godfather | a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52 | Triage

Sharing

General

Target

a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52.bin
Size

5.0MB
Sample

241108-2q8lka1glf
MD5

a13a2d591eedd4e738f533f9f485c81a
SHA1

ff3e24ec7cdd0d1ea3aba47a20ccea8523a8b4b7
SHA256

a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52
SHA512

18591413d384818ca1ed3345c0d0841c59a2bfbea7f487d571ff36aaa0d4757224c4cb3e96fd2f319fc2cd74f72f5bd44b4f62a30b5c1409b136a0982445d5b6
SSDEEP

98304:3MqapZMg3WXUNlEN19i0w9+xGpusLnoivODzTPn5Dxvr1i7TVm:3MqaFkUNl5GxGBRqzJKVm

Score

10^/10

godfather android banker collection credential_access evasion impact infostealer trojan

Malware Config

Extracted

Family

godfather

C2

https://t.me/akakemoraserak

Targets

- Target
  
  a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52.bin
- Size
  
  5.0MB
- MD5
  
  a13a2d591eedd4e738f533f9f485c81a
- SHA1
  
  ff3e24ec7cdd0d1ea3aba47a20ccea8523a8b4b7
- SHA256
  
  a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52
- SHA512
  
  18591413d384818ca1ed3345c0d0841c59a2bfbea7f487d571ff36aaa0d4757224c4cb3e96fd2f319fc2cd74f72f5bd44b4f62a30b5c1409b136a0982445d5b6
- SSDEEP
  
  98304:3MqapZMg3WXUNlEN19i0w9+xGpusLnoivODzTPn5Dxvr1i7TVm:3MqaFkUNl5GxGBRqzJKVm
Score

10^/10

godfather banker collection credential_access evasion impact infostealer trojan
- GodFather
  GodFather is an Android banking trojan targeting Turkish users first seen in March 2022.
  banker trojan infostealer godfather
- Godfather family
  godfather
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

godfatherbankercollectioncredential_accessevasionimpactinfostealertrojan

behavioral2

godfatherbankerevasionimpactinfostealertrojan

behavioral3

godfatherbankerevasionimpactinfostealertrojan