sova | 173a8591dcb43aa7e4b5d0dc5f9034d69aa78bc8827407d56047336614795cce | Triage

Submit
Reports

Overview

overview

Static

static

8

173a8591dc...in.apk

android_x64

Resubmissions

29/09/2021, 15:51

210929-tanbpafcc3 10

29/09/2021, 15:47

210929-s8e8asfcb6 8

Sharing

General

Target

173a8591dcb43aa7e4b5d0dc5f9034d69aa78bc8827407d56047336614795cce.bin
Size

7.0MB
Sample

210929-tanbpafcc3
MD5

76c81a68d7dcd0bf9d77a7bfbb06178e
SHA1

811b4b899eb962baee4347d291eb1cb1e7a91e86
SHA256

173a8591dcb43aa7e4b5d0dc5f9034d69aa78bc8827407d56047336614795cce
SHA512

593cbc1663d1c122064b918ff6bf5e513e4925b69de074a35f7e7958a48a00146f3dbcce7499c0ada4448af93fb215288d15a64c621c9c92ddcb74eccb1820f7

Score

10^/10

sova android banker infostealer obfuscation trojan

Static task

static1

Behavioral task

behavioral1

Sample

173a8591dcb43aa7e4b5d0dc5f9034d69aa78bc8827407d56047336614795cce.bin.apk

Resource

android-x64

sova banker infostealer obfuscation trojan

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  173a8591dcb43aa7e4b5d0dc5f9034d69aa78bc8827407d56047336614795cce.bin
- Size
  
  7.0MB
- MD5
  
  76c81a68d7dcd0bf9d77a7bfbb06178e
- SHA1
  
  811b4b899eb962baee4347d291eb1cb1e7a91e86
- SHA256
  
  173a8591dcb43aa7e4b5d0dc5f9034d69aa78bc8827407d56047336614795cce
- SHA512
  
  593cbc1663d1c122064b918ff6bf5e513e4925b69de074a35f7e7958a48a00146f3dbcce7499c0ada4448af93fb215288d15a64c621c9c92ddcb74eccb1820f7
Score

10^/10

sova banker infostealer obfuscation trojan
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovabankerinfostealerobfuscationtrojan

© 2018-2025

Terms | Privacy