Malware Analysis Report

2025-04-03 14:16

Sample ID 250312-clxaasvtcs
Target DichVuCong.apk
SHA256 7d1e9edb47854ad8638f5b7ed9e1c75ce3220a68386c96a8f4860593f3a84ef0
Tags
golddigger
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7d1e9edb47854ad8638f5b7ed9e1c75ce3220a68386c96a8f4860593f3a84ef0

Threat Level: Known bad

The file DichVuCong.apk was found to be: Known bad.

Malicious Activity Summary

golddigger

Golddigger family

GoldDigger payload

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-03-12 02:10

Signatures

GoldDigger payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Golddigger family

golddigger

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-12 02:10

Reported

2025-03-12 02:11

Platform

android-x86-arm-20240910-en

Max time kernel

1s

Max time network

38s

Command Line

irruso.bfljqlc.rfsvqzox

Signatures

N/A

Processes

irruso.bfljqlc.rfsvqzox

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 tcp
GB 172.217.16.238:443 tcp
AU 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/irruso.bfljqlc.rfsvqzox/files/.ss/l3451daca.so

MD5 102d22a70be1eb845c95989ea73541f2
SHA1 ea905a7db575dc1aaeeb017af4a7ca7381e5b9d1
SHA256 7908f2e6b51e6162974e6147c47a78bb71683cd66aeffcaf5400a380abca14c0
SHA512 fb2a6530e2e795f97b172e92c0a910ab85e6c06c3064d057afaea042f633e3aed0b8a63226e0ab6abc25b12ef98144bb1aae4f5aece067f40a3158b87208e90f