godfather | 03da5121242293bba4aeaf18c33d78cb40d9bf9924bfa30122daa26d3fa1e1a9 | Triage

Sharing

General

Target

03da5121242293bba4aeaf18c33d78cb40d9bf9924bfa30122daa26d3fa1e1a9.bin
Size

4.6MB
Sample

240905-1xkmms1gjd
MD5

0a3f5d301279a4b301e98ecced8f1f09
SHA1

c7faca859f8e27b6a908bf24f240c8677fa007ef
SHA256

03da5121242293bba4aeaf18c33d78cb40d9bf9924bfa30122daa26d3fa1e1a9
SHA512

89788647fa4b0ede5a6e5dd993f80bbef4d67ed322862262a9717aab2c69a8ba6247ae850153c38c29e213203dbb3f5c1fe915840b9cb2e408d5b0830c6959ca
SSDEEP

98304:6K7MGSjZowJLLHGobRc8xnoiDILAOu/ncVf183XhE40eeRr:6K7MGSGwxLrLxnoiDi8ngCWfRr

Score

10^/10

godfather android evasion impact persistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/tumonokasiperake

Targets

- Target
  
  03da5121242293bba4aeaf18c33d78cb40d9bf9924bfa30122daa26d3fa1e1a9.bin
- Size
  
  4.6MB
- MD5
  
  0a3f5d301279a4b301e98ecced8f1f09
- SHA1
  
  c7faca859f8e27b6a908bf24f240c8677fa007ef
- SHA256
  
  03da5121242293bba4aeaf18c33d78cb40d9bf9924bfa30122daa26d3fa1e1a9
- SHA512
  
  89788647fa4b0ede5a6e5dd993f80bbef4d67ed322862262a9717aab2c69a8ba6247ae850153c38c29e213203dbb3f5c1fe915840b9cb2e408d5b0830c6959ca
- SSDEEP
  
  98304:6K7MGSjZowJLLHGobRc8xnoiDILAOu/ncVf183XhE40eeRr:6K7MGSGwxLrLxnoiDi8ngCWfRr
Score

4^/10

impact
behavioral1 behavioral2 behavioral3
- Target
  
  i.apk
- Size
  
  3.9MB
- MD5
  
  7e8e0db955d619a73de43aaa4b2778d5
- SHA1
  
  bf9e7b16a7454d8a3bd00b8e1a6b3c3ff0656ef3
- SHA256
  
  94b5798ccd1e5d329bfd944e3e599cf4d7580c017f2a9612148b28a45d844f92
- SHA512
  
  c275a5ff91dee6d0bf3d8cec787b13e690e48c302f57ff67c7f6382bc00270e4ee9c42c7fd8f0f07fba44aec5d4d93f63f99d301d9b135249d0084e91235143d
- SSDEEP
  
  98304:9Jw6ORAxTmZkopsxtCUH/kifmtY4otbjqr2zpAuCyDV:zwXMT2pshH/kifKyJjy2AKDV
Score

6^/10

evasion impact persistence
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

evasionimpactpersistence

behavioral5

evasionimpactpersistence

behavioral6

evasionimpactpersistence