godfather | d813b0e354f510af79982f302a9ef6786b033a7cd50ffabcd12b59a5da893a58 | Triage

Sharing

General

Target

d813b0e354f510af79982f302a9ef6786b033a7cd50ffabcd12b59a5da893a58.bin
Size

4.6MB
Sample

250106-1ybfcs1rdr
MD5

f7a39f11e8ba1326a0a5fc5ccbc882d0
SHA1

48b509113b102f9af64f5972736109f04c6157cf
SHA256

d813b0e354f510af79982f302a9ef6786b033a7cd50ffabcd12b59a5da893a58
SHA512

dfbdd335d60875f9840aca53515a8686c876900e6be0a8922a3aacafb692c10ef9bc4ad3ef4a5d852fef32fcfcb1cbd4ee4736f831066ef73e05ae793342a945
SSDEEP

98304:PZgIeh5pe1N1gRHlsDuxAgDF5yR1nsRIGwk+9UR75iDyqVm9Ysn:PCIK5EH1VSxLBAPKuo7UD4YE

Score

10^/10

godfather android evasion impact persistence

Malware Config

Extracted

Family

godfather

C2

https://t.me/raposekosaramuz

Targets

- Target
  
  d813b0e354f510af79982f302a9ef6786b033a7cd50ffabcd12b59a5da893a58.bin
- Size
  
  4.6MB
- MD5
  
  f7a39f11e8ba1326a0a5fc5ccbc882d0
- SHA1
  
  48b509113b102f9af64f5972736109f04c6157cf
- SHA256
  
  d813b0e354f510af79982f302a9ef6786b033a7cd50ffabcd12b59a5da893a58
- SHA512
  
  dfbdd335d60875f9840aca53515a8686c876900e6be0a8922a3aacafb692c10ef9bc4ad3ef4a5d852fef32fcfcb1cbd4ee4736f831066ef73e05ae793342a945
- SSDEEP
  
  98304:PZgIeh5pe1N1gRHlsDuxAgDF5yR1nsRIGwk+9UR75iDyqVm9Ysn:PCIK5EH1VSxLBAPKuo7UD4YE
Score

4^/10

impact
behavioral1 behavioral2 behavioral3
- Target
  
  app.apk
- Size
  
  3.9MB
- MD5
  
  ba55d21d1a168acfa2c461a10ee4f553
- SHA1
  
  a480b811d555a5dbdf18e47ee0cb5995cee1fda8
- SHA256
  
  a4090386638069b3b35fa5c94deda9348f6da26c33381e31c5ed3bc95fadc104
- SHA512
  
  ed7d6d5cfe2bef60e7a913348305559c584a24b32d869e6f4a7c4534bd69d1d0b3a38652f91f50b3bc8f1e39167e96f3cb38a6d566a96e6e3af974c59c483f99
- SSDEEP
  
  98304:HrMDRTHvWY8ZHS7tSx1RIRYaWLIJP9nMUkaNK3/gJNYM:DjdCAJMx9nMIUYJNF
Score

6^/10

evasion impact persistence
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Impair Defenses

Prevent Application Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

evasionimpactpersistence

behavioral5

evasionimpactpersistence

behavioral6

evasionimpactpersistence