all InfoSec news
Eyes on Android/S.O.V.A botnet sample
July 7, 2023, 2:16 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Summary
- Sample c1642ac3f729701223043b16ac2c6c5f64adc7080f474c181067b0f1335218f2
- Poses as a Minecraft app
- Malicious Android/S.O.V.A botnet client
- Packed
- Implemented in Kotlin
- Uses Retrofit2 for communication with C2
- The C2 is down currently
An excellent analysis here.
I try to highlight different aspects:
- How to unpack with Medusa
- How the malware sets up on first launch
- How to reverse Retrofit2 communications
- Support for encrypted logs
Unpacking with Medusa
This sample is packed, and can be unpacked with Medusa, using memory_dump/dump_dex.
Medusa is capturing …analysis android app botnet client communication communications down kotlin malicious malware malware analysis medusa minecraft reverse sample support
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cybersecurity Engineer
@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
Invoice Compliance Reviewer
@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
Technical Program Manager II - Compliance
@ Microsoft | Redmond, Washington, United States
Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence
@ Moonshot | Washington, District of Columbia, United States
Customer Engineer, Security, Public Sector
@ Google | Virginia, USA; Illinois, USA