soumnibot | 92e8631d143baecf6592b4406d2d7a8b2e1efa0f2683e7324dde317c8a66d266 | Triage

Sharing

General

Target

92e8631d143baecf6592b4406d2d7a8b2e1efa0f2683e7324dde317c8a66d266.bin
Size

3.6MB
Sample

240509-1zkqescc96
MD5

2dbee93bbd46c30c5426a5d7f38e426c
SHA1

34412dd77242abce6631273ff0eb630b9281a953
SHA256

92e8631d143baecf6592b4406d2d7a8b2e1efa0f2683e7324dde317c8a66d266
SHA512

ea99083a445ae0b1a5f00b2abea0a837515729a4aa1499dfd6c278288fdd1733e5eaa81015b049391ca20efe1d9a2177a9bb045f39313e4e1fed187009a80c73
SSDEEP

98304:pps8Pa7aESXRHBGc4IccPTOEb2Wq9o9ovvP:pps8Pa7afTTc+C8q9omvH

Score

10^/10

soumnibot android banker discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  92e8631d143baecf6592b4406d2d7a8b2e1efa0f2683e7324dde317c8a66d266.bin
- Size
  
  3.6MB
- MD5
  
  2dbee93bbd46c30c5426a5d7f38e426c
- SHA1
  
  34412dd77242abce6631273ff0eb630b9281a953
- SHA256
  
  92e8631d143baecf6592b4406d2d7a8b2e1efa0f2683e7324dde317c8a66d266
- SHA512
  
  ea99083a445ae0b1a5f00b2abea0a837515729a4aa1499dfd6c278288fdd1733e5eaa81015b049391ca20efe1d9a2177a9bb045f39313e4e1fed187009a80c73
- SSDEEP
  
  98304:pps8Pa7aESXRHBGc4IccPTOEb2Wq9o9ovvP:pps8Pa7afTTc+C8q9omvH
Score

10^/10

soumnibot banker discovery evasion infostealer persistence trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdiscoveryevasioninfostealerpersistencetrojan