General
-
Target
sova.apk
-
Size
569KB
-
Sample
240228-qnw9zacf2t
-
MD5
01b6f0220794476fe19a54c049600ab3
-
SHA1
eb9dfde47a393bca666e947f285f16c20baf6c32
-
SHA256
8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57
-
SHA512
ac3031a6dbc5bb0d1e609979336487f14efe58f8e87480e5ef7f79c2abae56977ca444bbb5bbc7970d9c416f9c754b9fedf2bdef3b7b311c2e95e07350f9c892
-
SSDEEP
12288:C89uYjYV1jiNQ7l5DFQo2d8GmEFDipRdWp8+iZiZ5t:9jYniCF6d8iiXg825t
Static task
static1
Behavioral task
behavioral1
Sample
sova.apk
Resource
android-x86-arm-20240221-en
Malware Config
Targets
-
-
Target
sova.apk
-
Size
569KB
-
MD5
01b6f0220794476fe19a54c049600ab3
-
SHA1
eb9dfde47a393bca666e947f285f16c20baf6c32
-
SHA256
8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57
-
SHA512
ac3031a6dbc5bb0d1e609979336487f14efe58f8e87480e5ef7f79c2abae56977ca444bbb5bbc7970d9c416f9c754b9fedf2bdef3b7b311c2e95e07350f9c892
-
SSDEEP
12288:C89uYjYV1jiNQ7l5DFQo2d8GmEFDipRdWp8+iZiZ5t:9jYniCF6d8iiXg825t
Score8/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-