sova | cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4 | Triage

Submit
Reports

Overview

overview

Static

static

7

cf13b98703...c4.apk

android-9-x86

cf13b98703...c4.apk

android-10-x64

cf13b98703...c4.apk

android-11-x64

Sharing

General

Target

cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4.apk
Size

4.7MB
Sample

230322-s8wkaabf3y
MD5

15c23886c4c3be5160c1db5e536cbc24
SHA1

304d205c56b2d374c12701c9c1e20cad068c24f2
SHA256

cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4
SHA512

16a8db9cf15eb088bd24ed2fe3e366c8ec36ba3390833965f4cbbe47dc526fd349f9919f0ce42c04e9a0a911d1e847e37c52ef4384a80274a518e396dee3e624
SSDEEP

98304:+hoeT1ggRBPzVNk6KcWJVDdJ4FyII0azrzBlwrZMVJP0/hLNFe:+hhbnVu6LWJVZJuyxRrwSye

Score

10^/10

sova sova_v5 android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4.apk

Resource

android-x86-arm-20220823-en

sova sova_v5 banker evasion infostealer trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4.apk

Resource

android-x64-20220823-en

sova sova_v5 banker infostealer trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4.apk

Resource

android-x64-arm64-20220823-en

sova sova_v5 banker evasion infostealer trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4.apk
- Size
  
  4.7MB
- MD5
  
  15c23886c4c3be5160c1db5e536cbc24
- SHA1
  
  304d205c56b2d374c12701c9c1e20cad068c24f2
- SHA256
  
  cf13b9870395865dff925eee46eb85a087ac020e5e977f516e72dee346fbe2c4
- SHA512
  
  16a8db9cf15eb088bd24ed2fe3e366c8ec36ba3390833965f4cbbe47dc526fd349f9919f0ce42c04e9a0a911d1e847e37c52ef4384a80274a518e396dee3e624
- SSDEEP
  
  98304:+hoeT1ggRBPzVNk6KcWJVDdJ4FyII0azrzBlwrZMVJP0/hLNFe:+hhbnVu6LWJVZJuyxRrwSye
Score

10^/10

sova sova_v5 banker evasion infostealer trojan
- SOVA_v5 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Sova_v5
  Android banker first seen in July 2021.
  banker trojan infostealer sova_v5
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sovasova_v5bankerevasioninfostealertrojan

behavioral2

sovasova_v5bankerinfostealertrojan

behavioral3

sovasova_v5bankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy