godfather | 1054f4cdbff785232ab7cf6b5a1cee3e1593800eb92223cdc622b754ad91671a | Triage

Sharing

General

Target

1054f4cdbff785232ab7cf6b5a1cee3e1593800eb92223cdc622b754ad91671a.bin
Size

4.6MB
Sample

240523-1x9a1aae8y
MD5

738667f8f130bfcfd62cab65e0830d2d
SHA1

332d0067149183416f0e03e6bc506631737b744d
SHA256

1054f4cdbff785232ab7cf6b5a1cee3e1593800eb92223cdc622b754ad91671a
SHA512

596d441ed22d1c17ab03a9cb137c3207174038c2224c8a431db9288d14f152afd8d6ff4a6c1722e42e0bb5f53e3259c9487bb2d2aa289dd745cf6a621320e111
SSDEEP

98304:MvAPS984XFXEST+GJklFTUu/c8t5quBC6T/7hPgyXo/BP7Fm7UWnlmo6b4:MvA69pFUST+GJkPfcOVTlP9oNFm7VmoL

Score

10^/10

godfather android evasion impact persistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/napikozaremossod

Targets

- Target
  
  1054f4cdbff785232ab7cf6b5a1cee3e1593800eb92223cdc622b754ad91671a.bin
- Size
  
  4.6MB
- MD5
  
  738667f8f130bfcfd62cab65e0830d2d
- SHA1
  
  332d0067149183416f0e03e6bc506631737b744d
- SHA256
  
  1054f4cdbff785232ab7cf6b5a1cee3e1593800eb92223cdc622b754ad91671a
- SHA512
  
  596d441ed22d1c17ab03a9cb137c3207174038c2224c8a431db9288d14f152afd8d6ff4a6c1722e42e0bb5f53e3259c9487bb2d2aa289dd745cf6a621320e111
- SSDEEP
  
  98304:MvAPS984XFXEST+GJklFTUu/c8t5quBC6T/7hPgyXo/BP7Fm7UWnlmo6b4:MvA69pFUST+GJkPfcOVTlP9oNFm7VmoL
Score

4^/10

impact
behavioral1 behavioral2 behavioral3
- Target
  
  i.apk
- Size
  
  3.9MB
- MD5
  
  98341d0629597b84ef1391856fb6ba8c
- SHA1
  
  62ced21668e6f5ea68b945608f98627f209cad39
- SHA256
  
  c0d42ce79a54343aabac5e737d42c621ecf06ffd94ac117d4bf9eecc4acc5aa0
- SHA512
  
  67c345de64dd06521d36d76787ea131ca60c9fd283ce5aad68f4bd4a73799f92b00635adfecf7b32c92cb13defc99ed2e84befb27635e51b9e72e19f85ad375b
- SSDEEP
  
  98304:pFMDOCLXKVHgTgoERjo4VGAFx/5jBXk/55meRVshFO+ibx:EaGKKLgvFLjZkhRVsWbx
Score

8^/10

evasion impact persistence
- Prevents application removal
  Application may abuse the framework's APIs to prevent removal.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Acquires the wake lock
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Impair Defenses

Prevent Application Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

evasionimpactpersistence

behavioral5

evasionimpactpersistence

behavioral6

evasionimpactpersistence