godfather | 4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044 | Triage

Submit
Reports

Overview

overview

Static

static

4067b5b04e...44.apk

android-9-x86

8

4067b5b04e...44.apk

android-10-x64

4067b5b04e...44.apk

android-11-x64

8

Sharing

General

Target

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044
Size

3.1MB
Sample

230823-n2lpaabh94
MD5

4eea28c432eb356d9ea32c3540192d9a
SHA1

89fe8937fbb16b46974773a781d3c1decf64b6f1
SHA256

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044
SHA512

31555b9ec8fefe9f0cd7cef84655cdc9d2b59c793c6331918f8a644a259210af8d469d2df3b5b9bb5830c7dbfae50fc3ba6f40da7a24a02f50872d02d108632c
SSDEEP

98304:l1Oh0qnoPMnH2o9dju6zfJNvbQ4dpTrgmSlzfrDzCxFW:rOh3oP0PpdSmVxFW

Score

10^/10

godfather android banker evasion infostealer ransomware stealth trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044.apk

Resource

android-x86-arm-20230621-en

evasion ransomware stealth trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044.apk

Resource

android-x64-20230621-en

godfather banker infostealer ransomware stealth trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044.apk

Resource

android-x64-arm64-20230621-en

evasion ransomware stealth trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

godfather

C2

https://t.me/rapmanterkorezimor

Targets

- Target
  
  4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044
- Size
  
  3.1MB
- MD5
  
  4eea28c432eb356d9ea32c3540192d9a
- SHA1
  
  89fe8937fbb16b46974773a781d3c1decf64b6f1
- SHA256
  
  4067b5b04e75d56b634fc0a62641f993c0e29c0a24e31a1170dc69bb312fc044
- SHA512
  
  31555b9ec8fefe9f0cd7cef84655cdc9d2b59c793c6331918f8a644a259210af8d469d2df3b5b9bb5830c7dbfae50fc3ba6f40da7a24a02f50872d02d108632c
- SSDEEP
  
  98304:l1Oh0qnoPMnH2o9dju6zfJNvbQ4dpTrgmSlzfrDzCxFW:rOh3oP0PpdSmVxFW
Score

10^/10

evasion ransomware stealth trojan godfather banker infostealer
- GodFather
  GodFather is an Android banking trojan targeting Turkish users first seen in March 2022.
  banker trojan infostealer godfather
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

evasionransomwarestealthtrojan

behavioral2

godfatherbankerinfostealerransomwarestealthtrojan

behavioral3

evasionransomwarestealthtrojan

© 2018-2024

Terms | Privacy