godfather | 6bef075c85d2632402040db9af671ff339fcd57be5cb068624162b721f304def | Triage

Sharing

General

Target

6bef075c85d2632402040db9af671ff339fcd57be5cb068624162b721f304def.bin
Size

3.9MB
Sample

241012-1wm2daxgmm
MD5

87cf8984bcfd7334497097b1d301f309
SHA1

98f2baf2d2734b794b818b3d2cc4a6b88ef62a0c
SHA256

6bef075c85d2632402040db9af671ff339fcd57be5cb068624162b721f304def
SHA512

13c98ae4c3ad2c263aeeb089628411b2b1183f753f7f0cb02c9fb934d74ea16239775bdfe9bcab3b5ad3a8c77fdc95e7c51e426937aa0ba59153f2fda197ce56
SSDEEP

98304:75MwrNbdBPMFPBE60g4BBLoaVm1jTwMmgrXg6t:7e2zUZC6h4jVmZ0g86t

Score

10^/10

godfather android collection credential_access evasion impact persistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/yazmozaramekos

Targets

- Target
  
  6bef075c85d2632402040db9af671ff339fcd57be5cb068624162b721f304def.bin
- Size
  
  3.9MB
- MD5
  
  87cf8984bcfd7334497097b1d301f309
- SHA1
  
  98f2baf2d2734b794b818b3d2cc4a6b88ef62a0c
- SHA256
  
  6bef075c85d2632402040db9af671ff339fcd57be5cb068624162b721f304def
- SHA512
  
  13c98ae4c3ad2c263aeeb089628411b2b1183f753f7f0cb02c9fb934d74ea16239775bdfe9bcab3b5ad3a8c77fdc95e7c51e426937aa0ba59153f2fda197ce56
- SSDEEP
  
  98304:75MwrNbdBPMFPBE60g4BBLoaVm1jTwMmgrXg6t:7e2zUZC6h4jVmZ0g86t
Score

7^/10

evasion impact persistence collection credential_access
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

evasionimpactpersistence

behavioral2

evasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence