sova | 4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a

Resubmissions

06-10-2022 16:34

221006-t3fgjshhe5 10

18-07-2022 09:59

220718-lz8pxscdaq 7

21-06-2022 09:18

220621-k9lsgacfep 8

Analysis

max time kernel
2921898s
max time network
160s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
06-10-2022 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a.apk
Size

5.2MB
MD5

e3281f0f5840038135e319419e3d5338
SHA1

56e7318683cb591051805d6018f619ca2937eda3
SHA256

4f9fb1830f47c3107b2c865a169fab46f02f6e3aeb9a3673877e639755af172a
SHA512

edc0673a0228432074165c3c52a1dcafa54164f71699f3ba10d47d4f92202137ada0b09ccd72f8b77d59f3e24f64bfe8342d6aeb53611eef9c4aa1ce5c5a1a90
SSDEEP

98304:vuRK4SpHgGnExGDtQuh9t2bJP5fkBMx2XEx3+N0jzMGoKShot/ujTc/:GzSpAhInQbNNOExOkMG3aotWX4

Score

10^/10

sova sova_v4 banker infostealer trojan

Malware Config

Signatures

SOVA_v4 payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/base.apk.I8Tuf8H1.t8g	family_sova_v4

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova

Sova payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/base.apk.I8Tuf8H1.t8g	family_sova

Sova_v4
Android banker first seen in July 2021.
banker trojan infostealer sova_v4
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.kkaxrzqsc.ckiradcii

ioc pid process

/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/base.apk.I8Tuf8H1.t8g 4839 com.kkaxrzqsc.ckiradcii
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

35 icanhazip.com
36 icanhazip.com

ioc	pid	process
/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/base.apk.I8Tuf8H1.t8g	4839	com.kkaxrzqsc.ckiradcii

flow	ioc
35	icanhazip.com
36	icanhazip.com

com.kkaxrzqsc.ckiradcii
1⤵
- Loads dropped Dex/Jar
PID:4839

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/.com.google.Chrome.ZtqBZ2

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/Cookies

Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/Cookies-journal

Filesize
1KB

MD5
9593f9c0479492de6813cf2263876e0e

SHA1
3bf4143d338f0f066150fd84e6aec935d66f8b26

SHA256
e1b12e96883ebdb985829bf5cab8b3e428bf7919352a0166054c6a10621490f4

SHA512
69ec63bd5af4b4170e9aca0ec02e8bd2258d7197166c81283fc47cbe71ce503e6e353320bc35826db554a6831acae0e5dc89a220b24c678c584ef88293d21c85

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
2f751ce9e2639563abc8bd366fb31c09

SHA1
0e53052a2f62c2ed418625a58f85cc29fd99610f

SHA256
67e2d88c89c43a57f3e6147e09ef277614c2b44ba80d1491ac0d910f39bdd1e1

SHA512
c6d2d8af263751987b8a14171139768d63319d5bd5434a702217722dc1564b8af786d34b4f92d5d4a2a2bc53ff5d058a759fd3da63b7a09c046911cda7223432

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/Web Data-journal

Filesize
1KB

MD5
f18b86b04fd6e3018310bc7d988cd0f3

SHA1
cb78eb720d9cc6645ca26b6a11d5c517f4c265c4

SHA256
1c70741f54ae03352a7e8798ef0b5e29a6c508601e0159452cf6db049747f074

SHA512
12a2b0ffdf430dbb3ce80be7b4da84c232a909eede33983dc9247d064469c11d4ce1149c3a415e3c7f4f915db64e2c1d6f53e37c2d670312bebd74a366ba5c5d

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/metrics_guid

Filesize
36B

MD5
ad86303cf40cc11345d2e855391f8d5c

SHA1
97624871ad591ec4af8e685d90e7d878583559b2

SHA256
750be3ed98b261f6eb5f353841b3911e389e667237502f5ed9ba2c82375f0c36

SHA512
cf674c2eed8c9ac8d9709324fb04e93cac704fbd17f49d1d691efaa0c1592f3f4e290073c8231b08e057cee75607d7a314e817f41e193ba30fae9453c6efa5b9

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
0df3268fb50b02b73c787d3ac7868b16

SHA1
2f04b2beca92d4b76020f1e7744c2f3d36f996fc

SHA256
a90210d33ffcac0e780ac9dd19e694de6a9f5e9ad295b6975ef44ab0713bd46f

SHA512
48673e605fc04ae2b5447ab6c877db51943200bfd60d1e567b2cc7203f589445d9674cc252ad6ebdf619af8f941fa4b5a3e2b7aa53edc68c41adb11dcd90ebfd

