sova | b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52 | Triage

Submit
Reports

Overview

overview

Static

static

7

B01B74AAF2...52.apk

android-9-x86

B01B74AAF2...52.apk

android-10-x64

B01B74AAF2...52.apk

android-11-x64

Resubmissions

06-10-2022 16:35

221006-t3xqtshhe6 10

12-08-2022 07:30

220812-jbsyfsadar 10

Sharing

General

Target

B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk
Size

2.3MB
Sample

221006-t3xqtshhe6
MD5

0533968891354ac78b45c486600a7890
SHA1

4e9bc1bcbeec32ad93762482b9e1295c7f1bcee5
SHA256

b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52
SHA512

cdf2fcb3d7968b113563b602a476e54bdad4bf30548492941d7d18072c4542007c0f29dd2174ce1cf196c0369651788dc01e5d9f8d5ece9fa0aeeeccdf7348ce
SSDEEP

24576:JbuUHfXVoL6D8RyE2cZBGUMfYm3At+y6/DA4kf4TyQ0jPwVCnY4DDMpkghSUPFE+:JqKlomDBy+y6/DPkQzuY4OhxdEuX

Score

10^/10

sova android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk

Resource

android-x86-arm-20220823-en

sova banker evasion infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk

Resource

android-x64-20220823-en

sova banker infostealer trojan

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk

Resource

android-x64-arm64-20220823-en

sova banker infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk
- Size
  
  2.3MB
- MD5
  
  0533968891354ac78b45c486600a7890
- SHA1
  
  4e9bc1bcbeec32ad93762482b9e1295c7f1bcee5
- SHA256
  
  b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52
- SHA512
  
  cdf2fcb3d7968b113563b602a476e54bdad4bf30548492941d7d18072c4542007c0f29dd2174ce1cf196c0369651788dc01e5d9f8d5ece9fa0aeeeccdf7348ce
- SSDEEP
  
  24576:JbuUHfXVoL6D8RyE2cZBGUMfYm3At+y6/DA4kf4TyQ0jPwVCnY4DDMpkghSUPFE+:JqKlomDBy+y6/DPkQzuY4OhxdEuX
Score

10^/10

sova banker evasion infostealer trojan
- SOVA_v4 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Sova payload
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovabankerevasioninfostealertrojan

behavioral2

sovabankerinfostealertrojan

behavioral3

sovabankerinfostealertrojan

© 2018-2024

Terms | Privacy