gigabud | 1ff6cb1101b94809c6138bf221235469c9690fe45bd844f5c918e61b71db13ef | Triage

Submit
Reports

Overview

overview

Static

static

latamAirLines2.apk

android-9-x86

7

Sharing

General

Target

latamAirLines2.apk
Size

14.0MB
Sample

241209-h1392szrdt
MD5

cd5939950d495ac26b4252e0214d0574
SHA1

1fcfaff96a0099d338ad11f5f1d0dd45825ff684
SHA256

1ff6cb1101b94809c6138bf221235469c9690fe45bd844f5c918e61b71db13ef
SHA512

d939312999aefd5c71d3b7226c7c5eaafb94c237c28bdd2c660ed2d015b4956361d70cfc340fb792741ee5e2a3922096c3334b3c446d9c7c3628b84247d8a3a1
SSDEEP

393216:9C9cpMJqxX+4j9TUXJ3hL9cw7h9c8oDVgKww:9COMgpTU2kh9pAVHww

Score

10^/10

gigabud golddigger android collection credential_access discovery evasion execution impact persistence

Static task

static1

golddigger gigabud

7 signatures

Behavioral task

behavioral1

Sample

latamAirLines2.apk

Resource

android-x86-arm-20240624-es

collection credential_access discovery evasion execution impact persistence

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  latamAirLines2.apk
- Size
  
  14.0MB
- MD5
  
  cd5939950d495ac26b4252e0214d0574
- SHA1
  
  1fcfaff96a0099d338ad11f5f1d0dd45825ff684
- SHA256
  
  1ff6cb1101b94809c6138bf221235469c9690fe45bd844f5c918e61b71db13ef
- SHA512
  
  d939312999aefd5c71d3b7226c7c5eaafb94c237c28bdd2c660ed2d015b4956361d70cfc340fb792741ee5e2a3922096c3334b3c446d9c7c3628b84247d8a3a1
- SSDEEP
  
  393216:9C9cpMJqxX+4j9TUXJ3hL9cw7h9c8oDVgKww:9COMgpTU2kh9pAVHww
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Stored Application Data

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

golddiggergigabud

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

© 2018-2025

Terms | Privacy