Resubmissions

07-03-2023 23:25

230307-3d95ascb71 10

06-10-2022 16:35

221006-t321jshhe8 10

12-08-2022 07:35

220812-jen4nschf5 8

General

  • Target

    7C805F51EE3B2994E742D73954E51D7C2C24C76455B0B9A1B44D61CB4E280502.apk

  • Size

    4.0MB

  • Sample

    230307-3d95ascb71

  • MD5

    74b8956dc35fd8a5eb2f7a5d313e60ca

  • SHA1

    322bfcfc2f2cfcfb759bc61b021a498c1955937b

  • SHA256

    7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502

  • SHA512

    772e0ae703b9cb3bb62c490366023026845aa80d793211dbc95606795659f88fa58e510ab1fdb129ee01159560ae071312c9de98cbcdbf574b015a791a0960ac

  • SSDEEP

    98304:zQEneeg1QRd7c43GVDssvvO9h9CwfLyEefawrQ:zQEnzg2RD2Vjgfzyzawk

Malware Config

Targets

    • Target

      7C805F51EE3B2994E742D73954E51D7C2C24C76455B0B9A1B44D61CB4E280502.apk

    • Size

      4.0MB

    • MD5

      74b8956dc35fd8a5eb2f7a5d313e60ca

    • SHA1

      322bfcfc2f2cfcfb759bc61b021a498c1955937b

    • SHA256

      7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502

    • SHA512

      772e0ae703b9cb3bb62c490366023026845aa80d793211dbc95606795659f88fa58e510ab1fdb129ee01159560ae071312c9de98cbcdbf574b015a791a0960ac

    • SSDEEP

      98304:zQEneeg1QRd7c43GVDssvvO9h9CwfLyEefawrQ:zQEnzg2RD2Vjgfzyzawk

    • SOVA_v5 payload

    • Sova

      Android banker first seen in July 2021.

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks