sova | b76cb30c0c15e840e67e826f786ccbd9e74351b7c5100b5b760528b32fb77cff | Triage

Submit
Reports

Overview

overview

Static

static

7

15eae9134d...60.apk

android-9-x86

15eae9134d...60.apk

android-10-x64

15eae9134d...60.apk

android-11-x64

Sharing

General

Target

3fe3fa5fbebcf71367586d6d2a3824f9.bin
Size

4.4MB
Sample

230309-bk6xnshh85
MD5

7b5a156a417d14e686306c672e71433b
SHA1

7fcc592813d8b4645c919e0a8a5ec83279b31fb8
SHA256

b76cb30c0c15e840e67e826f786ccbd9e74351b7c5100b5b760528b32fb77cff
SHA512

4e8fe8b7407ef5c6102c3366504fb1a0a3bbce8acc5c5e763ecde0407fc0903b86b6e21844e4598558c7da9319cc8737ebdce6646096bc570dc46d1a15a46f2d
SSDEEP

98304:H+5ExftwAC7QgRTRSSS8eh4f9B4dpBh3sBx/NzjnD:H+O7gBEL+z4dprm/J

Score

10^/10

sova sova_v5 android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15eae9134dac9268cbf005c23299c88dd5c5176a240201da751691a543375360.apk

Resource

android-x86-arm-20220823-en

sova sova_v5 banker evasion infostealer trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

15eae9134dac9268cbf005c23299c88dd5c5176a240201da751691a543375360.apk

Resource

android-x64-20220823-en

sova sova_v5 banker infostealer trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

15eae9134dac9268cbf005c23299c88dd5c5176a240201da751691a543375360.apk

Resource

android-x64-arm64-20220823-en

sova banker evasion infostealer trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

sova_v5

C2

aHR0cDovLzQ1LjE0My4xMzguMTMz

aHR0cDovL2hhYmVyYXNhbmJpemRlbm96ZWxndW5kZW0uY28udnUv

Targets

- Target
  
  15eae9134dac9268cbf005c23299c88dd5c5176a240201da751691a543375360.apk
- Size
  
  4.7MB
- MD5
  
  3fe3fa5fbebcf71367586d6d2a3824f9
- SHA1
  
  900122232d087a1b189168096798ef40a94ac442
- SHA256
  
  15eae9134dac9268cbf005c23299c88dd5c5176a240201da751691a543375360
- SHA512
  
  e2e847e6a99a7e106429024d52b2898346f7bdd2d42d4ab815300fd4aa6448532ebd5e72e637bcc843f367d491c421f3144a1d8630fd9e0547a2b3f56d6144dd
- SSDEEP
  
  98304:RWY/5eMi8wI0KAho87G0hsdQi3UGcJxuEfBAK7KSN1hwV:RW4e98VioNDdQi39cPrfBFKSNcV
Score

10^/10

sova sova_v5 banker evasion infostealer trojan
- SOVA_v5 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Sova_v5
  Android banker first seen in July 2021.
  banker trojan infostealer sova_v5
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovasova_v5bankerevasioninfostealertrojan

behavioral2

sovasova_v5bankerinfostealertrojan

behavioral3

sovabankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy