sova | dd8a5a1a8632d661f152f435b7afba825e474ec0d03d1c5ef8669fdc2b484165

Resubmissions

14-02-2024 07:37

240214-jfx3zaea42 10

10-09-2021 11:39

210910-nsawesdbcl 10

Analysis

max time kernel
3481380s
max time network
41s
platform
android_x64
resource
android-x64
submitted
10-09-2021 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd8a5a1a8632d661f152f435b7afba825e474ec0d03d1c5ef8669fdc2b484165.apk
Size

2.9MB
MD5

1698651d6b8fd95574f62b046b4f68e5
SHA1

ed0558bbfd7929cb4a28d6b095f68f26fcea4370
SHA256

dd8a5a1a8632d661f152f435b7afba825e474ec0d03d1c5ef8669fdc2b484165
SHA512

74d932cda56d661ade9dbf4ebcb0c092bee262a5475eded9b98010d00a97cbb6dc2083948e6ca568b238c1a801e52f096df35daa76160bfa8683bab41eb046a9

Score

10^/10

sova banker infostealer obfuscation trojan

Malware Config

Signatures

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.clqg.sbtkqsb.ixrooga

ioc pid process

/data/user/0/com.clqg.sbtkqsb.ixrooga/code_cache/secondary-dexes/base.apk.classes1.zip 3673 com.clqg.sbtkqsb.ixrooga
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.clqg.sbtkqsb.ixrooga

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.clqg.sbtkqsb.ixrooga
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

17 api.ipify.org

ioc	pid	process
/data/user/0/com.clqg.sbtkqsb.ixrooga/code_cache/secondary-dexes/base.apk.classes1.zip	3673	com.clqg.sbtkqsb.ixrooga

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.clqg.sbtkqsb.ixrooga

flow	ioc
17	api.ipify.org

Uses reflection 7 IoCs

obfuscation

Processes:

com.clqg.sbtkqsb.ixrooga

description	pid	process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3673	com.clqg.sbtkqsb.ixrooga
Invokes method android.os.Handler.createAsync	3673	com.clqg.sbtkqsb.ixrooga
Invokes method android.os.Handler.createAsync	3673	com.clqg.sbtkqsb.ixrooga
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3673	com.clqg.sbtkqsb.ixrooga
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3673	com.clqg.sbtkqsb.ixrooga
Acesses field sun.misc.Unsafe.theUnsafe	3673	com.clqg.sbtkqsb.ixrooga
Acesses field sun.misc.Unsafe.theUnsafe	3673	com.clqg.sbtkqsb.ixrooga

com.clqg.sbtkqsb.ixrooga
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3673

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.clqg.sbtkqsb.ixrooga/code_cache/secondary-dexes/MultiDex.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/code_cache/secondary-dexes/base.apk.classes1.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/code_cache/secondary-dexes/tmp-base.apk.classes4244309716259948038.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/shared_prefs/device_info.xml
MD5
606f11bfeea9fde2e0509958f085985f

SHA1
d38ddfa610eed3d16f26d115953788ede51fc143

SHA256
ed6b9f0ea14b59db0f406b23ec39290b1a9cf929c666cacb6d098ccbbc9d6742

SHA512
24fc0ae24a9f34fbdec0458150cd0f52f8de8293cc1a3c6431ae6a67fcd1cbe93aa02f8afbf08b6bb5b37454670a399ff7e2afd06de24f0c3c2e6be3f9a4f445

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/shared_prefs/device_info.xml
MD5
931a799e2f1c444fd6eaa884e80c19da

SHA1
af15b08591163ec41ae8eafa8f64e5a246fb3c7e

SHA256
23e92fb4f65fdc314f878da694bab86840a505c865926d7c345bbd398b5e2758

SHA512
3f6c0c88acc9ffcdfb250034572312124caed05127602e932be6842720e24a82ca7e4601558941d15a4821543b214123fbf15dbc6c90bc97b9eb9f0dd04b3218

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/shared_prefs/device_info.xml
MD5
06eb9f20fa773c666edf8fbe479ea3d6

SHA1
f1e3efd6d12325beb52c56980029da3eaf2eef7e

SHA256
28bec6ffb689faba0966d60768669a3d998c71717bfabef148a9336f728a8552

SHA512
8e8df6984f3194799a123765126e76a981fe783f6b77f0dcbfc2dcb38075d099f9e38d05f53cc203bbb65bda79429e8c577aee7d4d82b8639879edc64960f28d

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/shared_prefs/granted_accesses.xml
MD5
30865e6aece5e4447753dbb22952778e

SHA1
e5a646439c1d3c94d0281bb303f5f331c7ba6ee3

SHA256
4c14794b899f2bb155ba2ca5eb1be73d8449eb2dc0b4be9ed86c9effef129f72

SHA512
191191f98cd16eb53ff7fb9145a8a134ea77716e85a128e6f0781a9a76742b5663b918b7d2f14840eecff3732fe02d5caf4669507fac10185e7c3ea080765d32

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/shared_prefs/granted_accesses.xml
MD5
3bfd4100acbd2edcadf3314ddae29e4e

SHA1
4dfdd96bb2921f1e7d3d5941405e770ec80d3814

SHA256
f302c4bd9e3ea64ba5a9093cf32214d90f38c841903948a0f51b45d35d699a92

SHA512
b33277000d7e35879c7b464aa91da927bae8e3db71f83a7a706f11262dfe5fb8f01f682d60647b08c576759015e48cb90a74622b7ef0c72defc2416f25341b2a

Download Submit
/data/user/0/com.clqg.sbtkqsb.ixrooga/shared_prefs/multidex.version.xml
MD5
fff774a20cd555973cebd3df3bde51f5

SHA1
813491ea4ce52ed365ff76818e2acbd8ed4b82d6

SHA256
d913436b25eb07af70acb0207bc511daf74c39e709a6ca778723c6c924f358e0

SHA512
b5664ffff941f0eb9269c85ffcd537abdf245411f9eacb4b1a7def13ff07935e2bfe352f74a7c6395e6f2225bc54c07a196d7dd8dca0777353a0c90c248f35cc

Download Submit