sova | efb92fb17348eb10ba3a93ab004422c30bcf8ae72f302872e9ef3263c47133a7

General

Target

efb92fb17348eb10ba3a93ab004422c30bcf8ae72f302872e9ef3263c47133a7.apk
Size

2.9MB
MD5

03f51334546586d0b56ee81d3df9fd7a
SHA1

b45ff7ff0126a88d6782d6871c472577cb7b103c
SHA256

efb92fb17348eb10ba3a93ab004422c30bcf8ae72f302872e9ef3263c47133a7
SHA512

0024bdc9185322613bf2e081702dbeceb3efd0ba9168860ec7572890d5135cb77182923f917dccc4fbffb09a38ebc92c4f2ff527f53cbfdf29e595d77e3608d9

Score

10^/10

sova banker infostealer obfuscation trojan

Malware Config

Signatures

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.sigki.ckmelxlbecx

ioc pid process

/data/user/0/com.sigki.ckmelxlbecx/code_cache/secondary-dexes/base.apk.classes1.zip 3595 com.sigki.ckmelxlbecx
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.sigki.ckmelxlbecx

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.sigki.ckmelxlbecx
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

8 api.ipify.org

ioc	pid	process
/data/user/0/com.sigki.ckmelxlbecx/code_cache/secondary-dexes/base.apk.classes1.zip	3595	com.sigki.ckmelxlbecx

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.sigki.ckmelxlbecx

flow	ioc
8	api.ipify.org

Uses reflection 6 IoCs

obfuscation

Processes:

com.sigki.ckmelxlbecx

description	pid	process
Invokes method android.os.Handler.createAsync	3595	com.sigki.ckmelxlbecx
Invokes method android.os.Handler.createAsync	3595	com.sigki.ckmelxlbecx
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3595	com.sigki.ckmelxlbecx
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3595	com.sigki.ckmelxlbecx
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3595	com.sigki.ckmelxlbecx
Acesses field sun.misc.Unsafe.theUnsafe	3595	com.sigki.ckmelxlbecx

com.sigki.ckmelxlbecx
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3595

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sigki.ckmelxlbecx/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/code_cache/secondary-dexes/tmp-base.apk.classes1877526675539193690.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/shared_prefs/device_info.xml

MD5
606f11bfeea9fde2e0509958f085985f

SHA1
d38ddfa610eed3d16f26d115953788ede51fc143

SHA256
ed6b9f0ea14b59db0f406b23ec39290b1a9cf929c666cacb6d098ccbbc9d6742

SHA512
24fc0ae24a9f34fbdec0458150cd0f52f8de8293cc1a3c6431ae6a67fcd1cbe93aa02f8afbf08b6bb5b37454670a399ff7e2afd06de24f0c3c2e6be3f9a4f445

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/shared_prefs/device_info.xml

MD5
863c9f85009970a7be82742b6e7c811c

SHA1
0dc700c3eb952e9c5abc8be71a1262f46533e576

SHA256
b34b304fc3ee379a5b19ea6eac30e5d6e95bfa7de39d09679a1972ee5e264e49

SHA512
44da9e65d69b22fbc6e1111308f4be1f3265757e2aa6364591a6c766af2e042f38f6e7b92a821b4cc0288729e22bede7dcb2010fde5c334e242dcccc0fac7dca

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/shared_prefs/granted_accesses.xml

MD5
686c8efc8d4d8268c819d84047b558b5

SHA1
b13f7012175afc9baf63c5e511919e98ab0503b8

SHA256
10f1c95cf4e7db1a7426d7f0ee3fe5f9474e80a0976b4c474681e523c170cad6

SHA512
13ad90554d7ba5dcaba3f2756f7be4fac76c64213174af2f1cec60255c6c1c7e50ebc4e0f3b6a297f4fb0d990d5f930ffdaa2534bde9b82621f77c2defb0afcb

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/shared_prefs/granted_accesses.xml

MD5
4ecef86defd241d2c1833ddfb06726a0

SHA1
dd0ffefc80c6e04f6f10ee5bb1cdd9f712ef1dd8

SHA256
7c407676ebcbae82838d45944a12cd12a0a51b01237b41d3504758405b129050

SHA512
684e6a6f60159ca86189e502ed0b68ebeb69198fdfcdd69520274175557e30f4fd843e2368bb169978d7d20d0325c078dd3a320cbd54c026189411004001ef17

Download Submit
/data/user/0/com.sigki.ckmelxlbecx/shared_prefs/multidex.version.xml

MD5
deda60da1d03594ae6d13181919971c4

SHA1
b8c3969519ecbf8158127b4dba4d43d8e193056b

SHA256
27cd000b271bf37139d728d8ed7db22dac6a78c5474b7ac5c52ee0f322241eec

SHA512
6da60ace6b24d0e249111468241d0f0a365f71b43d8105ea065f5cee008c9702d4de036594c9c423de6e153d3500953ebe301c20f5f623253e109b17996b8383

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads