Overview

overview

10

Static

static

7

7C805F51EE...02.apk

android-9-x86

10

7C805F51EE...02.apk

android-10-x64

10

7C805F51EE...02.apk

android-11-x64

10

Resubmissions

07-03-2023 23:25

230307-3d95ascb71 10

06-10-2022 16:35

221006-t321jshhe8 10

12-08-2022 07:35

220812-jen4nschf5 8

Analysis

  • max time kernel
    2921963s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    06-10-2022 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7C805F51EE3B2994E742D73954E51D7C2C24C76455B0B9A1B44D61CB4E280502.apk

  • Size

    4.0MB

  • MD5

    74b8956dc35fd8a5eb2f7a5d313e60ca

  • SHA1

    322bfcfc2f2cfcfb759bc61b021a498c1955937b

  • SHA256

    7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502

  • SHA512

    772e0ae703b9cb3bb62c490366023026845aa80d793211dbc95606795659f88fa58e510ab1fdb129ee01159560ae071312c9de98cbcdbf574b015a791a0960ac

  • SSDEEP

    98304:zQEneeg1QRd7c43GVDssvvO9h9CwfLyEefawrQ:zQEnzg2RD2Vjgfzyzawk

Score
10/10
sovabankerevasioninfostealertrojan

Malware Config

Signatures

  • SOVA_v5 payload 1 IoCs
  • Sova

    Android banker first seen in July 2021.

    bankertrojaninfostealersova
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.bean.cousin
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.bean.cousin/app_DynamicOptDex/CtaDwII.json
    Filesize

    2.2MB

    MD5

    c9ea4a96385657ebb6555b6d4d5eca0c

    SHA1

    5bae7c22a1bc9d4d0410a9a2a66056ebe00a7e93

    SHA256

    11b1cbdef463227d288271c05101ed180109d372d68fc924c29db43bf518922b

    SHA512

    e42bbc1ab5dcea9d0c54ff9ebf71919e97ec8ea49793e05179414a95a034f9108b709cbc52fd25c8a6f1d48d249b9d0bb59bfcabdac4f4853d0177ab3fdfce8c

    Download Submit
  • /data/user/0/com.bean.cousin/app_DynamicOptDex/CtaDwII.json
    Filesize

    6.0MB

    MD5

    cb83525904c2bff0cb586d662c5fe2b9

    SHA1

    2d63ff2e85b34006a5517f85deb470ff48734df5

    SHA256

    acd7234022738f4e8499749de805c474879fea06de0d7ca066483d03e7ef02f5

    SHA512

    33eced5d3bead49bb238f08bac960044c7359262fdd58ab559cb38c47528859e24f8578e32743ba6a1630ce7e45497c9f99edb0b96c5c8fa6c0a4ca7fb15fd3e

    Download Submit
  • /data/user/0/com.bean.cousin/app_DynamicOptDex/oat/CtaDwII.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.bean.cousin/no_backup/androidx.work.workdb
    Filesize

    8KB

    MD5

    e579a6b00eef1318f9166352228eba18

    SHA1

    76988896854f0139083e77862eea1a4846cf039f

    SHA256

    4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

    SHA512

    c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

    Download Submit
  • /data/user/0/com.bean.cousin/no_backup/androidx.work.workdb-journal
    Filesize

    1KB

    MD5

    0f211a2a19c027667a5bde62036ca286

    SHA1

    8109d107090188f11bce8c6cb089202a36f52fbb

    SHA256

    b95a289c28139e950e3341997def3c9940257008bf43b6a3bb0a0a8aaa1f1c29

    SHA512

    39c54ab3b6a40548a60ff8cecc81c9fb0c62e4d7f8c2d57c5aa231290383f29af678a29065376834838c95c040dd46a269a1714e2bf2b0233a9ca43f3b5e4ca2

    Download Submit
  • /data/user/0/com.bean.cousin/no_backup/androidx.work.workdb-shm
    Filesize

    16B

    MD5

    4ae71336e44bf9bf79d2752e234818a5

    SHA1

    e129f27c5103bc5cc44bcdf0a15e160d445066ff

    SHA256

    374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

    SHA512

    0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

    Download Submit
  • /data/user/0/com.bean.cousin/no_backup/androidx.work.workdb-wal
    Filesize

    458KB

    MD5

    8124e13692243b2e82ab912a6e1569b8

    SHA1

    130052eab5c53a76a586b603733e2dac80571451

    SHA256

    22c193374419014f97e360176c591f3680aabe4464f1aa4ed2dd13b2993fa714

    SHA512

    b643d2b28a4d6413dcd3aae6b011ab8ff3c3c3132679093eaf7f358b3a4d1575f59deda047b69a03f6d366c2ecfca39afa753da8dc77de992893b5fa5fe700f0

    Download Submit