Godfather Malware
Threat Intelligence

July 2025

Source: Cybervahak Threat Intelligence Team

The Godfather banking malware continues to evolve, leveraging virtualization-based techniques to subvert traditional defenses. This post outlines key threat indicators associated with the latest campaign, including sample hashes, C2 infrastructure, and behavioral mappings based on the MITRE ATT&CK framework.

ChatGPT Image Jul 2, 2025, 04_06_52 PM.png

1. Godfather Malware

File Hash:

3ee7ab9bd521a872a52a64ead57b400c6d61fd4cdc798af8aad6c120404b434d
a1d765ea75be95f9f13de8e9247970c350433c5d2b01f137e5a5f73212d1c9ac
f926e17c1f2e1f8cd5aac8718ae176408813ebc501b20e38581648cb0db70b70
7ed12d6a7006f5c7f985b4fbace82cf980036b0c7e1e19356105ef281aad6ba1
ef2c924445bcea7628cb5561a130b6303763c906810412de70e49e4b65c65fb8
c902876e3634926ac3dc154200d93a45bb369e1144ca66d15aaf9e01424980ea
3ee7ab9bd521a872a52a64ead57b400c6d61fd4cdc798af8aad6c120404b434d
7d05e16e8ea5cce565fce54f620cfdaeb573e74153636ac124560877787fd1db
d553731577c8b1d44f9f97324441d52f88b59cc47fb42f89f4b6daa80c6d6b9e
40267401e1799ab1ae4e206c44692dc39e156f97c5e59b381e57adead27f681f
6c2362ddf6ce2526a45952e54496f7e7179942e309eba730e72d588650784b09
909f781270f741dd9b34d5aa1a9016027358564ae1d09626569f723d7f5680e6
e35a335f03957037dcad322b673798f17ce57f64b9a13a92f600b1712c7bf0a3
2104d3d63f2734bb97e4210f39ce7a43dd9c8cf6b383e14939f1a591dfef3937
bc0fad7a997616de893ca63c75c20a95b9faa5e0ed4012ba433ab452ed0d9f59
a8256c490cd3eaf9a06c1b62a17ac39783ccce381872c2de477e4386dbb01be3
f11ee3a3d2382d741c209fbaec44f02288d0b69c4f9e8f4fd01368a0cc064aa2
fff80215f085da2cf87e7b5e18a8c6607b5c69ddcc8ba1826f89f913d1cec9aa
cf2dcdb6a8775cca6bb117cdd23cc82d20169c620350435dc0e62793ac2ecd5a
93e795e2547801032ac190de39fe7c875a6c6c58aa38eea62fd3022cdd5dda52
df418b66744caf676d632a9ddc2633bc9d9ac4394b40451941ffdd18354205a3
1090ebbd319ee27cca9254c6c9d3329855c4e2dc7695e12beac31a1a47bb9ae8
2026117fcf6e0da21c4818a578a156ae87158bb015b3fbf718b47b1e168314ff
ec9c772422419425c6fe33d38c46e14d38774b237f34cf0cae2f370295d4f041
9c625175ddc39814341b8406b9723823102f2835fbde35dbe21875dec00b79fd
61dc84d91e0828ae0d8f54ccd09bc69a502693db467035e07c8827e84afe011c
263fa956b44a28c1d6bb6b84d264b7800832b069e681946b2268c17d4e1c4296
29caf2912a0c42d3749a50852a60a221855a2dccf686b10360985b325749e906
31ee6da6f03864c5c4239d1532234f9c7268f2e8bb3bcfe648f452259dfbd973
3559d2f35195062615d389f6ef5c7a2961268db13230af893dbe60026555e4a8
8e4d4c3939869a769fcf8b6b1475aceb997f9d0e043a345978ca3f851659c734
f24f647ab00396e87892cfd489be364bb17d65ae20f6a56747af5a7c22fad1a8
f4322c4ec47208432e99796bcb222b790744edceb58b33a5fca5a2f1c57b44fe
f6fce3e94c5fbcb7ed15669dda6fa7fa8c1147cee789bf6d5c48a4db54aeb679
f19cc8af1312ca1ee2b35d64f12704b660040c1ef7aa6ca60de990edea07c79b
a6d0ae90a931c40024f136b5ffa624289ff73c203acf32cc876d82286388679c
75de4a110533292b14fd79f1f9621ab50362fb64b3378da381d23d07eebe04cb
1d114ced1bab6808d2ff78a48e8287e975f4d7774d8e6ccfdac43a36855faf55
fe31c4f2a073b87d7c9787a3db42eafe72235071b4ab9b0fe8ef46706e35a7bb

