golddigger | 879a4bac36ca9191fb8a3e0a245827fcf92616b1468e22777bd34b6a5f025a3f | Triage

Sharing

General

Target

879a4bac36ca9191fb8a3e0a245827fcf92616b1468e22777bd34b6a5f025a3f.apk
Size

17.0MB
Sample

241106-dkh7qawmar
MD5

218163a8af4e1abb8ba01565994330e9
SHA1

498e2dd248d96761e9e00cc3e64145dc6f8b49e3
SHA256

879a4bac36ca9191fb8a3e0a245827fcf92616b1468e22777bd34b6a5f025a3f
SHA512

73a8299979d09be4649f1952fe5122c5fde0616a1c4fb11d5242b1274b1ae8c6cecc35d9dd8f5ade1cec107722d45a820907487fdcd9edfe217784dcc11919ae
SSDEEP

393216:SqqaHuvbntTDlZ/PUyNmRxXr84zrtr+5gM87kPs/ge:zmfZq1rtf1/x

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  879a4bac36ca9191fb8a3e0a245827fcf92616b1468e22777bd34b6a5f025a3f.apk
- Size
  
  17.0MB
- MD5
  
  218163a8af4e1abb8ba01565994330e9
- SHA1
  
  498e2dd248d96761e9e00cc3e64145dc6f8b49e3
- SHA256
  
  879a4bac36ca9191fb8a3e0a245827fcf92616b1468e22777bd34b6a5f025a3f
- SHA512
  
  73a8299979d09be4649f1952fe5122c5fde0616a1c4fb11d5242b1274b1ae8c6cecc35d9dd8f5ade1cec107722d45a820907487fdcd9edfe217784dcc11919ae
- SSDEEP
  
  393216:SqqaHuvbntTDlZ/PUyNmRxXr84zrtr+5gM87kPs/ge:zmfZq1rtf1/x
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence