sova | 76d4de84e32bc7f40a131f51e1fc56213b05391cb3a809330a4296c224f9cc22

Analysis

max time kernel
376939s
max time network
144s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
15/12/2022, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76d4de84e32bc7f40a131f51e1fc56213b05391cb3a809330a4296c224f9cc22.apk
Size

4.9MB
MD5

a52932e0662eaafd2b91e11585cb5f25
SHA1

b5d8b93036e9b8d9db6ab98170475daf0e112115
SHA256

76d4de84e32bc7f40a131f51e1fc56213b05391cb3a809330a4296c224f9cc22
SHA512

04fc9d710472ee05d33dab184d70b5ee6ed2de9ffb245d24527ad41520ea21cbc10805ff3a99d11da358258c6bbeaa18975e2d372ae8fe8ce4dc8d55bbc199dd
SSDEEP

98304:oCmotom64KUtEzAmHMC5i6pZgUdxkcZqmjrioA0w7LLWKvrsj:KKEzAqtWUdxkcZqAlofhvrsj

Score

10^/10

sova banker infostealer trojan

Malware Config

Signatures

SOVA_v5 payload 1 IoCs

resource	yara_rule
behavioral1/memory/4537-0.dex	family_sova_v5

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.target.fuel/app_DynamicOptDex/CbqR.json	4537	com.target.fuel

com.target.fuel
1⤵
- Loads dropped Dex/Jar
PID:4537

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.target.fuel/app_DynamicOptDex/CbqR.json

Filesize
2.2MB

MD5
91df9125ce8fec39fd2e3a63106f3824

SHA1
c7795589fc5cc231eab644b53052eeebf937cf3a

SHA256
6584c4ee2fd571bcf7bee91d0a26d7b30b7709714c07f90c27dfe5099adf4d9f

SHA512
4e31c8bcb6e801e50a80e2f061e4a4e6fb86598a60857b2d032b203ee889cc94ab5941bc176635ce5398b0d08a7b0611980e09ead0c6bbe4882dd10b95fbbd91

Download Submit
/data/user/0/com.target.fuel/app_DynamicOptDex/CbqR.json

Filesize
6.1MB

MD5
3d19586df27fe498c88eef13c83e1153

SHA1
155c0b0a11e9d217ff77340a640d4bd4510e7c4f

SHA256
30c5ae88ef93436c2a98191845441c33203e5998f5d05e60ae368fb7a6c080d4

SHA512
f66be1f83fec1deb35c1eebeb3e1da330e3bd8c25689a70dfd4f398268d92cbb1b4baf11dcddefdae9cad2a4b01ebbba39168bd16529e2535b0695007ec93d82

Download Submit
/data/user/0/com.target.fuel/no_backup/androidx.work.workdb

Filesize
8KB

MD5
e579a6b00eef1318f9166352228eba18

SHA1
76988896854f0139083e77862eea1a4846cf039f

SHA256
4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

SHA512
c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

Download Submit
/data/user/0/com.target.fuel/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
6665adc2a1c53efdc4a856543eba0241

SHA1
fb7dc705229186f7723873eb92fe03f18affd557

SHA256
ad4d043bd67b5facbf3ca6ab57621cd6ceb504aed16e835a70a25982c8d6c445

SHA512
0c98eb20ceabced86947b54195d864bed3720cd7b242757ea692411b51b847f027e3272fde25f2193443e6b419ceb0999130f8aa8c323ff25bfaaf75614410c3

Download Submit
/data/user/0/com.target.fuel/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.target.fuel/no_backup/androidx.work.workdb-wal

Filesize
217KB

MD5
8fa11e3f5462a23a362198722bdec3b7

SHA1
acad7d464042607388817eb717c031edf6ff8fad

SHA256
8e792ad8941a34207acfd2cb8cceea05b5bff7b79f9582574ba6632acfe1eb15

SHA512
634e81fad165443c1b56795d190192033082c03ec5d2eb9c69b2cb89eb033f96aa35e4187ccecc9c055a2e72524e0b724bb5e2458b6f1850be13a5d39d87d175

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads