golddigger | 2b17df948efd87c9cb4d14c4450adfd6c1151dfbed067e1ccb87552a34e0f300 | Triage

Submit
Reports

Overview

overview

Static

static

77c2f98646...f5.apk

android-9-x86

7

Sharing

General

Target

77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.zip
Size

15.8MB
Sample

241113-ybsp1s1pdl
MD5

47b47388e053af231005c3c8aab305af
SHA1

4a7c3a1398b2d4e876b23da98ed75cb383c05b2f
SHA256

2b17df948efd87c9cb4d14c4450adfd6c1151dfbed067e1ccb87552a34e0f300
SHA512

ebc16db4aca928f3ce9657f2990363d42fe087599c8b5f2eb565b0e6fece96c2f96e31753eed44b2d85ae2f45c805249f9aa6cb3b77d32369bf62bdf915768d3
SSDEEP

393216:NazxtqXui2naBXeC/GhyzK5HScqpFjabIZGDu0lYjqjs6:EzCunuOCOhyuScqpFjWIP1ujs6

Score

10^/10

golddigger android collection credential_access discovery evasion execution impact persistence

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk

Resource

android-x86-arm-20240624-en

collection credential_access discovery evasion execution impact persistence

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5.apk
- Size
  
  17.4MB
- MD5
  
  07ecd53cfb3b852f2dcf4bd737cbf42b
- SHA1
  
  e8a2fa8a6fd610b52315bc8e76d94513b2c7f0f0
- SHA256
  
  77c2f98646578536a128002614f771db9803f547ea9f2cf06f41fec132105cf5
- SHA512
  
  a4e14a56034efeba66fdd335ad467b8bfccd2e676eab5e34fc20ae6f12f4b25987829f2c62e7e2447e5a6a08e40aae732bf4cfce8a84341b6350f957c1a7fa29
- SSDEEP
  
  393216:l4Eihrl3ihrlgtMgdKxXZCfXNxcLE0CAZVc0WJaF2N5:4hrEhr6tMqsCvNKLNCeTW045
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

© 2018-2025

Terms | Privacy