3xXkMDWruYIY7+Az9f8deZGg9QX7
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence