Overview

overview

10

Static

static

6

376d13affc...a4.apk

android-10-x64

10

376d13affc...a4.apk

android-11-x64

10

376d13affc...a4.apk

android-13-x64

10

376d13affc...a4.apk

android-9-x86

10

Resubmissions

08/04/2024, 12:28

240408-pnlb2acd6t 10

08/03/2024, 09:07

240308-k3bc6abc69 10

23/03/2023, 01:50

230323-b89y8scg82 10

Analysis

  • max time kernel
    64s
  • max time network
    128s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    08/03/2024, 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    376d13affcbfc5d5358d39aba16b814f711f2e81632059a4bce5af060e038ea4.apk

  • Size

    4.6MB

  • MD5

    d4c6871dbd078685cb138a499113d280

  • SHA1

    60b64c8481f9de5b92634efc70a9ff42f451c78f

  • SHA256

    376d13affcbfc5d5358d39aba16b814f711f2e81632059a4bce5af060e038ea4

  • SHA512

    e8823b7c73140af88ad6fd8c52a6619d245281170ddb31feb9d4e726ee47a8f34575f687048947272fabfb13dbed2c24f50d6fbd6117d40c1db577305955af59

  • SSDEEP

    98304:M0C+HR25SOeU0lhoBenZFOw2QxW74PNTcG/bZ7vf0sc:jCmtO/07oEOw2QU74PNT9/t7nc

Score
10/10
sovabankercollectionevasioninfostealertrojan

Malware Config

Extracted

Family

sova

C2

http://193.42.32.84/

http://193.42.32.87/

Signatures

  • SOVA_v5 payload 1 IoCs
  • Sova

    Android banker first seen in July 2021.

    bankertrojaninfostealersova
  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.help.marine
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Reads the contacts stored on the device.
    • Acquires the wake lock
    PID:5054

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.help.marine/app_DynamicOptDex/nx.json
    Filesize

    537KB

    MD5

    fe6c991cfbcaf10969445efa22a92aae

    SHA1

    a2ca5e3afbae9ec8933bd771f98da95b0b23c7d3

    SHA256

    bd8ced9a9812554f045e267964b4822b5f77c953946d0a2d4f00880da096b702

    SHA512

    1f4e3876a24909aab112874ea134ba799a8edc89b6ef7957bc47da21bfe6e1ef513adb11bf5ccf048422b140fa3933b503d1173523f1254e91d404ceea5aa8f4

    Download Submit

  • /data/data/com.help.marine/app_DynamicOptDex/oat/nx.json.cur.prof
    Filesize

    5KB

    MD5

    d7830e8af227607003d61fced2bef39a

    SHA1

    557ff58a1659edbf0195df034ecefc757e39b6aa

    SHA256

    76d875c2e8320b31a6258e6c3f8498d82471397106b8caf891ed170fbffe2b42

    SHA512

    f32eedb09ee1385f6b1dbac504dcdf44b5a762f7fdb33ae42f661a29aac2434fb085b4f723d87afae4e9ba8f7d3ae484363fa2e69ccd7c84af1ae5b60057efc4

    Download Submit

  • /data/data/com.help.marine/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.help.marine/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    ef1b724bf7b47c44eb7b01549457cb74

    SHA1

    a0eb0aa4a104bf347f84472036c30c5d5793c012

    SHA256

    8bd20f173316c9b6ee36ccdba87a7238f2585bf1341a0ade1d10ab059a10d83b

    SHA512

    f4c84b3d7fb6e6b584962674230d85244ac8079cd8bbb998499fc033812bbb089873353370d2be4179e7c24e974b2a9e80d09ba5b0af18f259537b0d532702b6

    Download Submit

  • /data/data/com.help.marine/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.help.marine/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    339ab61a5c214a29c53e29fbf69e83ed

    SHA1

    cac4b3dc1c53322dfe30c8e08e96c8ab234b59bc

    SHA256

    360fa3b770eca687b40c0222f6fb36b66661a89d903881b140af1758de42e138

    SHA512

    f017757078dd562e2a6b2671195859acd7bff10ff72ec3347152ba86300fa83b71c6315d92fa651f3dd95065e8f21607c64ce75bee4f983eb5f406ee4efaa449

    Download Submit

  • /data/data/com.help.marine/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    0f7212b746a1db870010beb7fede748f

    SHA1

    98949b2ade60dd30be542270ab8f52372bb6615f

    SHA256

    62bc52fb42e021170b654974db4ca0808e0468acef0b3f0b3ab0d01b59017330

    SHA512

    47ec6a7d6931ec7ccdb2060b7f66d78ba6a0ae4e91e8c1b6db6c134129c98aa506148fa4c3ac183cbcf09428af30c488f5e7608ed653f26bac5c08bd9e24ba80

    Download Submit

  • /data/user/0/com.help.marine/app_DynamicOptDex/nx.json
    Filesize

    3.8MB

    MD5

    55fb344bf9e39880c8800e6d8442c103

    SHA1

    f8b6b64c268d6ae954a92e09307cc3a7dcfa0bd3

    SHA256

    ddc515b4fc8774b4b1e6407964db0632c9ed4c7a7216d89daed846c76a655027

    SHA512

    3b683e6d35ee93cad666bd7432279c10ced446b46f5812865192af90e2598c4cb4a01f2e37e64dcca740750a86dd476397bc38bfda71fa16f8c33ae9db3efb2a

    Download Submit