General

  • Target

    ffbb3a7324509743687663ac25da0fbb6a5e97b8534435c13e214abc6b5173cb.bin

  • Size

    4.6MB

  • Sample

    241201-1zq77syphr

  • MD5

    4097e239c5b6868f3d305778f50fc390

  • SHA1

    1100f8db4daed6dcf8a5f481f836db776259bb90

  • SHA256

    ffbb3a7324509743687663ac25da0fbb6a5e97b8534435c13e214abc6b5173cb

  • SHA512

    f872aec265e1aef89ce2ec93f86f471871b81f0dad34e27e67eaa47e9a27657fb1e83a8ea9cb7071d1a22f71b7dbde5fa5dc8ecc85751b676f1b4e5b8f37bbab

  • SSDEEP

    98304:rlpy6heWAq453GFuaggPCtNuXIlAaroMmuOT3vm5hKgTU+gzVEFuRU8uInJD/:rl06n96T6IlAar3muOTfs0gIvEF6U8uk

Malware Config

Extracted

Family

godfather

C2

https://t.me/napikozaremossod

Targets

    • Target

      ffbb3a7324509743687663ac25da0fbb6a5e97b8534435c13e214abc6b5173cb.bin

    • Size

      4.6MB

    • MD5

      4097e239c5b6868f3d305778f50fc390

    • SHA1

      1100f8db4daed6dcf8a5f481f836db776259bb90

    • SHA256

      ffbb3a7324509743687663ac25da0fbb6a5e97b8534435c13e214abc6b5173cb

    • SHA512

      f872aec265e1aef89ce2ec93f86f471871b81f0dad34e27e67eaa47e9a27657fb1e83a8ea9cb7071d1a22f71b7dbde5fa5dc8ecc85751b676f1b4e5b8f37bbab

    • SSDEEP

      98304:rlpy6heWAq453GFuaggPCtNuXIlAaroMmuOT3vm5hKgTU+gzVEFuRU8uInJD/:rl06n96T6IlAar3muOTfs0gIvEF6U8uk

    Score
    4/10
    • Target

      i.apk

    • Size

      3.9MB

    • MD5

      a8867673095f5e4be8e5a76ddbdec4c3

    • SHA1

      a443f19c03e49927884899da8fd69745e7672d0d

    • SHA256

      fb034abe26c258845c226a4d2c65d0266e0d74b6f6ef37c25a86a3acbbfdc353

    • SHA512

      2807b0c2d1ff9674399ceb0315b87da1e40b30d9b1ab4123fa2d41e03c4f1b8a675f9f99675d7dfcbbf35750a2c1eff4fc86f0d22810b4b066ef74b44000fc11

    • SSDEEP

      98304:fYX3sLQmf2g5hP75IPe2P4OH3BmNhqM9U2s1xorcIuOb8LYZ:fYsVhtIPeO4OHR20MworcIUYZ

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

MITRE ATT&CK Mobile v15

Tasks