sova | 7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502 | Triage

Sharing

General

Target

7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502.apk
Size

4.0MB
Sample

231109-tl1fdsbg26
MD5

74b8956dc35fd8a5eb2f7a5d313e60ca
SHA1

322bfcfc2f2cfcfb759bc61b021a498c1955937b
SHA256

7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502
SHA512

772e0ae703b9cb3bb62c490366023026845aa80d793211dbc95606795659f88fa58e510ab1fdb129ee01159560ae071312c9de98cbcdbf574b015a791a0960ac
SSDEEP

98304:zQEneeg1QRd7c43GVDssvvO9h9CwfLyEefawrQ:zQEnzg2RD2Vjgfzyzawk

Score

10^/10

sova android banker evasion infostealer trojan

Malware Config

Targets

- Target
  
  7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502.apk
- Size
  
  4.0MB
- MD5
  
  74b8956dc35fd8a5eb2f7a5d313e60ca
- SHA1
  
  322bfcfc2f2cfcfb759bc61b021a498c1955937b
- SHA256
  
  7c805f51ee3b2994e742d73954e51d7c2c24c76455b0b9a1b44d61cb4e280502
- SHA512
  
  772e0ae703b9cb3bb62c490366023026845aa80d793211dbc95606795659f88fa58e510ab1fdb129ee01159560ae071312c9de98cbcdbf574b015a791a0960ac
- SSDEEP
  
  98304:zQEneeg1QRd7c43GVDssvvO9h9CwfLyEefawrQ:zQEnzg2RD2Vjgfzyzawk
Score

10^/10

sova banker evasion infostealer trojan
- SOVA_v5 payload
- Sova
  Android banker first seen in July 2021.
  banker trojan infostealer sova
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  actionsQueue.js
- Size
  
  14KB
- MD5
  
  02b28e8b78ee30fa36b451f59984e265
- SHA1
  
  4ed97513f394305e3fde9b217945a919cafc1181
- SHA256
  
  61de71f86447e698d48ca9e4f691c3bbbe3997f31323ea8441c3e5994092a09b
- SHA512
  
  e0e82b929c05670cba2d2fdb85a0092665648bc0a299546e80ef091d61fbca3e63fcb576443cd6c047f3eaa8d8443c61eeaf258fe56251cf83889a7a560dec57
- SSDEEP
  
  192:ylpi0RiSH+IGqSCz84o3SCFia31NsjIsjYxqi+MC/RSYFIF8zE4Ogtu69xIOHEMa:mNeICibDI94OnXgPKce
Score

1^/10
behavioral4 behavioral5
- Target
  
  chrome.html
- Size
  
  202KB
- MD5
  
  5a009d0338421256f7b927c24783ecad
- SHA1
  
  c53888d0f03be097c63f043a5db2d51dad2f6bfd
- SHA256
  
  21ed31e685390653c27bc5717173badf6787e1654fbd1167cd0bedd4e56cdf22
- SHA512
  
  5b22ccf9f308ccb5e6676e8f825075f7a92ea35b0cc050442e1bf5c90f41c1f1d544a885f1c89e595868089e8739269ba567e2d86f3fb359543f91f8c2b15feb
- SSDEEP
  
  6144:4I6bDBXhwewZ8mK0zgT0p7CW7Zx52tTwyPpR7gEt:abDBXRwZ8m/zgktP58c4WEt
Score

1^/10
behavioral6 behavioral7
- Target
  
  mraid.js
- Size
  
  44KB
- MD5
  
  b8e2504def9c61f2d1350a6fb33c8ab6
- SHA1
  
  29b50211f8c1adce03de566dc04ab8e00a28b0a5
- SHA256
  
  3bc6833d3a84fae3e4a74ba05b12945e8cd76b5a9f2a1ff5ccffbf61cdb4ed3a
- SHA512
  
  ea33c05fa27aae50bf2b2424994e998bae86d32fa2c5b8f19f7cecb2f2c700e731c25721c38acca76155a9b485b84df6f6ee0f70aa6ae8ac3c326bf0f70403af
- SSDEEP
  
