Resubmissions

24-04-2024 11:50

240424-nzl72ahe3w 10

12-04-2024 13:59

240412-ravpnaah86 10

28-02-2024 13:25

240228-qnw9zacf2t 8

28-02-2024 12:56

240228-p6fjhacb22 10

19-02-2024 08:01

240219-jw15kaba7y 10

03-01-2024 08:46

240103-kpajpscdcp 10

General

  • Target

    sova.apk

  • Size

    569KB

  • Sample

    240228-qnw9zacf2t

  • MD5

    01b6f0220794476fe19a54c049600ab3

  • SHA1

    eb9dfde47a393bca666e947f285f16c20baf6c32

  • SHA256

    8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57

  • SHA512

    ac3031a6dbc5bb0d1e609979336487f14efe58f8e87480e5ef7f79c2abae56977ca444bbb5bbc7970d9c416f9c754b9fedf2bdef3b7b311c2e95e07350f9c892

  • SSDEEP

    12288:C89uYjYV1jiNQ7l5DFQo2d8GmEFDipRdWp8+iZiZ5t:9jYniCF6d8iiXg825t

Malware Config

Targets

    • Target

      sova.apk

    • Size

      569KB

    • MD5

      01b6f0220794476fe19a54c049600ab3

    • SHA1

      eb9dfde47a393bca666e947f285f16c20baf6c32

    • SHA256

      8a6889610a18296e812fabd0a4ceb8b75caadc5cec1b39e8173c3e0093fd3a57

    • SHA512

      ac3031a6dbc5bb0d1e609979336487f14efe58f8e87480e5ef7f79c2abae56977ca444bbb5bbc7970d9c416f9c754b9fedf2bdef3b7b311c2e95e07350f9c892

    • SSDEEP

      12288:C89uYjYV1jiNQ7l5DFQo2d8GmEFDipRdWp8+iZiZ5t:9jYniCF6d8iiXg825t

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

    • Acquires the wake lock

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks