sova | b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52

Resubmissions

06-10-2022 16:35

221006-t3xqtshhe6 10

12-08-2022 07:30

220812-jbsyfsadar 10

Analysis

max time kernel
2921954s
max time network
150s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
06-10-2022 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B01B74AAF249D0740F541C081C0C0DE4BF455B4B68F2634FAB6CF8AAFCD95D52.apk
Size

2.3MB
MD5

0533968891354ac78b45c486600a7890
SHA1

4e9bc1bcbeec32ad93762482b9e1295c7f1bcee5
SHA256

b01b74aaf249d0740f541c081c0c0de4bf455b4b68f2634fab6cf8aafcd95d52
SHA512

cdf2fcb3d7968b113563b602a476e54bdad4bf30548492941d7d18072c4542007c0f29dd2174ce1cf196c0369651788dc01e5d9f8d5ece9fa0aeeeccdf7348ce
SSDEEP

24576:JbuUHfXVoL6D8RyE2cZBGUMfYm3At+y6/DA4kf4TyQ0jPwVCnY4DDMpkghSUPFE+:JqKlomDBy+y6/DPkQzuY4OhxdEuX

Score

10^/10

sova banker infostealer trojan

Malware Config

Signatures

SOVA_v4 payload 3 IoCs

resource	yara_rule
behavioral2/files/4734-0.dat	family_sova_v4
behavioral2/memory/4734-0.dex	family_sova_v4
behavioral2/memory/4734-1.dex	family_sova_v4

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova

Sova payload 3 IoCs

resource	yara_rule
behavioral2/files/4734-0.dat	family_sova
behavioral2/memory/4734-0.dex	family_sova
behavioral2/memory/4734-1.dex	family_sova

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR	4734	com.gdwicoopc.mlwmelkys
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR	4734	com.gdwicoopc.mlwmelkys

com.gdwicoopc.mlwmelkys
1⤵
- Loads dropped Dex/Jar
PID:4734

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Cookies

Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Cookies-journal

Filesize
1KB

MD5
b151ca8f6f58ff0a11df7fd8771d56ac

SHA1
e3eee546e8d559fbcee3dbadf6d13d8a78766621

SHA256
64ad75dd7bb7542c7666923dd0eb791b3ab439c59d300ecfe865e181cbae4432

SHA512
f71aefc612f37c916aab2dab235c8b0bffdbd8df3e5c2590e36f40414a6d713fd51d8ce405fffc77c90353fc9dd0d2af281fb50adb242cfafeb7544ce08a4afb

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
ddefd4f34f3eee7147436537f25c690e

SHA1
c839a0e9d0db9f5d17c41bf3b14455f18c6745f3

SHA256
6a6e2cd2647f23bc662b641e26185aff00afbb1ef6f8230c8a417fbf82399de7

SHA512
e7b90dddfc45ed379eb1d3856de17c11aeaee7182a868575deb4eb4198a14f747321e7bd39ba957c3961a1db888094ab161e95bd689bd2a9cd551fb410f4d40d

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/Web Data-journal

Filesize
1KB

MD5
ce0a6aa75b997f0542741bacddf698b6

SHA1
46326d4a7f4564ab2f1a1f8c3a52c2bfa58acf90

SHA256
3ed410f68f8e6f98e01843ab84a0e4cccbce07679d99c32f0d1386e7a209a885

SHA512
52eb0a4b569c07bc8973854791e719f4a6a57513f022dbb9fb552c6cd5d9827969fe06cc0d8cf204c87fd2b7e9603d0e5fd0963fcd4c27d02257ccce1056c384

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/app_webview/metrics_guid

Filesize
36B

MD5
42cb422d42ef5d3095882fcbffed8846

SHA1
3cc1c25a2050775f6a1ad910c05dfb295d4e88b9

SHA256
9197c85a58e7670fb7451c3bc2b2a78dc6c77b7d0c0d60511d2065019c7523e2

SHA512
c1d07bf5936efee1aab1f8d5e8e0eba206383c609554d830351bff93254c109122b82b87f3f9c322210fabb6a3d81a18643b7b04cda8f8930695eba8f674c511

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
f2fdc6ea90bc1012e2fa6133c7a16222

SHA1
b525d52422516073afda11d14f6dcb0732ce952e

SHA256
5c322092e6171ea6241ed56fcce0c96db902d2fddd250d2b58336f0d0547fa66

SHA512
44cb007388fe9884d60f9038962d970adfbf4c717cda8c7f47b005e40ba9a90953c02ee563249bf67db70af96603ec95a7ffcbc7878993b20ad41b634330faae