Malicious Domains:

fakafuko.top
santarigo.top
fagolamasa.top
bamerokisa.top
fanovara.top
vankopar.top

APKs Using Similar Virtualization Technique:

49002e994539fa11eab6b7a273cf90272dda43aa3dd9784fde4c23bf3645fdcb
8414d8a39a220a2d42994a9d6c1aea578c0a2ddddbe9fd2057d16ebc76255f09
7313b0c213b909e50137586b16f6e6bb048706e57fd5dc337496f02c7e84dbb2
e0a6c4d917e4f03727a7845ce561791032bbe2731b3600eb7cdcebe5f9bc590f
4232fb530f3effe73e9cdeb7b5a8c47cf1bf644e75bf0b55443022ab2c5a2877
6da79a6c6e931c6a2b9eedcd237f99860755bb72380d89b838cfdabbc4342e3e
e3f168327791541434a816a16572bd604f69dbd4d9e84739c06f41461bc15470
791c3ed2d1cd986da043bb1b655098d2b7a0b99450440d756bc898f84a88fe3b
b7db590da2c1064d2bc48ff07b4ddfaa44feeedb48ab952f471c36837a4b1068
d94cb4d049e37ec9860e061b6d6a2f13ae4528718387dcbfd91adbdfd6361f02
8c7ba8308ae0003021db60c361a7e6ab5d5070ad872d6ff6cf7ed0a1d3c5fe6f
41f11c2b33b5dadff5a26a3f63a09886a1382dad55cd2a59b1d9d4fb49ab3087
6ac3dab655ada875da08b262783db7756ead4286a639313d5a6841cd2066f54e
dffdacb91d4e0e4c66d7bfa8875c52507163b5f54a4969fa301b0411c9dd1895
df06016c7bad0792ef777bb56f162083230c4753eb9f0ecdeb0617c25d7149f5
c10f7543f46216ac9c4bb43f60e4451de23fc712beb7efff9bcd661a734bfcc3
e1be96df8e46cceefb00805a033fc8e8a5335a2fa9d2a60d77f44d4a61bd2f97
1400294505b74213fcb3e808fdbdd21d630372805ad1d809afa032ce1f5fec6f
96bcfb2ec66054a24bb6d285c03a89d143657404cc78d65f5baf24f0eceb1be8
b89761cef1c30680d23240ace7a05d646dc764a47743ccde41ddba6b7186bcfb
d308ba4346b6dda7a30af73a55eb9efc50c2159c5260dd113b20ef21ae7009b3
3d1d05f5c236b45bb25740585b52cfa306bafa4e3d13d84c9a1cf62db6f25a80
284948e11565fa7aa92034e25ce943aa956bbab345d2ec572e07c0728085600b
a9404e990fde31fcdf6b9eaa38930eb67f486878af2f73eefbad911282b4a3e6
3edf2d923a09d160adc9206af2c9f50706de8a0d6452102802862417a20631de
0f35ddcb5e3756c9f9889d7197e71c02218a2928867c4910afbe5abef979f638
795f45d39d0a2605df1cb34815bc0534d16f4afd076aebc64fb4bcefdbd2fd32
c0127462f9e993d0973dcd14a010ea74ea8a348ac8a5136a3813f54074dd677a
9ea819f1eb744361ca7d1d73c9b38982c1c5e2e2bdbd28c9104e4eacc6655fa8
b0cc72921c68d2672820febd01c0fe395c3311f42f00b6ca7507d4da1afc1d0f

MITRE ATT&CK Techniques Mapping

📩 Stay informed. Stay protected. To integrate these IOCs into your threat intel feeds or SIEM, or to collaborate on mobile threat detection, reach out to us at contact@cybervahak.com.

Cybervahak Consultants Pvt. Ltd. remains committed to protecting Indian organizations and citizens from evolving cyber threats. This bulletin is part of our continuous situational intelligence program.

Cyber Security As a Service

Compliance and Cybersecurity Governance Services

Digital Security and Risk Management Services

Cybersecurity Evaluation and Protection Services

Integrated Product

​Cybervahak Integrated Cybersecurity Solution

Individual Products

Compliance and Audit Management

Third-Party Risk and Vendor Management

Cybersecurity Insights & Analytics

Business Impact Analysis (BIA)

Asset Management

Policy & Document Governance

Integrated Risk Management

Configuration Review & Compliance

Godfather Malware Threat Intelligence

1. Godfather Malware​