godfather | d7c5e8c441821d3e07cfcea3bce04772f792d02b55095cee29ed49e1eb1450a1 | Triage

Sharing

General

Target

d7c5e8c441821d3e07cfcea3bce04772f792d02b55095cee29ed49e1eb1450a1.bin
Size

3.9MB
Sample

240617-ayejxawbqb
MD5

d0117b530c6c8b5f88f72f2b74b39e68
SHA1

3608c4f0aeb06d6953e04e7c03c1a999f766313c
SHA256

d7c5e8c441821d3e07cfcea3bce04772f792d02b55095cee29ed49e1eb1450a1
SHA512

3be294f5feb98f5dd323ad3359e8338902fb7af0414c5da0d5655adc16e55ca1d5e3bcec244265df8eeeb7d98309e7888e23408ada9220ae35f79f4f7eeb0c5a
SSDEEP

98304:Vy2qCtPkJFy11penf504Iz+U7SsV4YgBJ2w/jZY2r7EJCO:YfCtaycf5zIz34YgBJjdY0EJCO

Score

10^/10

godfather android collection credential_access evasion impact persistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/paperokomozase

Targets

- Target
  
  d7c5e8c441821d3e07cfcea3bce04772f792d02b55095cee29ed49e1eb1450a1.bin
- Size
  
  3.9MB
- MD5
  
  d0117b530c6c8b5f88f72f2b74b39e68
- SHA1
  
  3608c4f0aeb06d6953e04e7c03c1a999f766313c
- SHA256
  
  d7c5e8c441821d3e07cfcea3bce04772f792d02b55095cee29ed49e1eb1450a1
- SHA512
  
  3be294f5feb98f5dd323ad3359e8338902fb7af0414c5da0d5655adc16e55ca1d5e3bcec244265df8eeeb7d98309e7888e23408ada9220ae35f79f4f7eeb0c5a
- SSDEEP
  
  98304:Vy2qCtPkJFy11penf504Iz+U7SsV4YgBJ2w/jZY2r7EJCO:YfCtaycf5zIz34YgBJjdY0EJCO
Score

7^/10

evasion impact persistence collection credential_access
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

evasionimpactpersistence

behavioral2

evasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence