Analysis
-
max time kernel
3433836s -
max time network
141s -
platform
android_x64 -
resource
android-x64 -
submitted
09-09-2021 22:25
General
-
Target
efb92fb17348eb10ba3a93ab004422c30bcf8ae72f302872e9ef3263c47133a7.apk
-
Size
2.9MB
-
MD5
03f51334546586d0b56ee81d3df9fd7a
-
SHA1
b45ff7ff0126a88d6782d6871c472577cb7b103c
-
SHA256
efb92fb17348eb10ba3a93ab004422c30bcf8ae72f302872e9ef3263c47133a7
-
SHA512
0024bdc9185322613bf2e081702dbeceb3efd0ba9168860ec7572890d5135cb77182923f917dccc4fbffb09a38ebc92c4f2ff527f53cbfdf29e595d77e3608d9
Score
10/10
Malware Config
Signatures
-
Sova
Android banker first seen in July 2021.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses reflection 6 IoCs
Processes
-
com.sigki.ckmelxlbecx1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection