Overview

overview

10

Static

static

10

96120d1868...c4.apk

android-9-x86

4

96120d1868...c4.apk

android-10-x64

4

96120d1868...c4.apk

android-11-x64

4

i.apk

android-9-x86

8

i.apk

android-10-x64

1

i.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96120d1868c5471d7f9728411f244f0cdbc0e279cdee6f6705f772661c1305c4.bin

  • Size

    4.6MB

  • Sample

    240519-1zhaasce21

  • MD5

    8690d615d64773dca6f6300372b8a24d

  • SHA1

    0f6ddb687581fa33f484808b18608ec93e47cd9c

  • SHA256

    96120d1868c5471d7f9728411f244f0cdbc0e279cdee6f6705f772661c1305c4

  • SHA512

    a0b541f0175d7c2352008e096ccbee09e8f86d44a910098aea28b7935067ebf255562cc4e2303aadc844e36d7ed6a687b719fb4e0ab1dc5ab1f0f3af28dc6e50

  • SSDEEP

    98304:+98LUAzwcqAW2yvV5etZNEzoPM2Ro6xrOcBCWlPS2ulNQu:+98L55W2yvV5etZqK5oer34WlPS2u/Qu

Score
10/10
godfatherandroidevasionimpactpersistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/napikozaremossod

Targets

    • Target

      96120d1868c5471d7f9728411f244f0cdbc0e279cdee6f6705f772661c1305c4.bin

    • Size

      4.6MB

    • MD5

      8690d615d64773dca6f6300372b8a24d

    • SHA1

      0f6ddb687581fa33f484808b18608ec93e47cd9c

    • SHA256

      96120d1868c5471d7f9728411f244f0cdbc0e279cdee6f6705f772661c1305c4

    • SHA512

      a0b541f0175d7c2352008e096ccbee09e8f86d44a910098aea28b7935067ebf255562cc4e2303aadc844e36d7ed6a687b719fb4e0ab1dc5ab1f0f3af28dc6e50

    • SSDEEP

      98304:+98LUAzwcqAW2yvV5etZNEzoPM2Ro6xrOcBCWlPS2ulNQu:+98L55W2yvV5etZqK5oer34WlPS2u/Qu

    Score
    4/10
    impact
    behavioral1behavioral2behavioral3

    • Target

      i.apk

    • Size

      3.9MB

    • MD5

      6615419f50a50c83a7f016b8b69389d9

    • SHA1

      ee8419a83608a8575114e609248704080fc239f2

    • SHA256

      3e6517f2b8f9e030801267672026b5f110caa4572f6d69e25cef59b99ac6241f

    • SHA512

      bab86d3b241f817c53f9b60bcf58e3cf20b08ebd76d670210630c3039fe428acabac85ecb8483eabc3c59ac2d35575a5a5a098d3857501588d3b936c70828084

    • SSDEEP

      98304:4Ncd3tL02yAC0vR7rdJgJvQz6h80tWAdy7vG9woQN0BRp:4Ny3IAC0vRUJ4wrWCyrG9wYRp

    Score
    8/10
    evasionimpactpersistence

    • Prevents application removal

      Application may abuse the framework's APIs to prevent removal.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Acquires the wake lock

    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks