General
-
Target
9827012060.zip
-
Size
3.9MB
-
Sample
230402-d1j4ysed57
-
MD5
25bc62d7d84cef146ce98af09b6231b9
-
SHA1
544d7c0b7f34ae6d48191cf0ad7d8c09b29157e6
-
SHA256
8b4d8d99b6be57904b4da6140d405bb82e059ef345ae206162ce0fd2b900d18e
-
SHA512
dec1707e5cf291c0c93c27e37028f0efff27ba4af9f8040107abfadc55f6bc7f362c67ebc51b45a58afcb7aaa3f8ef97db2674df365aa58a1e7557bb959a7cae
-
SSDEEP
98304:kY2wM2ZKpFEtbEOhN4Mkrmy8/u4gtCCKjnVmoKgudv/1n:k52ZKQtEKNvkrTyu4uCFAbt/J
Static task
static1
Behavioral task
behavioral1
Sample
3dcd8e0cf7403ede8d56df9d53df26266176c3c9255a5979da08f5e8bb60ee3f.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
3dcd8e0cf7403ede8d56df9d53df26266176c3c9255a5979da08f5e8bb60ee3f.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
3dcd8e0cf7403ede8d56df9d53df26266176c3c9255a5979da08f5e8bb60ee3f.apk
Resource
android-x64-arm64-20220823-en
Malware Config
Extracted
sova
http://5.161.97.57:5000/
Targets
-
-
Target
3dcd8e0cf7403ede8d56df9d53df26266176c3c9255a5979da08f5e8bb60ee3f
-
Size
4.3MB
-
MD5
d87e04db4f4a36df263ecbfe8a8605bd
-
SHA1
1c99c658e30c672927dccbd8628107abf36d990d
-
SHA256
3dcd8e0cf7403ede8d56df9d53df26266176c3c9255a5979da08f5e8bb60ee3f
-
SHA512
101c8f7326e1d617f515ce94490a54772c2550e3b48158a055f3ea2c47efa82e9a90ea626e60f7f2cf3dbf36be77599fb8a3b9f1620c28b8253549069a1a2d5d
-
SSDEEP
98304:gjYTsK5/hRKuT8kLp0EDb1putwdre5VRLmoVE9zOEhqRbcs:/wK55J8gRBp3dre5VRaoe9zhibV
Score10/10-
SOVA_v5 payload
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-