Extracted

• • Target

    app.apk

  • Size

    4.7MB

  • MD5

    0638956a7c551e01dcc6a2cd52886d31

  • SHA1

    178a8b22748d08a62c8b1ecdfd82a1f6dd16dbc9

  • SHA256

    2d2aa0beb3ed562bc563065bb618130e91c615ae6a031efec263149fd997e565

  • SHA512

    f25f1b64ec0c8296002c1d209b8de05d7c2c23a9351927f3f7d3c491eef4eec826ddc130e9e56876796d469e45dbb482659d3de32f876fd74e8117c0c2bdcc59

  • SSDEEP

    98304:FEUd/867295c1t1I4uaMo0Lqy4ZOzGq02LsBqG:38q294naTLoZOzGqc

  Score

  10^/10

  sova_v5bankerevasioninfostealerstealthtrojan

  • Sova_v5

    Android banker first seen in July 2021.

    bankertrojaninfostealersova_v5

  • Makes use of the framework's Accessibility service.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Removes a system notification.

    evasion
  behavioral1behavioral2