sova | 8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57

Analysis

max time kernel
3481444s
max time network
141s
platform
android_x64
resource
android-x64
submitted
10-09-2021 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57.apk
Size

569KB
MD5

01b6f0220794476fe19a54c049600ab3
SHA1

eb9dfde47a393bca666e947f285f16c20baf6c32
SHA256

8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57
SHA512

ac3031a6dbc5bb0d1e609979336487f14efe58f8e87480e5ef7f79c2abae56977ca444bbb5bbc7970d9c416f9c754b9fedf2bdef3b7b311c2e95e07350f9c892

Score

10^/10

sova banker infostealer obfuscation trojan

Malware Config

Signatures

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.adobe.flashplayer

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.adobe.flashplayer
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

9 api.ipify.org

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.adobe.flashplayer

flow	ioc
9	api.ipify.org

Uses reflection 6 IoCs

obfuscation

Processes:

com.adobe.flashplayer

description	pid	process
Invokes method android.os.Handler.createAsync	3590	com.adobe.flashplayer
Invokes method android.os.Handler.createAsync	3590	com.adobe.flashplayer
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3590	com.adobe.flashplayer
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3590	com.adobe.flashplayer
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3590	com.adobe.flashplayer
Acesses field sun.misc.Unsafe.theUnsafe	3590	com.adobe.flashplayer

com.adobe.flashplayer
1⤵
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3590

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.adobe.flashplayer/shared_prefs/device_info.xml

MD5
606f11bfeea9fde2e0509958f085985f

SHA1
d38ddfa610eed3d16f26d115953788ede51fc143

SHA256
ed6b9f0ea14b59db0f406b23ec39290b1a9cf929c666cacb6d098ccbbc9d6742

SHA512
24fc0ae24a9f34fbdec0458150cd0f52f8de8293cc1a3c6431ae6a67fcd1cbe93aa02f8afbf08b6bb5b37454670a399ff7e2afd06de24f0c3c2e6be3f9a4f445

Download Submit
/data/user/0/com.adobe.flashplayer/shared_prefs/device_info.xml

MD5
eb6dfe5b39adc83e1717e0567dcb8a91

SHA1
efca447956157e46b1767c3b5066227e537f49ec

SHA256
6e80dec8ec18ddf79abe946b7ba9dabd4ce856a4582a2048c47e6c96289312cb

SHA512
fa482d0676220b163e3ce825b05689e098fc3f8d3bfee03519e523554d28efb324ed822ed9c931a6ed95932c984a3aa501f4d9c7582edd0a8c0c78084b7b8d76

Download Submit
/data/user/0/com.adobe.flashplayer/shared_prefs/granted_accesses.xml

MD5
5f514e5444b2d976dd249d30aa4ab119

SHA1
d934e0716e2329e0436d6c0d8be4ecb7ef3c9800

SHA256
c0aef0237d963e35df96a2c1ffa799598b7cfa04ce1fc9a4f2cc5f6799c9717e

SHA512
2e1e0fac03149ee721bcd0fa8453fbdd54cd66150c31809d0c238b47f3e4902fe723f86e61d3624d281f16f74e48d0b02ab634e4b67382b366d95f26b1b0d532

Download Submit
/data/user/0/com.adobe.flashplayer/shared_prefs/granted_accesses.xml

MD5
889b054e7c2bfc5c60656cc828f2242d

SHA1
49baa8fa8536408398ad1f6824524563cc7bce71

SHA256
9f9744750fea103d1768cfa85c9b4fd336eb7b191e5bb04cb8a9db6da614a147

SHA512
4f0b08eca030ce2ee6de35ca56d361bc9026ca3349479aac4e9c4152ce1ef71e4afddd9a7e76e9517ed75e97acd152005554275cfc2f0ace7c92595f4e7ef6b0

Download Submit