Overview

overview

10

Static

static

6

a0c2671f65...52.apk

android-9-x86

10

a0c2671f65...52.apk

android-10-x64

10

a0c2671f65...52.apk

android-11-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    08-11-2024 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52.apk

  • Size

    5.0MB

  • MD5

    a13a2d591eedd4e738f533f9f485c81a

  • SHA1

    ff3e24ec7cdd0d1ea3aba47a20ccea8523a8b4b7

  • SHA256

    a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52

  • SHA512

    18591413d384818ca1ed3345c0d0841c59a2bfbea7f487d571ff36aaa0d4757224c4cb3e96fd2f319fc2cd74f72f5bd44b4f62a30b5c1409b136a0982445d5b6

  • SSDEEP

    98304:3MqapZMg3WXUNlEN19i0w9+xGpusLnoivODzTPn5Dxvr1i7TVm:3MqaFkUNl5GxGBRqzJKVm

Score
10/10
godfatherbankerevasionimpactinfostealertrojan

Malware Config

Extracted

Family

godfather

C2

https://t.me/akakemoraserak

Signatures

  • GodFather

    GodFather is an Android banking trojan targeting Turkish users first seen in March 2022.

    bankertrojaninfostealergodfather
  • Godfather family
    godfather
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.drastic.daughter
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5250

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drastic.daughter/app_kangaroo/oat/tmff.json.cur.prof
    Filesize

    4KB

    MD5

    73011c1c9cca85a910d53fb166f29bcd

    SHA1

    865821f2c93395654fe319193862d840fdeb14f0

    SHA256

    95c3555e08d474fd54e4dbe0ebf8fd755ac74f13933081351bdca6383ef14c48

    SHA512

    168b6bda251c3b72c2d8d4ee1f178b9426b28cd3280a597273321c3d1ccd2aa84000c42ee874f1f9e5203c620f0e1e2eb4fb247ab1a33040dd62f354b3897e2c

    Download Submit

  • /data/data/com.drastic.daughter/app_kangaroo/tmff.json
    Filesize

    2.1MB

    MD5

    5b9604a622942597b43e5fc6b091c12e

    SHA1

    da48f5891a14f3a11e841d578e80ae3012d285a2

    SHA256

    51197406e62eb736b0ae4aefb1c0e2453638c05c50f029adaabadce8a7016d7b

    SHA512

    ac18500c422aa65522df4ab242bd19425f8a388d404e26c989fd1805b3faeaf1c32f84ce3b4c765d4bd23c634e123fe7823adea4b25c2443bb134e084d0b4461

    Download Submit

  • /data/data/com.drastic.daughter/app_kangaroo/tmff.json
    Filesize

    2.1MB

    MD5

    47530598dd632922cbc5ae2d4101b7b1

    SHA1

    529f2f30ee80a8f5fdb95df92ac63386daee1783

    SHA256

    f7c73307746ebe1ff6b75ff8abddd91889b8dbac5f54b2ecd358a02bea6e8989

    SHA512

    e763f9ced6292c21a8c15bc91ddd04f3e17042489dfd209e1e7d5aec58b247269dec4b7a3043bebc4d7972ce43d3a235cc0e204e5e7557c0949395ca252b9196

    Download Submit

  • /data/user/0/com.drastic.daughter/app_kangaroo/tmff.json
    Filesize

    5.6MB

    MD5

    42a0c8a992b583e778596f2a2a1a1b3a

    SHA1

    b954e0790e34410ad2a0a6ca25640e8fe9786cff

    SHA256

    bb20fefc4e7e45b4826af1dce23d7e7e996c1908a0f1be487004997a7e0c54c9

    SHA512

    b8cfc9fdf6b87ab5b639fdf14282344932552ece5cc68594dad4e76440a2071b0701aac37898ee1c1e78cb817532ebfe5e7763bb021700488634b31c92698c6e

    Download Submit