Overview

overview

10

Static

static

7

obf2.apk

android-9-x86

10

obf2.apk

android-10-x64

10

obf2.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    obf2.apk

  • Size

    4.5MB

  • Sample

    230317-lpfw6afe57

  • MD5

    796f99f95297d5a4f569f7736ae1bc44

  • SHA1

    78ec290ec357a1d32af01db76b153bfe59d752da

  • SHA256

    cebc8d19438e9af6f337ca473123fffbd890e4f66e31e93ee85902a17cef6efc

  • SHA512

    c99fc7d97d0f3d63e08f7fb7c2ece579a0eb52ffe423efc2cc34975683f2da400a080f6540abd00ce0001f4eba1f8857d6de5bc070efea956d1d9f138908e7bd

  • SSDEEP

    98304:2x+iewanbOUhJxqY/x9wTrczq8SGbMtYqmAMEbaj7+cEpcxM4xhV:2xcOU7xqYgTQVzMtpV+6CL

Score
10/10
sovaandroidbankerevasioninfostealertrojan

Malware Config

Targets

    • Target

      obf2.apk

    • Size

      4.5MB

    • MD5

      796f99f95297d5a4f569f7736ae1bc44

    • SHA1

      78ec290ec357a1d32af01db76b153bfe59d752da

    • SHA256

      cebc8d19438e9af6f337ca473123fffbd890e4f66e31e93ee85902a17cef6efc

    • SHA512

      c99fc7d97d0f3d63e08f7fb7c2ece579a0eb52ffe423efc2cc34975683f2da400a080f6540abd00ce0001f4eba1f8857d6de5bc070efea956d1d9f138908e7bd

    • SSDEEP

      98304:2x+iewanbOUhJxqY/x9wTrczq8SGbMtYqmAMEbaj7+cEpcxM4xhV:2xcOU7xqYgTQVzMtpV+6CL

    Score
    10/10
    sovabankerinfostealertrojanevasion

    • SOVA_v5 payload

    • Sova

      Android banker first seen in July 2021.

      bankertrojaninfostealersova

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks