Resubmissions
08-04-2024 12:28
240408-pnlb2acd6t 1008-03-2024 09:07
240308-k3bc6abc69 1023-03-2023 01:50
230323-b89y8scg82 10Analysis
-
max time kernel
136s -
max time network
145s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
-
submitted
08-03-2024 09:07
General
-
Target
376d13affcbfc5d5358d39aba16b814f711f2e81632059a4bce5af060e038ea4.apk
-
Size
4.6MB
-
MD5
d4c6871dbd078685cb138a499113d280
-
SHA1
60b64c8481f9de5b92634efc70a9ff42f451c78f
-
SHA256
376d13affcbfc5d5358d39aba16b814f711f2e81632059a4bce5af060e038ea4
-
SHA512
e8823b7c73140af88ad6fd8c52a6619d245281170ddb31feb9d4e726ee47a8f34575f687048947272fabfb13dbed2c24f50d6fbd6117d40c1db577305955af59
-
SSDEEP
98304:M0C+HR25SOeU0lhoBenZFOw2QxW74PNTcG/bZ7vf0sc:jCmtO/07oEOw2QU74PNT9/t7nc
Malware Config
Extracted
sova
http://193.42.32.84/
http://193.42.32.87/
Signatures
-
SOVA_v5 payload 1 IoCs
-
Sova
Android banker first seen in July 2021.
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
com.help.marine1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
- Reads the contacts stored on the device.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
992KB
MD5e1a3642fd117e608f15a1cd28409f74d
SHA1c15b6ac9eacf0b9f99513af833b3fb59d2a53486
SHA2565fc9917d1c3d31a8435af20f7053c7bf478f2d49ceedcf778986fa5b51828f18
SHA5128186211a85ab28f780b97fd24a1df28fd84041d32414d0dfbec22e0093201e16c4feb00bd34465e60832b56918e0e366ade1d25f5d2bbb40443a2dc5c32aec09
-
Filesize
5KB
MD5e68e87900cd01d4a0ea3ce8849c005d5
SHA1f5faf271a4fc7da7b8a06979710685cfbadd5dc0
SHA2560951b1368dd23517e768254a2ac1acfd34b38ca3810415c59b36c80c2e140fa7
SHA512f557eb48ae33f8b759d92b564cb4a68f1a6619bd4488602f202fca57db4951b590964306e39d3c161f028f2af922e8612c0fac1624577ac9ef5953c3244e992a
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5c98c868f6f2feca284edb17adb8874ed
SHA1bb8e6cd133e6b4cf216627bed2cf0c92ed486fbc
SHA256ec60291ae2c254d5134d72d390ec90a0a586872306f62d322e33bd44a6c50bda
SHA512d8e0a3288fc66d4f41c80ddd85886edd5d757fc8e7b5845c8cec808bdbeb0ddf04a466ef22e2e164de05237cac1bba06127119e94175d419b791c128f5acd45a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5d7bca883f772300af227ea36d5c381d8
SHA1e67a8f78f062a981068fd252d2b68cec0ca67216
SHA25690ce244986c573b9806cc12f75bd54af0d61346aca9917b90055f379c5c1ba76
SHA512af0e75c39e6672e922dd6f9b6df1cfa644e7f944e5e4da17e16be563b9b13035711978369504c087f5ba263992c856dd98c86955c7853fb23d4f3806c07918b9
-
Filesize
108KB
MD599ddc913fc6d32b2d9ffdec3ca5930fa
SHA167fd4a844eb3b9bf4a79c5de628bed4fd72e81ef
SHA256f3ac5c957f2daccb0acbf3165fcaae207f024b14917a4daabd78c63b7a4af1e8
SHA512a6ea0fb48a9fe0158d0f1fbd19cd2625de627db68d00c8ae760fa2e73d6777538ba590421de4243c7cb5ed37c2f4487feb8f963bdcb1287309dd46faa93c76e0
-
Filesize
173KB
MD55b6b64d2eb7c1b844ba7e8a119ee9e6b
SHA17fc100526cbf2f75feb91339e6e95fabf0d0164a
SHA256ef2090d563b5dbe98128ce6a00dad44a1aea944c6588d908691cdcf37feb214c
SHA5122aa716c51ccb75e48e53b447dc091f0d239d60724023d4d6db1686fc259c70d4e96f3fc100f0d2faab2b55072ec8d06c2c32f2f41320e96591ebdeef99d4af47
-
Filesize
5.8MB
MD531b367e2181c0fd482d1d3663cd80c14
SHA1e1da498583aa41a6a405e0e5ae73171090ca4bbc
SHA25653ebd3f42f213229ab2b5c70abd54f02332e7623c9783e679a39346c373cfd9a
SHA512571f3c798200a3279cc077a0b0c30b7a48440d204b78d0f72901e7820519167c56ef74fc6cc2f92fe50a486abc97b35bf6d472b560b102c597db3769227d115d