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/1b06023243f597d1_0

Filesize
356B

MD5
4c86b8c76a844b1dec252853d34eb570

SHA1
c82c7a969d02b5c86d310af8661d51286e430517

SHA256
a6d77b8025feba10ec3025a4a0d4c6164ef849a3c47c760566c668ed43916051

SHA512
713e2fe8ba64d4e3dd4d4b97d70cd6e2ad3dcea4bf55a639bb38187bb8fae724a424ace25b17dafc555cab8e51c32c763aede08068e26209819ff080b14f9501

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
31e7ea360f37630aa71633ccb5894921

SHA1
d6e8b5c6af4871889ae9d3826f3f8cf20f0e1519

SHA256
9c3f89ea72cca7ee94a874e8158d7b3e573d059eac92410ba12682a9c0fc1ee9

SHA512
45eefc6d1937bd2c5cbd17548e37d197425f37c11fc0cbb77433f3fc73fd008bceb8e0a03bfbbe4421f0b7407b2041d99c0e574ad2b6f602570e0707f73ab155

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/af1640934cbeaff7_0

Filesize
348B

MD5
99052eca781fe97dcf8f7df1f4ea72e7

SHA1
db4aa17f7c748ded97b768536a1455bed83cda7c

SHA256
a17f5d5b2c237eac1f770d870077abaf9a124a4d7d1e54507b63c21fa821804b

SHA512
555936dd27679b8f60583b9a12356a0eadf8e1414f216fc91f92b0d4eb5b0ad72b7a4406f4a2c7b797e4b23f02d85fb94ba93704d52e60ccaa7a23f92af3c2cc

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/b8bd5e0334724d90_0

Filesize
346B

MD5
af6c220bf30fce6d60a6deb99305739d

SHA1
c6c22e8d6fa0864882f06966ef4ba94a585852f7

SHA256
c8a1d236be0e891e25a3e8daeb4c4f4f3f99436b0dc6e830117ab08f7ab8f2c4

SHA512
62f5995914d13d95128ae93516aa498e59bd84cd3418caf96ef5deb848ab8231cf0a3cb4df8b7290e5309d6c07260b6b4017e11a27868ff9d1af3b815898ada7

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
144B

MD5
4d2c9116bf653d855290291763aa5d8a

SHA1
bd155fbf84b671d2035d4fbc842449cdabe5b174

SHA256
2732aaa16410613f60f652c2e7f374e49883a555db91c350eb24547860263737

SHA512
e0880f0f14ca38d8c0bd4712f89e69806afc9286537c05c171bf00b74be7ac398653e8409e9495d6a580e7b03f64402a1e6711f64d9f47931b448c43f902fc7b

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
899d25284c5323cc0b7b50414e4c8f6e

SHA1
e5979c37dd919092f9351c5a0620e0e66e29c5f6

SHA256
655f0eec0a6679c70aaafdf3b8e41ab266c29bf95675edfea0b4292838f7a02a

SHA512
0e0d2b0d690eee680f54242b6e0bccff26189a1cb58b5381945bb68e8ff313c63456fa0aed24462fe69ffeba1466e91dd6bdc8f755eb050424df130dd8541758

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/shared_prefs/com.android.launcher3.prefs.xml

Filesize
128B

MD5
20837fd8daf2a2de8d6c4ccd8e90653a

SHA1
7ac08617bd4585151c239325aea243d9eca586f7

SHA256
e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec

SHA512
a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/shared_prefs/multidex.version.xml

Filesize
307B

MD5
23e27e30ed862dd5f320ca3e08f96f5f

SHA1
c1ede7853419f98431d9fb4170b4fa49b18eb6dd

SHA256
b857b87bac024c3399c410136c063571b989a82b76c0fc684b41d3480e913193

SHA512
8bbcb6029de822d1d82ca1b6379af5df02a20ec0c5ad71cdbb43445e8ac2a2587aee7959bd773fa905f7cfd694a25d7f67d740214f74c639ea6de5286744368e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/base.apk.I8Tuf8H1.t8g

Filesize
1.6MB

MD5
cb24a6c4d91a05002e4396d94936d9eb

SHA1
7391cd105430e2017d9bb22b4823ea400f34427b

SHA256
d9e95c193a3ffa0c2e621425c503031c18afa77f3e90cfccb9ed817458838888

SHA512
17923ca572625866d4aaef2ba57e7965638ab5a09d645f4660f0797a6dc6bf38199320e5d67f8d247e78fa30c0252abbf442baca539333d44a008e21a9b3de9a

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/gUIHgfIk.yTyp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kkaxrzqsc.ckiradcii/yki8ygfaUa/k8tUITp6jja9jkj/tmp-base.apk.I8Tuf8H6274906038397017189.t8g

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit