Overview

overview

10

Static

static

6

GossApp.apk

android-10-x64

10

GossApp.apk

android-11-x64

10

GossApp.apk

android-13-x64

10

GossApp.apk

android-9-x86

10

Resubmissions

08/03/2024, 06:59

240308-hr38paaa23 10

27/03/2023, 09:49

230327-lthxbacg65 10

Analysis

  • max time kernel
    301s
  • max time network
    312s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    08/03/2024, 06:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    GossApp.apk

  • Size

    4.7MB

  • MD5

    5cee458cb64d9c7a76783b571053adca

  • SHA1

    b89773087c9796b8088cfc4271829dffa156b4bc

  • SHA256

    bcbabb9b07b4d8e4b592dfaf3c8e261b66896134121b576b17f069eaeaeaa01f

  • SHA512

    8ea6bff4e67afc35a52ea5dfdb58cdb2e7dc26073d4ddfd2cc4e9757b1e769e9dca0fc5b43c56325aa54b98655d3dfa4a302e883bc9ffd33135894c8c30647a6

  • SSDEEP

    98304:Gwpw2RmWRq8ePkCcbBfowwD+6Qw+zJgT/gh002GD:G72Rb1eMCc4DiFdKa

Score
10/10
sovabankercollectionevasioninfostealertrojan

Malware Config

Extracted

Family

sova

C2

http://85.217.144.114

http://85.217.144.115

Signatures

  • SOVA_v5 payload 1 IoCs
  • Sova

    Android banker first seen in July 2021.

    bankertrojaninfostealersova
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.pulp.high
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Reads the contacts stored on the device.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4462

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.pulp.high/app_DynamicOptDex/SjP.json
          Filesize

          2.2MB

          MD5

          3b6bd6be37bf8b85ea8062cbdc5794de

          SHA1

          a1cdc1bfb25bd9b74e29000597f3c9eb5b6beb1f

          SHA256

          c2c885c6181e300e48b63da3087f6d1bf5031f39fc8f519147d25e5f829d5516

          SHA512

          b5b01094fb759c5fdc45737111dd112157a3d47e57974d56db43b134ffab43c175ceb2eb70a35b2dce787a503b06e224a34a5e0271e49d111399b5c345875af8

          Download Submit

        • /data/data/com.pulp.high/app_DynamicOptDex/SjP.json
          Filesize

          565KB

          MD5

          9b79fe504a1b6116a9ef8d595b808163

          SHA1

          135a46b7f91731de720b0b9b1f3c3521666fd38d

          SHA256

          d6449efd2615d467448f86f01c8fc5ef9ffadfdfce455777d8372110778171b2

          SHA512

          35c9e660104a572ae5224213b0e61f0d8b3b5db2d2122c428c406d8ed5e64472ec2e21e61d037a6d702d4a137755cee96a5334baa490952551014c42e0089653

          Download Submit

        • /data/data/com.pulp.high/app_DynamicOptDex/oat/SjP.json.cur.prof
          Filesize

          5KB

          MD5

          44767763946e3d94cfda9733d75bcf6f

          SHA1

          03157eff041c2262eec92bce1b4b1e91e6ba03c5

          SHA256

          a69dc602c37b77427749ec01fcbd0cde44df4e062fd7af9edde1edd7fb70a89d

          SHA512

          df152b300a3bdbf3525f5dc836d7dd9e5abf29ba9a29be89fd6558ce2ebb3a08b67d1304c4fc9de6b01b5f515a38888637ef7e6efbd3ba18177bdc8c79e5aba4

          Download Submit

        • /data/data/com.pulp.high/no_backup/androidx.work.workdb
          Filesize

          4KB

          MD5

          7e858c4054eb00fcddc653a04e5cd1c6

          SHA1

          2e056bf31a8d78df136f02a62afeeca77f4faccf

          SHA256

          9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

          SHA512

          d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

          Download Submit

        • /data/data/com.pulp.high/no_backup/androidx.work.workdb-journal
          Filesize

          512B

          MD5

          aaadbc843c3c74ec1c7394d4b735661c

          SHA1

          d33c9c8d65ed9f569d8e5dc3b724a10abc7fbd25

          SHA256

          4090ab0d0a540741c8678dc19fff70d26eba6185dc61bed2df2716048d47e2af

          SHA512

          aa21248f79fb58cfed3f045ec84616255881ec6e29f519a0882d5c5324799686cc9652072ee65c02bdc6019aae8fcd8c1117731e3f0e4d2b4c19eb78302e343a

          Download Submit

        • /data/data/com.pulp.high/no_backup/androidx.work.workdb-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit

        • /data/data/com.pulp.high/no_backup/androidx.work.workdb-wal
          Filesize

          16KB

          MD5

          edacabfb802c6ec74a00be83d16ca50a

          SHA1

          4703009522880f53ad39b161398877d93fb5fffa

          SHA256

          84fdd72e8c1a809c1e2714acceb72a382c3a521707c5f7ee645a16817743d5ee

          SHA512

          15fb6791711c6a084eadd4bcc3c810ea2b126e14fc0d7a2aa228f16ce167a62ae72c7aa64a2c1a1d2c5bbe5a17fc1c7bd7bb2e18a2607c138baf9e5a9c4838bf

          Download Submit

        • /data/data/com.pulp.high/no_backup/androidx.work.workdb-wal
          Filesize

          108KB

          MD5

          ea1c75b2330f4f4b61fa0a1f91f23509

          SHA1

          f6659a60b6385fb310306dfc41e80e287691a98e

          SHA256

          78357f72eca8c80ec76b9ecfea700d4a0747ef00f19d458a0c292ef3f00d1b9d

          SHA512

          a552d6cc2fbbc72c00cece2b647cc1d2dd4f5ad89573605f1263ab0677c4143a7bc080971b9d2135883019460ba6183c41872804d4bd16af9b42efe5248e8499

          Download Submit

        • /data/data/com.pulp.high/no_backup/androidx.work.workdb-wal
          Filesize

          156KB

          MD5

          f150324d4c4ab07262b4bd9eeef51cd2

          SHA1

          38ff91c4be3d2340a720d90ee34c26d9e40229e5

          SHA256

          4ba10b593a8962767c7cc474d14f8d3313ab0ab905f126392a527c926f2534af

          SHA512

          27f44a4af7f9176c659be0ef103ecb9daf634dd06732e30e7ab674b6c335b85bf7aa49c89e668f6ce4e46696d33daac469ea37a10245b6db7bd17d95e1239ae4

          Download Submit

        • /data/user/0/com.pulp.high/app_DynamicOptDex/SjP.json
          Filesize

          6.1MB

          MD5

          282078461929bd3e1a32d5d7b822c737

          SHA1

          61b8e90dec9e53b195de009ee21a3fef29b2ed64

          SHA256

          6832e8722db811e07879b8bba0d608017745d67a0174be5fd8506b030efc1a07

          SHA512

          c973cd5127a29f5dfae57d58180c7391031487870d16be4f772e5489edb5c5dff2a9e13247b59bbc2b2c9d1a749dbee470db300c8d6b01791ecef1a6ed8114c3

          Download Submit