godfather | 6232b30398726350b704f677b2f5d5affa55dc04e0964f3e3dcdb3b41ea62c08 | Triage

Resubmissions

09-11-2024 01:33

241109-byrd5svald 10

08-11-2024 23:23

241108-3dg4hsscnn 10

Sharing

General

Target

6232b30398726350b704f677b2f5d5affa55dc04e0964f3e3dcdb3b41ea62c08.bin
Size

4.8MB
Sample

241109-byrd5svald
MD5

4f2da7f59fb05d5fd6f0cc60ceea644c
SHA1

425a1002be3fd68c5178dc84200c101b1af1b34b
SHA256

6232b30398726350b704f677b2f5d5affa55dc04e0964f3e3dcdb3b41ea62c08
SHA512

b3a1a92d8de5d716ec7821a8165a41e8c6cb932c770e4b7da434946a12237fa069f0a24ce269def2024de644948f0baaf3a5fbbf543d13e488c4623f1fd80d4f
SSDEEP

98304:ZlqBwojwhlJUORjOe2CspgFi6SW35zluCj55TBHUGNgMhZfkGGpO6LF:uglA1p96SWnukTB0GNgMshLF

Score

10^/10

godfather android banker collection credential_access evasion impact infostealer trojan

Malware Config

Extracted

Family

godfather

C2

https://t.me/fakapaparamokas

Targets

- Target
  
  6232b30398726350b704f677b2f5d5affa55dc04e0964f3e3dcdb3b41ea62c08.bin
- Size
  
  4.8MB
- MD5
  
  4f2da7f59fb05d5fd6f0cc60ceea644c
- SHA1
  
  425a1002be3fd68c5178dc84200c101b1af1b34b
- SHA256
  
  6232b30398726350b704f677b2f5d5affa55dc04e0964f3e3dcdb3b41ea62c08
- SHA512
  
  b3a1a92d8de5d716ec7821a8165a41e8c6cb932c770e4b7da434946a12237fa069f0a24ce269def2024de644948f0baaf3a5fbbf543d13e488c4623f1fd80d4f
- SSDEEP
  
  98304:ZlqBwojwhlJUORjOe2CspgFi6SW35zluCj55TBHUGNgMhZfkGGpO6LF:uglA1p96SWnukTB0GNgMshLF
Score

10^/10

godfather banker collection credential_access evasion impact infostealer trojan
- GodFather
  GodFather is an Android banking trojan targeting Turkish users first seen in March 2022.
  banker trojan infostealer godfather
- Godfather family
  godfather
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Input Injection

Tasks

static1

behavioral1

godfatherbankercollectioncredential_accessevasionimpactinfostealertrojan

behavioral2

godfatherbankerevasionimpactinfostealertrojan

behavioral3

godfatherbankerevasionimpactinfostealertrojan