General
-
Target
e76318d5848be1d7876e6cb0afc7afdd10a984e15fc365c006bb87d07b86c825.bin
-
Size
4.7MB
-
Sample
240509-1xre7acb62
-
MD5
27bb9dab192bc85db9c5e91718fc72b9
-
SHA1
9fdef59b1ba67d8493d7e9619bd44b7fa8856490
-
SHA256
e76318d5848be1d7876e6cb0afc7afdd10a984e15fc365c006bb87d07b86c825
-
SHA512
dd72639178c917945a097ceebc91698c1854c296be4b1434051d9a2101f1504fd281d9805b1c1b7adbbec913f2876d56e02e2cb3efbbdfeee80e59f1fcd0bb6e
-
SSDEEP
98304:tthZaF/p3HN10BSvjfcgtzgMV/iYgLv3prM/iv07vpHnyC+Q1oUyb3QBQ:zfaP3HISrUpPxC/h44oUogy
Malware Config
Extracted
godfather
https://t.me/intpravitokasero
Targets
-
-
Target
e76318d5848be1d7876e6cb0afc7afdd10a984e15fc365c006bb87d07b86c825.bin
-
Size
4.7MB
-
MD5
27bb9dab192bc85db9c5e91718fc72b9
-
SHA1
9fdef59b1ba67d8493d7e9619bd44b7fa8856490
-
SHA256
e76318d5848be1d7876e6cb0afc7afdd10a984e15fc365c006bb87d07b86c825
-
SHA512
dd72639178c917945a097ceebc91698c1854c296be4b1434051d9a2101f1504fd281d9805b1c1b7adbbec913f2876d56e02e2cb3efbbdfeee80e59f1fcd0bb6e
-
SSDEEP
98304:tthZaF/p3HN10BSvjfcgtzgMV/iYgLv3prM/iv07vpHnyC+Q1oUyb3QBQ:zfaP3HISrUpPxC/h44oUogy
Score6/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
i.apk
-
Size
3.7MB
-
MD5
05781192a3945575577091bdae8821b8
-
SHA1
1326ed12253a5a8cf4a0da8b764be81edae7829c
-
SHA256
b6d214c58522d8c2ad5ddc3c496cdbb864794b81b5dc1da10d88929353acd617
-
SHA512
c0fa2a6829615e12dbb19476ed7b39c4852370ae4386dd3513b0d5ad05515de5ad8b42614dadcc774bd7c83af2422737051ae9a521f4c502b2ad72b10d8e665d
-
SSDEEP
98304:EAmuECVyE78uJDvnrrT6qCYtEXvX7kI9UtsuiD:HWu1r3nCBrk5CuiD
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Acquires the wake lock
-