godfather | 289dffc1e9e8a23c41eca28ee87350464eeea076c653d709cab8a8cd0c980c58 | Triage

Sharing

General

Target

289dffc1e9e8a23c41eca28ee87350464eeea076c653d709cab8a8cd0c980c58.bin
Size

3.6MB
Sample

240726-11mw6s1djb
MD5

bf715cdab30fca7c2d551a07219c54ba
SHA1

969cee8e3cb30c083243edf7606f415dd675e861
SHA256

289dffc1e9e8a23c41eca28ee87350464eeea076c653d709cab8a8cd0c980c58
SHA512

8e84effe8947311aa1dc47ea8f0371b6a7fa32bc9548035527e8b1328746ec8554af48309bdaeaa74d9b95a7766e52bc08ccad489062c49eeb85625835f10cad
SSDEEP

98304:vYJ3war8cXRHrCOvT/2iehAL0WHlRQjppymSNyk87lWI6:wOSRLCAT+JA4WHQOFQXxN6

Score

10^/10

godfather android collection credential_access evasion impact persistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/pdfemonaserokim

Targets

- Target
  
  289dffc1e9e8a23c41eca28ee87350464eeea076c653d709cab8a8cd0c980c58.bin
- Size
  
  3.6MB
- MD5
  
  bf715cdab30fca7c2d551a07219c54ba
- SHA1
  
  969cee8e3cb30c083243edf7606f415dd675e861
- SHA256
  
  289dffc1e9e8a23c41eca28ee87350464eeea076c653d709cab8a8cd0c980c58
- SHA512
  
  8e84effe8947311aa1dc47ea8f0371b6a7fa32bc9548035527e8b1328746ec8554af48309bdaeaa74d9b95a7766e52bc08ccad489062c49eeb85625835f10cad
- SSDEEP
  
  98304:vYJ3war8cXRHrCOvT/2iehAL0WHlRQjppymSNyk87lWI6:wOSRLCAT+JA4WHQOFQXxN6
Score

7^/10

collection credential_access evasion impact persistence
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessevasionimpactpersistence

behavioral2

evasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence