sova | 4b145be6d1fabdde7f70b80bd4f0a9d31611b14cd28e883982c45bedbd12b733 | Triage

Submit
Reports

Overview

overview

Static

static

7

bbaf483c2b...aa.apk

android-9-x86

bbaf483c2b...aa.apk

android-10-x64

bbaf483c2b...aa.apk

android-11-x64

Resubmissions

09-03-2023 12:47

230309-p1qghscd58 10

09-03-2023 01:19

230309-bpm1csgh5v 10

Sharing

General

Target

4b0e93354da17984f0bef68b9ab83380.bin
Size

4.3MB
Sample

230309-bpm1csgh5v
MD5

15169ff91884e9519ff5b063b8eb68bf
SHA1

c92b46e200ca060fce320721a5f0afcd73a4d836
SHA256

4b145be6d1fabdde7f70b80bd4f0a9d31611b14cd28e883982c45bedbd12b733
SHA512

94c2ccec87f1b6505c0f0ddce0578bc0422b9e805e6186b01e1947c576d83a10d1134c16aa5d5fd380418669ca4d4befb295aa3f9447f03839f09af4dd48c642
SSDEEP

98304:D26NaOiwXZXFNEWncjslVuM4ENGqrXc88nw5KXSOuYFh1d:D26N3fzVcjsb34EhrXcM5cdpd

Score

10^/10

sova sova_v5 android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bbaf483c2b6f67f22eb6e1fa00f200e9c1e201b0110070acaefd416cf846b1aa.apk

Resource

android-x86-arm-20220823-en

sova sova_v5 banker evasion infostealer trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbaf483c2b6f67f22eb6e1fa00f200e9c1e201b0110070acaefd416cf846b1aa.apk

Resource

android-x64-20220823-en

sova sova_v5 banker infostealer trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

bbaf483c2b6f67f22eb6e1fa00f200e9c1e201b0110070acaefd416cf846b1aa.apk

Resource

android-x64-arm64-20220823-en

sova banker evasion infostealer trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

sova_v5

C2

aHR0cDovL25leHN1c2xhemltLm5ldDo1MDAw

aHR0cDovLzUuMTYxLjIzLjEyMjo1MDAw

aHR0cDovL25leHN1c2xhemltMS5uZXQ6NTAwMA\u003d\u003d

Targets

- Target
  
  bbaf483c2b6f67f22eb6e1fa00f200e9c1e201b0110070acaefd416cf846b1aa.apk
- Size
  
  4.7MB
- MD5
  
  4b0e93354da17984f0bef68b9ab83380
- SHA1
  
  bff351735b6153339cc8d52089495db0533392b3
- SHA256
  
  bbaf483c2b6f67f22eb6e1fa00f200e9c1e201b0110070acaefd416cf846b1aa
- SHA512
  
  7353933b7919a87feae7345a09eb2e90bfa32723ae5a0df0d879ca29f0184ce799d1ed625564fc1d095154567618b8d4b79a6fadc0e1b669bafbfde9d6ff9933
- SSDEEP
  
  98304:pza2GxDDbL6zkfwe+0F3hoiLUpbcqon9BsTBAx5r3LyNXvOwxHMRA2QAFZ:pzMxDDbL6ew6Ro6Szo9BCBAxs8wtkA2f
Score

10^/10

sova sova_v5 banker evasion infostealer trojan
- SOVA_v5 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Sova_v5
  Android banker first seen in July 2021.
  banker trojan infostealer sova_v5
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovasova_v5bankerevasioninfostealertrojan

behavioral2

sovasova_v5bankerinfostealertrojan

behavioral3

sovabankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy