golddigger | 775b30ab75e2de3490312538d80499929a408fb6c594abc6ddf5cf4bd456af31 | Triage

Sharing

General

Target

775b30ab75e2de3490312538d80499929a408fb6c594abc6ddf5cf4bd456af31.apk
Size

18.0MB
Sample

241106-del2estgrp
MD5

c67abd02b6ee7f0fb0c67a0c248ea280
SHA1

53764955ed5d3b72984b7fe8bb2d74453d1f3f58
SHA256

775b30ab75e2de3490312538d80499929a408fb6c594abc6ddf5cf4bd456af31
SHA512

7ef0e81369353ea4970f0ef243c8a69f789531b1be22f86575b92372d392f0a4c3240ba9ce896128aef851f5c138c6accbdcb0a189a61cbc0e7ce8fb90e86068
SSDEEP

393216:UXmQqqaHuvbptTDlHvPxXlESrJpjU8Tpj8BNbjORLOgN++E:UamZHXr3jr+nKLOgpE

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  775b30ab75e2de3490312538d80499929a408fb6c594abc6ddf5cf4bd456af31.apk
- Size
  
  18.0MB
- MD5
  
  c67abd02b6ee7f0fb0c67a0c248ea280
- SHA1
  
  53764955ed5d3b72984b7fe8bb2d74453d1f3f58
- SHA256
  
  775b30ab75e2de3490312538d80499929a408fb6c594abc6ddf5cf4bd456af31
- SHA512
  
  7ef0e81369353ea4970f0ef243c8a69f789531b1be22f86575b92372d392f0a4c3240ba9ce896128aef851f5c138c6accbdcb0a189a61cbc0e7ce8fb90e86068
- SSDEEP
  
  393216:UXmQqqaHuvbptTDlHvPxXlESrJpjU8Tpj8BNbjORLOgN++E:UamZHXr3jr+nKLOgpE
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence