Analysis
-
max time kernel
131s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
08-11-2024 22:48
Static task
static1
Behavioral task
behavioral1
Sample
a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52.apk
Resource
android-x64-20240910-en
General
-
Target
a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52.apk
-
Size
5.0MB
-
MD5
a13a2d591eedd4e738f533f9f485c81a
-
SHA1
ff3e24ec7cdd0d1ea3aba47a20ccea8523a8b4b7
-
SHA256
a0c2671f650c0c513398ae285bd0aa8226f620eb7750b54513f7bc3fb9cc2b52
-
SHA512
18591413d384818ca1ed3345c0d0841c59a2bfbea7f487d571ff36aaa0d4757224c4cb3e96fd2f319fc2cd74f72f5bd44b4f62a30b5c1409b136a0982445d5b6
-
SSDEEP
98304:3MqapZMg3WXUNlEN19i0w9+xGpusLnoivODzTPn5Dxvr1i7TVm:3MqaFkUNl5GxGBRqzJKVm
Malware Config
Extracted
godfather
https://t.me/akakemoraserak
Signatures
-
GodFather
GodFather is an Android banking trojan targeting Turkish users first seen in March 2022.
-
Godfather family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.drastic.daughterioc pid process /data/user/0/com.drastic.daughter/app_kangaroo/tmff.json 4778 com.drastic.daughter -
Acquires the wake lock 1 IoCs
Processes:
com.drastic.daughterdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.drastic.daughter -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
Processes:
com.drastic.daughterioc process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.drastic.daughter -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.drastic.daughterdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.drastic.daughter
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5c3893e824f7edf73130ca0b4f2c7c882
SHA1a22897eaa83bd586c7de7ee56b088432673f3ade
SHA25662deb07c66214a8be842df2e6355e9496814cb6b7959d6381dbc1ddc965cfadd
SHA512c6c7f3e12fe42ff9e49b0c3f320476ad75445b35e5cd47a00b3c4eb737ea981b8fd05d8b50c1ea1405f39ff7e99951ce011a063e2891a33f52fceb06c3637b4d
-
Filesize
2.1MB
MD55b9604a622942597b43e5fc6b091c12e
SHA1da48f5891a14f3a11e841d578e80ae3012d285a2
SHA25651197406e62eb736b0ae4aefb1c0e2453638c05c50f029adaabadce8a7016d7b
SHA512ac18500c422aa65522df4ab242bd19425f8a388d404e26c989fd1805b3faeaf1c32f84ce3b4c765d4bd23c634e123fe7823adea4b25c2443bb134e084d0b4461
-
Filesize
2.1MB
MD547530598dd632922cbc5ae2d4101b7b1
SHA1529f2f30ee80a8f5fdb95df92ac63386daee1783
SHA256f7c73307746ebe1ff6b75ff8abddd91889b8dbac5f54b2ecd358a02bea6e8989
SHA512e763f9ced6292c21a8c15bc91ddd04f3e17042489dfd209e1e7d5aec58b247269dec4b7a3043bebc4d7972ce43d3a235cc0e204e5e7557c0949395ca252b9196
-
Filesize
5.6MB
MD542a0c8a992b583e778596f2a2a1a1b3a
SHA1b954e0790e34410ad2a0a6ca25640e8fe9786cff
SHA256bb20fefc4e7e45b4826af1dce23d7e7e996c1908a0f1be487004997a7e0c54c9
SHA512b8cfc9fdf6b87ab5b639fdf14282344932552ece5cc68594dad4e76440a2071b0701aac37898ee1c1e78cb817532ebfe5e7763bb021700488634b31c92698c6e