  384:QNeICibDI94OnXgPKLeALdCW/yi8Ld8U7mPO:QIIrbJKi
Score

1^/10
behavioral8 behavioral9
- Target
  
  nointernet.html
- Size
  
  551B
- MD5
  
  6c2f16445d9aec3236eaf027852b8ae0
- SHA1
  
  76854c00267dfc7276eeee12e6df96c5a82d1646
- SHA256
  
  9d647b7f81404d0744ebd1ead58bf8a6f3b6beb0a98583a907a00b38ff9843c2
- SHA512
  
  fc835b8d68aec6ebe727268148c36bc6e4ec991d984e5b80f4f15c75d9de1a52341ef09735bb16e3c390a45ca483032a2fd393bd63d86bd067f25a3276958437
Score

1^/10
behavioral10 behavioral11
- Target
  
  omsdk-v1.js
- Size
  
  38KB
- MD5
  
  ad0804e22766a82341b4cbe639b526cf
- SHA1
  
  a1458ea624e10faaaf141db97d90ccfcb7f3c075
- SHA256
  
  4c61d4b14a471fe10f71845713be9417cfbd90222a41c9c8023e915a231a3be2
- SHA512
  
  a68e23dd287626a3670b1fd52a3cb18a158d3d7636b1a1bc473f61fb213f70a8488dc6c830ac53a3653f4457e74c71a2483992c3d2d69f586c89f810f2bb0907
- SSDEEP
  
  768:RRB6W8jP2VVh4gKqf3y6iPxjggbtoPqaK57Q2/9vt5ZBFus9cAZhmUs+2ZnIezGp:RRBv872zf3anxoPqaK57Q2/9vt5ZBF5J
Score

1^/10
behavioral12 behavioral13
- Target
  
  unique.html
- Size
  
  20KB
- MD5
  
  a5f8f406fc9e2dbfcdee2cad0c6703cf
- SHA1
  
  4903d7caad6fb3dfc6466896b7b9418bee381630
- SHA256
  
  1b5f986ddee68791fffe37baa4c551feae8016a1b3964ede7e49ec697c3ce26b
- SHA512
  
  d56389242b2c97471d3f7e99955d44c7cfe27452cfb60588e63b5e512919995408012a18bbb2201c761705ac367b4aeaa5262bc73372b63fdc2813382f5da4ae
- SSDEEP
  
  384:lF5gQ2RGaTQSHxpG82WiviKiIiciHi6iKiFi6iKiFicisiqili8inioinihiniZu:l3gQ2RGaTQSHcqzlRCjz0jz0RhTUxiFT
Score

1^/10
behavioral14 behavioral15
- Target
  
  weex-main-jsfm.js
- Size
  
  178KB
- MD5
  
  3dc3e9dee9ba7eabea0292e7ba766e75
- SHA1
  
  eb62571b34f491197cac2c32a8ef5a98670cce75
- SHA256
  
  7f9fbb1ad0d65be1a23af810ed010e831e7d9cc053953ee7d1b853ae24b79f2f
- SHA512
  
  c59dfecb2a1ceb9ed09db8a9e1cb1355975ef8b3dcb1320311d6f157accf7fb6fc612d6d56dda255aba0e2e8dfd8e13e524b42471d55dcf9c77d28d96a11a13d
- SSDEEP
  
  3072:pJ4aoSysY2Aqv/ekJd/fasVR2HP9FPG8Veoo:MaoP4Aqv/ekJRf2P9Fxo
Score

1^/10
behavioral16 behavioral17

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sovabankerevasioninfostealertrojan

behavioral2

sovabankerevasioninfostealertrojan

behavioral3

sovabankerevasioninfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17