sova | 4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a | Triage

Submit
Reports

Overview

overview

Static

static

7

4f9fb1830f...2a.apk

android-9-x86

4f9fb1830f...2a.apk

android-10-x64

4f9fb1830f...2a.apk

android-11-x64

Resubmissions

06-10-2022 16:34

221006-t3fgjshhe5 10

18-07-2022 09:59

220718-lz8pxscdaq 7

21-06-2022 09:18

220621-k9lsgacfep 8

Sharing

General

Target

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a
Size

5.2MB
Sample

221006-t3fgjshhe5
MD5

e3281f0f5840038135e319419e3d5338
SHA1

56e7318683cb591051805d6018f619ca2937eda3
SHA256

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a
SHA512

edc0673a0228432074165c3c52a1dcafa54164f71699f3ba10d47d4f92202137ada0b09ccd72f8b77d59f3e24f64bfe8342d6aeb53611eef9c4aa1ce5c5a1a90
SSDEEP

98304:vuRK4SpHgGnExGDtQuh9t2bJP5fkBMx2XEx3+N0jzMGoKShot/ujTc/:GzSpAhInQbNNOExOkMG3aotWX4

Score

10^/10

sova sova_v4 android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a.apk

Resource

android-x86-arm-20220823-en

sova sova_v4 banker evasion infostealer trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a.apk

Resource

android-x64-20220823-en

sova sova_v4 banker infostealer trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a.apk

Resource

android-x64-arm64-20220823-en

sova sova_v4 banker infostealer trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a
- Size
  
  5.2MB
- MD5
  
  e3281f0f5840038135e319419e3d5338
- SHA1
  
  56e7318683cb591051805d6018f619ca2937eda3
- SHA256
  
  4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a
- SHA512
  
  edc0673a0228432074165c3c52a1dcafa54164f71699f3ba10d47d4f92202137ada0b09ccd72f8b77d59f3e24f64bfe8342d6aeb53611eef9c4aa1ce5c5a1a90
- SSDEEP
  
  98304:vuRK4SpHgGnExGDtQuh9t2bJP5fkBMx2XEx3+N0jzMGoKShot/ujTc/:GzSpAhInQbNNOExOkMG3aotWX4
Score

10^/10

sova sova_v4 banker evasion infostealer trojan
- SOVA_v4 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Sova payload
- Sova_v4
  Android banker first seen in July 2021.
  banker trojan infostealer sova_v4
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovasova_v4bankerevasioninfostealertrojan

behavioral2

sovasova_v4bankerinfostealertrojan

behavioral3

sovasova_v4bankerinfostealertrojan

© 2018-2024

Terms | Privacy