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/6f03d1e54403232e_0

Filesize
374B

MD5
4ae4e2a79baa13acda809fc8e2813945

SHA1
de74bb7635c0dff0959a0a1ab18a4c8b9b7a0f88

SHA256
d0b914732b5c3470250eb7816f58653d3a5c979eb83b5a361480d6bd2cd9a51b

SHA512
3aaf704bc65ee5cfc7026a920d1dddd9143b10b5f7edb17964094fdb81e3a5e4fba178987c6373ffcfad2d9e96a07d30ae647a3863c7d6005ef9c77a238a8e81

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/6f618348479ca997_0

Filesize
522B

MD5
e9795547cc00ae409411e82ca1903f10

SHA1
5ed9899380d9cd15f1f500a45ede21ae652c162d

SHA256
585271e019a36961156dbee396c65fff31c87c30b59b082607958f8b7aa31a17

SHA512
ed3f425bb718a2636c3df681d25772658c0eef8be19506a5741fb16f543e09fbc70d25f45a8a3980a2f5c7b35b52c6f7333d40bac32a8c0641ca955966367e7d

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
64751ae578568ebb5f460419afb5f0c2

SHA1
3a853886eca452d2a26b7b32a8a299ec0cf658ed

SHA256
9a22afbf2d3924c5c33f4b2f0ccb310786d100ef5fe0e7283a935f6a2e6753f8

SHA512
06c7945f4fb65d2be7d6cc71690d0fcf6bc7644b6ad4464f746f9611798c5216602bc6dd44fdc139d0602c08289c10b486d3bfbf9650d9c11744d01103798d1c

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
98d7ec1c4e020c5fcb962bebf3503070

SHA1
a9f8b4479090386faa27a918a6dd112a2b75904a

SHA256
be052d6460545488ba87628a2ff640ef2f45b4c12ed126c6e9b0e9a17ddb2f52

SHA512
7dc0234dc1b802a8632077f2ad57d71bec3d6c5a050aa4cf7b4482647a40d4e849555f754bdfadfccb2fe5c10517c8f71cd9259a8547d0e7b30e96eb0183ee72

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
4773d351a4d546ca95fafa252204e290

SHA1
5922216b0152f011e5a69e339bdf4b406d91de18

SHA256
de8622d0b3d826306daa530abad818ffa5c298a699592113461942dbc0008e24

SHA512
8fe9e9599be2335a0df4de256428e1447f29d417f4a368af7b4993b5dbabe2a9ae39306cf36ee374e5479dca5979eddda985ff68169624bcdc09fb5d5a8f6e37

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.gdwicoopc.mlwmelkys/shared_prefs/app.xml

Filesize
121B

MD5
34cfb8689ac2e07222398a7f8c2a5409

SHA1
f344e34b44c9b0e5988d57b98e24eee633f1f784

SHA256
408a9d58aaade561ec8a541919f4704768458775cff2277cd7c91cf2aa71b2e1

SHA512
f4d3e5b9d614e23558ff36645a89a1661bb2567a9480146f198b1e85c4e6d4fdb59cbb0312c74c8fa9fe27bcdf017be1fd11dc52a7c5a2e3874a338b8d5f307b

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
20523fb5f80852f7d03b9ca83d6d62b7

SHA1
9423b1f76829b6052918e6346b58fd69782612d1

SHA256
dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

SHA512
0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
20523fb5f80852f7d03b9ca83d6d62b7

SHA1
9423b1f76829b6052918e6346b58fd69782612d1

SHA256
dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

SHA512
0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

Download Submit
/storage/emulated/0/Android/obb/com.gdwicoopc.mlwmelkys/ۦۘ۟ۗ۠۫/ۦۘ۟ۗ۠۫-k-r-c-p-u-r-p-e-l-s-h-b-j-p-d-w-r-y-s-t-s-j-w-d-m-f-a-k-w-c-r-o-o-k-t-n-g-z-g-z-p-k-f-a-j-k-b-q-t-w-o-p-o-f-m-g-l-a-a-c-j-w-f-g-w-q-s-t-e-x-a-q-t-j-m-g-y-k-z-f-r-w-h-o-k-t-k-z-d-a-r-z-c-e-t-d-x-i-t-m-jfO.sR

Filesize
716KB

MD5
20523fb5f80852f7d03b9ca83d6d62b7

SHA1
9423b1f76829b6052918e6346b58fd69782612d1

SHA256
dd71c863722556aa5967e79619f23063138b678d4154b1991f6417547f3a54d4

SHA512
0bf7618ce24b4426a8780fb2eeb223a4f65399ab4daf3f9ef6a212709d3c22f745847465490eac4f892e97546d4da98be8774f2421271a51f35c498ca4e7bbe9

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads