sova | 894723b804ae51e7294a69169f0d7b0244a18ba712fa8e3042cb63e8e58cbccf | Triage

Submit
Reports

Overview

overview

Static

static

7

Video_Player.apk

android-9-x86

Resubmissions

09-03-2023 12:51

230309-p3sdwsbd2x 10

24-01-2023 13:11

230124-qe9hyadb3z 10

24-01-2023 13:11

230124-qe3emabe74 7

16-01-2023 15:02

230116-senmksgh58 10

16-01-2023 14:58

230116-scnjsscg9v 10

Sharing

General

Target

Video_Player.apk
Size

4.3MB
Sample

230124-qe9hyadb3z
MD5

54013894dcaf20181b2ca431bb9d0575
SHA1

6cb71982ce39526340616a51ab45ccf46dcf799d
SHA256

894723b804ae51e7294a69169f0d7b0244a18ba712fa8e3042cb63e8e58cbccf
SHA512

fca6cf580c15e0e623b76fa83c9d1234d1f376a9059274e24debdab02ae6c9ab74c16be7b13c26cca810b93290405619a5a17a1dbf9d087dcea57953aa74369d
SSDEEP

98304:QkrGUuVDcQJBwXBtEgQJPL8dKNPtJOvar/xGvKp2QqP2kWnRUrCvLP95cd:Q21uZckBwXBtVQ9wG/QSpLhRUrCvxWd

Score

10^/10

sova sova_v5 android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Video_Player.apk

Resource

android-x86-arm-20220823-en

sova sova_v5 banker evasion infostealer trojan

android-9-x86

8 signatures

1800 seconds

Malware Config

Extracted

Family

sova_v5

C2

aHR0cDovLzUuMTYxLjk3LjU3OjUwMDAv

aHR0cDovL2RheWlndXZlbmVjZWtoYWJlcmxhcmdlbGVjZWsuY28udnUv

aHR0cDovL2hlcmtlc2VhY2lraGFsZGVnZWxlY2VraGFiZXIuY28udnUv

aHR0cDovL2Jpemltc2l6ZGVuaGFiZXJhbGRpZ2ltaXpoYWJlcmxlci5jby52dS8\u003d

aHR0cDovL2thcmFrZWRpaGFiZXJsZXJpbmJhc2JlbGVzaW9sZHVpemwuY28udnUv

aHR0cDovL2Jpemltc2l6ZGVuYWxhY2FnaW1pemhhYmVybGVyZGVheS5jby52dS8\u003d

Targets

- Target
  
  Video_Player.apk
- Size
  
  4.3MB
- MD5
  
  54013894dcaf20181b2ca431bb9d0575
- SHA1
  
  6cb71982ce39526340616a51ab45ccf46dcf799d
- SHA256
  
  894723b804ae51e7294a69169f0d7b0244a18ba712fa8e3042cb63e8e58cbccf
- SHA512
  
  fca6cf580c15e0e623b76fa83c9d1234d1f376a9059274e24debdab02ae6c9ab74c16be7b13c26cca810b93290405619a5a17a1dbf9d087dcea57953aa74369d
- SSDEEP
  
  98304:QkrGUuVDcQJBwXBtEgQJPL8dKNPtJOvar/xGvKp2QqP2kWnRUrCvLP95cd:Q21uZckBwXBtVQ9wG/QSpLhRUrCvxWd
Score

10^/10

sova sova_v5 banker evasion infostealer trojan
- SOVA_v5 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Sova_v5
  Android banker first seen in July 2021.
  banker trojan infostealer sova_v5
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Removes a system notification.
  evasion
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovasova_v5bankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy