Overview

overview

10

Static

static

10

696711c522...11.apk

android-9-x86

4

696711c522...11.apk

android-10-x64

4

696711c522...11.apk

android-11-x64

4

up.apk

android-9-x86

6

up.apk

android-10-x64

6

up.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    696711c522b8369bce95f66318b549515b6b22da938ea14a0698272136003111.bin

  • Size

    4.4MB

  • Sample

    240723-1xljya1dmn

  • MD5

    41c8d3e4581b5ca9bbcdcd0a9c55e4fa

  • SHA1

    e99e829a9b66faa07ed9799b32f42a11471bc074

  • SHA256

    696711c522b8369bce95f66318b549515b6b22da938ea14a0698272136003111

  • SHA512

    b536022c2d03c2afbf24f1326e77ade28ca6852dad76d491a89b1584e2f7853f72c7c77d3517ed7c50442083834d788e1f715b7e999020604bdb5d3c0a309663

  • SSDEEP

    98304:4roah158yUAPd8fUF4xQpgU0L833CDZWdA91Ai5cNV4kF/6Z1oVkLVvG:4n5jPCMgi3cZW69ei5cNqkd6ZckLVO

Score
10/10
godfatherandroidcollectioncredential_accessevasionimpactpersistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/insgaramerbosake

Targets

    • Target

      696711c522b8369bce95f66318b549515b6b22da938ea14a0698272136003111.bin

    • Size

      4.4MB

    • MD5

      41c8d3e4581b5ca9bbcdcd0a9c55e4fa

    • SHA1

      e99e829a9b66faa07ed9799b32f42a11471bc074

    • SHA256

      696711c522b8369bce95f66318b549515b6b22da938ea14a0698272136003111

    • SHA512

      b536022c2d03c2afbf24f1326e77ade28ca6852dad76d491a89b1584e2f7853f72c7c77d3517ed7c50442083834d788e1f715b7e999020604bdb5d3c0a309663

    • SSDEEP

      98304:4roah158yUAPd8fUF4xQpgU0L833CDZWdA91Ai5cNV4kF/6Z1oVkLVvG:4n5jPCMgi3cZW69ei5cNqkd6ZckLVO

    Score
    4/10
    impact
    behavioral1behavioral2behavioral3

    • Target

      up.apk

    • Size

      3.7MB

    • MD5

      79b10992cca9bd20b1512c87f4625ef3

    • SHA1

      fddaae066aba87524c79dfd46f377eebc4fcc069

    • SHA256

      28c9db4769809b56f1814cc298500d873cd1e461cbfd88c6296ed432bb1d1401

    • SHA512

      1f263bb1e8730aa885752ebe77e2c35a05385e5c57521671e91c55367422f7c14fead11d44a64ad77d11256eb0240ce1e4ae701ea7eb52f6714cc70b4359b824

    • SSDEEP

      98304:gaSZ+eFMJx14UTicxpzrKJLsDcppygzi6eNtOgRjMZcZXYfyUBlo:gaSkZUUTTr+LsQp4g26eNcgtMZYEvo

    Score
    7/10
    evasionimpactpersistencecollectioncredential_access

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks