Overview

overview

10

Static

static

6

749db653fd...de.apk

android-9-x86

10

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-05-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    749db653fde51070c2f65eb11541df8d04ee9ec61cdc24a118e23359f5a5b3de.apk

  • Size

    3.4MB

  • MD5

    e2bc76b5a154e76e2d66eaf64b1d5545

  • SHA1

    88c81a7180c3e12a579080a663ff71798e58cd22

  • SHA256

    749db653fde51070c2f65eb11541df8d04ee9ec61cdc24a118e23359f5a5b3de

  • SHA512

    eeb5c46ff881b16f7024b32e74d4ee333df70d3889b181552e0030b320f0875be23d69daeb38fa1570cb65599765ba84232b58ae9f0f51ecaf9435e4347d9c4f

  • SSDEEP

    98304:+ZxnXU2jr57g8j6igpTGlVNsYKjAvZTSqneEjCx:gBXUogY6DpTGlvsYKQZLD+x

Score
10/10
soumnibotbankerdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • Android SoumniBot payload 2 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • mmsll.aiijx.tyfv
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4234
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mmsll.aiijx.tyfv/app_dex/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/mmsll.aiijx.tyfv/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4305

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/mmsll.aiijx.tyfv/app_dex/classes.dex
    Filesize

    5.5MB

    MD5

    ef764345cbb5babbd8f1ebd6798b58a8

    SHA1

    b7ab59fd380787737b1a6f292931188b5671a0c6

    SHA256

    37775e794931da92a64a9600473ce0a585203a900197a349ae2505dcb10173f7

    SHA512

    235207690bc9d3e9ce281d0b0452c49b96bddb83190d0938d4f9f37b729417b7cb3f184cb8111122501e82e347f420e426caf8662e2eaf6c1cbfa9f6e78c0453

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    33badd72e873af641cce6d95ebaa318f

    SHA1

    21c98b35cb92b2306bc48c4791dbabafe6fd4571

    SHA256

    b2a2e129a694b9fb40505cd33901046cfba2643de19734b580954fd44fc4bcfd

    SHA512

    6707f669186cbcd5c4820b43843fa324e8feb026b6d796e98c635353f6ae6095091903a25fe0f5faef5cdea57528c57af211d3c3e9ac636a17af561b51d8f621

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events-wal
    Filesize

    68KB

    MD5

    0718578d659f3ca01eaa1474e289e92d

    SHA1

    69ab740fc5c08b7f76b28bff4e161731e361056e

    SHA256

    f7a4ca89618f192b66cbe8dfa74a00421ea4503ccb62e979af4ebba696441bdb

    SHA512

    4818a881d5a668268a281dab5dcfb1e9f2dfbbd85c9a90559f93be60c2085881050cd3da5a6cad7533e3c594f5f13f9e64c68f46e9126e06450008f306a8ab2f

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/files/PersistedInstallation3777826046586501377tmp
    Filesize

    90B

    MD5

    708c0bb6e48555ba052adea0571b55bb

    SHA1

    c18f1a2f81ee38d2aba0742c2d08758c8a861247

    SHA256

    480ff39e0bf442d62cd716b9250f20fa731110f913500891a35f434cf29dafee

    SHA512

    332f2999889d9995e82beb2a8ed22e421059ec297f677b6b183d3adcc34dea52d4b3c3cf0b6b4f204eb7aa157c69bf4aa77300622ad36954ea90ff2873df3aff

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/files/PersistedInstallation5177908174012195925tmp
    Filesize

    569B

    MD5

    4b7b40adb47d2bf19ddd1dec8f91b65c

    SHA1

    1dde50b735bda36a628bdf11bf9b64d65490bb78

    SHA256

    61e81b7c754348e083277018e358a870ad1d8fd40cd39997f3c5b371398ef443

    SHA512

    0a37fe3f74b9378face0d4518f980447e0c0e2267e710f6f02cab628c38af52dfb11fbbf69c7ccf2e3ff603db58db5be5f0771ce157e5ee609d1ddbfc17dcf75

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    139282340c98c568022e920945982cce

    SHA1

    b64731c35e8fd580681b6d0be2308551114a445d

    SHA256

    7c21b201bbc16709c17ee566e74d3aa4d6336fe9f3fe88b80db8a9442d67d095

    SHA512

    3c1bfba3f7bc82ecc2d47857eb41cff853bb23e2c90423a9fa143319dc7aaafb3c7b14901249436d2ca562c80862eae5e286a76fa1441b74384de3ba5455fe66

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    eb7a783858dd0c3392ee8a6b144c6164

    SHA1

    304ab62acac3439e0e8e0b2847a7338b43e3062e

    SHA256

    89c60c0f3d8caa5f4de403d64bdc3734e85d0b3904bddb599e84bbafcaab507b

    SHA512

    2c80b799532a069eabf1c22cce8ddb03d6d68ca6da0e2cfc4afebea2dd5cf8b33e790f849b5e1f065d2282f3773f14417340a1d3d8f2e0c84e567656d94975a6

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-wal
    Filesize

    112KB

    MD5

    9005bc424018a25becc193899c53d2e1

    SHA1

    183361514f45622c1e915df9604a3975cf20bd88

    SHA256

    74ae6c56b326bccad89645e0c9f901690b78bb31ec2edbe5e383bd7b7952310f

    SHA512

    8388ab1539b1e06f687462f02f840e3bc8b90eb2715e3e946026bea6f8c1d1b6d62b1adfdafe34d44b42787341b25033a1eb1c15c663840fc9cc370216fb4cf9

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-wal
    Filesize

    120KB

    MD5

    d7fc3cbf9878c84dd6faabe4e2e9db63

    SHA1

    a4a78349011af209da15f4f1a86c1ca7cefb6df4

    SHA256

    b7ef3dc53b36446d91e2b551e9b570cbdfab87039525a310245f27f100be2ec8

    SHA512

    9b2f7c7d838273e7749f0a61a166bb058c84b581d366f4c3318b8e80355ac82565e1c36be591860186838b24b53508524bc835221a2b7efa021af051fbe83610

    Download Submit

  • /data/user/0/mmsll.aiijx.tyfv/app_dex/classes.dex
    Filesize

    5.5MB

    MD5

    e84bee87c8dbb960f0d3d2d5b18f11b5

    SHA1

    cfb2d4c36635b7900003f3ee2e26a12d1e445323

    SHA256

    e089c62c282eef80c1fc88ca0cf150fa9153a02774c667c74355449effb52dd6

    SHA512

    4c0a853fd432ba8a7ab01dc2ba911c0875c0c7d64c0d6b745f840798d178d48a2d5789fdfed0d2f0bbfe228507ca255e5a003cf4a804ae2fea9d6c555bd0a2ac

    Download Submit