sova | cebc8d19438e9af6f337ca473123fffbd890e4f66e31e93ee85902a17cef6efc

Analysis

max time kernel
4009056s
max time network
162s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
17/03/2023, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

obf2.apk
Size

4.5MB
MD5

796f99f95297d5a4f569f7736ae1bc44
SHA1

78ec290ec357a1d32af01db76b153bfe59d752da
SHA256

cebc8d19438e9af6f337ca473123fffbd890e4f66e31e93ee85902a17cef6efc
SHA512

c99fc7d97d0f3d63e08f7fb7c2ece579a0eb52ffe423efc2cc34975683f2da400a080f6540abd00ce0001f4eba1f8857d6de5bc070efea956d1d9f138908e7bd
SSDEEP

98304:2x+iewanbOUhJxqY/x9wTrczq8SGbMtYqmAMEbaj7+cEpcxM4xhV:2xcOU7xqYgTQVzMtpV+6CL

Score

10^/10

sova banker infostealer trojan

Malware Config

Signatures

SOVA_v5 payload 1 IoCs

resource	yara_rule
behavioral2/memory/4716-0.dex	family_sova_v5

Sova
Android banker first seen in July 2021.
banker trojan infostealer sova

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.prefer.diesel/app_DynamicOptDex/YLwWN.json	4716	com.prefer.diesel

Looks up external IP address via web service 6 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	ip-api.com
54	ip-api.com
63	icanhazip.com
65	ip-api.com
69	icanhazip.com
70	icanhazip.com

com.prefer.diesel
1⤵
- Loads dropped Dex/Jar
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.prefer.diesel/app_DynamicOptDex/YLwWN.json

Filesize
2.2MB

MD5
eb678082c2581f28f9202479dc0bb174

SHA1
0c437c857ea1a330706ff0639d97d98965ca622c

SHA256
8d60f37f8aeb3d7ace7e6fb501fdcfaa7e3a183f5841b9845dbcd659656dd7f6

SHA512
39a0f435462b95b71921b5c0637263a3ccb49c589da589993389d1669b9364500cea0184351b77599e7552812cc1144fbb89a9e0fbe8a5dbf41d97389eae0fd7

Download Submit
/data/user/0/com.prefer.diesel/app_DynamicOptDex/YLwWN.json

Filesize
6.0MB

MD5
e76a3426fa79e28b2ce2fe2795ba2ef6

SHA1
3dd30a7106197e4ff4e593f00e049d352bea7c1f

SHA256
12796f8750d450d85ed0e3d18f2ce05875f3544ea82bf750bb79bf88944a0866

SHA512
ad549079baa4f3d2b8a3c0a62cf1a55e34982a3970bc12b09a9adf018089e45d837e0354ce4e27b64e44cd027fb06d0c36a1ac06adb9a47d78aaf387faf252b5

Download Submit
/data/user/0/com.prefer.diesel/no_backup/androidx.work.workdb

Filesize
8KB

MD5
b6ca8b30661a7844ed292db75a29a953

SHA1
8e0d397ab1f2ced1f143829084c3f53333743bdd

SHA256
63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

SHA512
d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

Download Submit
/data/user/0/com.prefer.diesel/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
711f99c92ee4ee1f02b15d03484dbfe3

SHA1
bbdd11a7b7b29d4c7066565cf95cadd9b6fb0de7

SHA256
82779fa4ad102f65557ff68e6a91f96aefe73ce3ac46c80f2aa6a49ce33e84b1

SHA512
2d9d7fa78169a72f42f95843cde56196c9bc5019ddf40ba9c429d9a4d6e19bb9f0fac0bd2450fd0bda6ea09fcb51071aeae481ccdbde0a1561c0bf02190dd698

Download Submit
/data/user/0/com.prefer.diesel/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.prefer.diesel/no_backup/androidx.work.workdb-wal

Filesize
394KB

MD5
1ac1a8bdba368b8e6fa933ebf97866ad

SHA1
bb9bb3f0ac755efff7e390e68a73e973316aeea2

SHA256
625edb543861d38847ef35ac691f3fda445b721d28c70bd909f86322bd55044c

SHA512
3aadfceeb20f6d783d46730c33155c18d18a49bb87f640c845b50c912656fee70bc4fc10152258f8377f431b5deed4d03c4b07a35ba803c81e0846f32f27dabf

Download Submit