Overview

overview

10

Static

static

7

d8b81583ff...6a.apk

android-9-x86

10

d8b81583ff...6a.apk

android-10-x64

10

d8b81583ff...6a.apk

android-11-x64

10

chrome.html

windows7-x64

1

chrome.html

windows10-2004-x64

1

libalog.so

debian-9-armhf

1

libapminsighta.so

debian-9-armhf

1

libvcnverify.so

debian-9-armhf

1

libvcnverifylite.so

debian-9-armhf

1

libvctfo.so

debian-9-armhf

1

libvideodec.so

debian-9-armhf

1

libxz-main.so

debian-9-armhf

1

libzstd-jn...ess.so

debian-9-armhf

1

nointernet.html

windows7-x64

1

nointernet.html

windows10-2004-x64

1

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

unique.html

windows7-x64

1

unique.html

windows10-2004-x64

1

Analysis

  • max time kernel
    3610072s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
  • submitted
    08-08-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8b81583ff8b6bbd0d16bf8dacd2aa66b6627d506e365efe0e15589c94eee56a.apk

  • Size

    4.6MB

  • MD5

    be6e50b14431534cf3a87a080b7e0a74

  • SHA1

    5074fc1dee2d8cfe26b65671398b0c4b4e1c6447

  • SHA256

    d8b81583ff8b6bbd0d16bf8dacd2aa66b6627d506e365efe0e15589c94eee56a

  • SHA512

    d1da324a1c0db96098f2d2a94d523835cfbfe758c3ff6bf2f81f8eed0317674ff824ef7951742b9d21f9d333ff456429ab75ee2f1a528cd88312d6e287dfff82

  • SSDEEP

    98304:F/x5ntlwuBPRaIcSX7c3HTE6dcrxvlfU5ikBP0pjuoeKkCbo0Y8:F7/v5rcg7cDE6dcrVFU5ikBP0pjfIv8

Score
10/10
sovabankerinfostealertrojan

Malware Config

Extracted

Family

sova

C2

http://85.31.45.129

http://85.31.45.130

Signatures

  • SOVA_v5 payload 2 IoCs
  • Sova

    Android banker first seen in July 2021.

    bankertrojaninfostealersova
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.spot.best
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:4070
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.spot.best/app_DynamicOptDex/uhbiMOF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.spot.best/app_DynamicOptDex/oat/x86/uhbiMOF.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4167

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.spot.best/app_DynamicOptDex/oat/uhbiMOF.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.spot.best/app_DynamicOptDex/oat/x86/uhbiMOF.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.spot.best/app_DynamicOptDex/oat/x86/uhbiMOF.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.spot.best/app_DynamicOptDex/uhbiMOF.json
    Filesize

    2.2MB

    MD5

    4215030103748cb8caa324d07bf93574

    SHA1

    847d789710f8bd95fc8723ec98e237691778de93

    SHA256

    0b32f8b5c383fe248760159520e108af9df0f40a8c84f2d71019efbe0af19a4e

    SHA512

    671143abaf0ebdb5c06e89ec21696e6e30d82424952972c2e869a6b3e462d300dbe7116db2b8f1a4f2067ad9914bf22aa66284692589d3cf92acf880a41fe6f8

    Download Submit

  • /data/user/0/com.spot.best/app_DynamicOptDex/uhbiMOF.json
    Filesize

    6.2MB

    MD5

    1c15afc1a40d41b774944ac37026c942

    SHA1

    0883b8d9ee7b526e27b52691535e365f9df5de2a

    SHA256

    c3c413f67fd789adab7b9c69009c9a17d4b35521846791e0f33db832936ef231

    SHA512

    bbc69645b1b7e3add7fc110f60724884c7a842a740b622d48a1b8034d641c881b3ecb143fecc2247251169b2788cfea0386c4723926808c6679b51aca2212264

    Download Submit

  • /data/user/0/com.spot.best/app_DynamicOptDex/uhbiMOF.json
    Filesize

    6.2MB

    MD5

    0fe5464d3272d88e3ab03fbba1727413

    SHA1

    a7a3acb3a7a66f02a1440fb74bad5f2bcedbd546

    SHA256

    a9e60c6a7ecfa39df68bacfc49d4b2ac46279c896a4648c2993f4d67fadef207

    SHA512

    bbd9c5b53b31ffc3c557de8a03091b7395a17b88f3974dddfdcf83b9c806daa0299de1bdd25954ee68161427c88364570865ad86b30b94d55154e74a8d113f27

    Download Submit

  • /data/user/0/com.spot.best/app_DynamicOptDex/uhbiMOF.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.spot.best/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/user/0/com.spot.best/no_backup/androidx.work.workdb-journal
    Filesize

    524B

    MD5

    f6c55ab24ff0597a2dc8c714a69defc4

    SHA1

    ea536e368eca501f1f7380d7eab5f968e0a352fa

    SHA256

    6034b3efcfcbd09478735f142e308f8eaf203f945bebdadc01499e34d9b82b33

    SHA512

    c62f6382b68293fd40de7814331ebeb7977c1f941e15c79f7a871528e17c79129a780fbba0f1b1da500b8f42ec5355fb2acd7c40552c72cd190652253f964269

    Download Submit

  • /data/user/0/com.spot.best/no_backup/androidx.work.workdb-shm
    Filesize

    8B

    MD5

    7dea362b3fac8e00956a4952a3d4f474

    SHA1

    05fe405753166f125559e7c9ac558654f107c7e9

    SHA256

    af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

    SHA512

    1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

    Download Submit

  • /data/user/0/com.spot.best/no_backup/androidx.work.workdb-wal
    Filesize

    197KB

    MD5

    89e769c6bf14802db96faa51dbf39dd8

    SHA1

    2a80bedc14ce75a3d99d3e08111568baf1d3170f

    SHA256

    33c77e2abf2b7b1cb69260e44232ad15d67bcf90835b1b019961245876fddcd8

    SHA512

    cc49ce08a75468425f1f61a0eba81aff18196fcc70f743c08cc21a77d8b71b98cc880a1be0c11e179ba405c50149af36c26ca3f564f3d590406bc46e2e74ceb7

    Download Submit

  • /data/user/0/com.spot.best/shared_prefs/prefs.xml
    Filesize

    135B

    MD5

    7736f4ed63020ad4ffc2f5359a7c9d64

    SHA1

    58116665dafceb7ae0aaee3bc59717a9a5c00cee

    SHA256

    6fd2c6ee0cc04113fdff44195a45da423aa4643da5653e9220be0fe531c410b8

    SHA512

    10e555b9ff4baa4dbf8ad8fef7563e4756b194595b7794845ea54856e01745bb8eaeef9a5c67da76174fe1832025c9c0d220b49f839b3702d24f5372716a700c

    Download Submit