Overview

overview

10

Static

static

6

GossApp.apk

android-10-x64

10

GossApp.apk

android-11-x64

10

GossApp.apk

android-13-x64

10

GossApp.apk

android-9-x86

10

Resubmissions

08/03/2024, 06:59

240308-hr38paaa23 10

27/03/2023, 09:49

230327-lthxbacg65 10

Analysis

  • max time kernel
    301s
  • max time network
    312s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    08/03/2024, 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GossApp.apk

  • Size

    4.7MB

  • MD5

    5cee458cb64d9c7a76783b571053adca

  • SHA1

    b89773087c9796b8088cfc4271829dffa156b4bc

  • SHA256

    bcbabb9b07b4d8e4b592dfaf3c8e261b66896134121b576b17f069eaeaeaa01f

  • SHA512

    8ea6bff4e67afc35a52ea5dfdb58cdb2e7dc26073d4ddfd2cc4e9757b1e769e9dca0fc5b43c56325aa54b98655d3dfa4a302e883bc9ffd33135894c8c30647a6

  • SSDEEP

    98304:Gwpw2RmWRq8ePkCcbBfowwD+6Qw+zJgT/gh002GD:G72Rb1eMCc4DiFdKa

Score
10/10
sovabankercollectionevasioninfostealertrojan

Malware Config

Extracted

Family

sova

C2

http://85.217.144.114

http://85.217.144.115

Signatures

  • SOVA_v5 payload 1 IoCs
  • Sova

    Android banker first seen in July 2021.

    bankertrojaninfostealersova
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.pulp.high
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Reads the contacts stored on the device.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4462

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.pulp.high/app_DynamicOptDex/SjP.json
    Filesize

    2.2MB

    MD5

    3b6bd6be37bf8b85ea8062cbdc5794de

    SHA1

    a1cdc1bfb25bd9b74e29000597f3c9eb5b6beb1f

    SHA256

    c2c885c6181e300e48b63da3087f6d1bf5031f39fc8f519147d25e5f829d5516

    SHA512

    b5b01094fb759c5fdc45737111dd112157a3d47e57974d56db43b134ffab43c175ceb2eb70a35b2dce787a503b06e224a34a5e0271e49d111399b5c345875af8

    Download Submit

  • /data/data/com.pulp.high/app_DynamicOptDex/SjP.json
    Filesize

    565KB

    MD5

    9b79fe504a1b6116a9ef8d595b808163

    SHA1

    135a46b7f91731de720b0b9b1f3c3521666fd38d

    SHA256

    d6449efd2615d467448f86f01c8fc5ef9ffadfdfce455777d8372110778171b2

    SHA512

    35c9e660104a572ae5224213b0e61f0d8b3b5db2d2122c428c406d8ed5e64472ec2e21e61d037a6d702d4a137755cee96a5334baa490952551014c42e0089653

    Download Submit

  • /data/data/com.pulp.high/app_DynamicOptDex/oat/SjP.json.cur.prof
    Filesize

    5KB

    MD5

    44767763946e3d94cfda9733d75bcf6f

    SHA1

    03157eff041c2262eec92bce1b4b1e91e6ba03c5

    SHA256

    a69dc602c37b77427749ec01fcbd0cde44df4e062fd7af9edde1edd7fb70a89d

    SHA512

    df152b300a3bdbf3525f5dc836d7dd9e5abf29ba9a29be89fd6558ce2ebb3a08b67d1304c4fc9de6b01b5f515a38888637ef7e6efbd3ba18177bdc8c79e5aba4

    Download Submit

  • /data/data/com.pulp.high/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/com.pulp.high/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    aaadbc843c3c74ec1c7394d4b735661c

    SHA1

    d33c9c8d65ed9f569d8e5dc3b724a10abc7fbd25

    SHA256

    4090ab0d0a540741c8678dc19fff70d26eba6185dc61bed2df2716048d47e2af

    SHA512

    aa21248f79fb58cfed3f045ec84616255881ec6e29f519a0882d5c5324799686cc9652072ee65c02bdc6019aae8fcd8c1117731e3f0e4d2b4c19eb78302e343a

    Download Submit

  • /data/data/com.pulp.high/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.pulp.high/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    edacabfb802c6ec74a00be83d16ca50a

    SHA1

    4703009522880f53ad39b161398877d93fb5fffa

    SHA256

    84fdd72e8c1a809c1e2714acceb72a382c3a521707c5f7ee645a16817743d5ee

    SHA512

    15fb6791711c6a084eadd4bcc3c810ea2b126e14fc0d7a2aa228f16ce167a62ae72c7aa64a2c1a1d2c5bbe5a17fc1c7bd7bb2e18a2607c138baf9e5a9c4838bf

    Download Submit

  • /data/data/com.pulp.high/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    ea1c75b2330f4f4b61fa0a1f91f23509

    SHA1

    f6659a60b6385fb310306dfc41e80e287691a98e

    SHA256

    78357f72eca8c80ec76b9ecfea700d4a0747ef00f19d458a0c292ef3f00d1b9d

    SHA512

    a552d6cc2fbbc72c00cece2b647cc1d2dd4f5ad89573605f1263ab0677c4143a7bc080971b9d2135883019460ba6183c41872804d4bd16af9b42efe5248e8499

    Download Submit

  • /data/data/com.pulp.high/no_backup/androidx.work.workdb-wal
    Filesize

    156KB

    MD5

    f150324d4c4ab07262b4bd9eeef51cd2

    SHA1

    38ff91c4be3d2340a720d90ee34c26d9e40229e5

    SHA256

    4ba10b593a8962767c7cc474d14f8d3313ab0ab905f126392a527c926f2534af

    SHA512

    27f44a4af7f9176c659be0ef103ecb9daf634dd06732e30e7ab674b6c335b85bf7aa49c89e668f6ce4e46696d33daac469ea37a10245b6db7bd17d95e1239ae4

    Download Submit

  • /data/user/0/com.pulp.high/app_DynamicOptDex/SjP.json
    Filesize

    6.1MB

    MD5

    282078461929bd3e1a32d5d7b822c737

    SHA1

    61b8e90dec9e53b195de009ee21a3fef29b2ed64

    SHA256

    6832e8722db811e07879b8bba0d608017745d67a0174be5fd8506b030efc1a07

    SHA512

    c973cd5127a29f5dfae57d58180c7391031487870d16be4f772e5489edb5c5dff2a9e13247b59bbc2b2c9d1a749dbee470db300c8d6b01791ecef1a6ed8114c3

    Download Submit