soumnibot | 37dece5838d2cedfa92893bdb9298cbe042ea7d7712d57928b8f428d9629934c

Analysis

max time kernel
3s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
14-05-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37dece5838d2cedfa92893bdb9298cbe042ea7d7712d57928b8f428d9629934c.apk
Size

3.0MB
MD5

a520b243698c0f28d871ba377d002073
SHA1

3d4c97debe3c44ea17550457108563c67bfe83fc
SHA256

37dece5838d2cedfa92893bdb9298cbe042ea7d7712d57928b8f428d9629934c
SHA512

2508d3e88460af2906dea66e6e983a7f741edcce570d5a40c4b0ad2bc7832f576c7a1d17359d2c131c5c2047d2c98440dedece3cff3023e7495dea22baae4139
SSDEEP

49152:YBwt+sPTfOcN1OpZPISONdf7IuesLN1W8OQVg1hHP2Zr9KKt:Yt4Tme2adfxe8SbHP2Zr93t

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4619-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/macro.effort.needle/[email protected]	4619	macro.effort.needle
/data/user/0/macro.effort.needle/[email protected]	4619	macro.effort.needle

macro.effort.needle
1⤵
- Loads dropped Dex/Jar
PID:4619

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/macro.effort.needle/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
5e204ef07df65032c7c4ce6de4962e35

SHA1
16dfabde15ea7b30564bda5155bffa8cdb7d7bbf

SHA256
8ee0cf93b8b9ed6a53cf545211a7bf73dddcb0bdec2288fa97b5a94ec7359414

SHA512
53518af00b16f4885b88618e9a1c3f5fb4f9e95e6f55a3b13b142a0e18ee4b4b53f001d99a82b0db6e1020406e197d93d404798937a1b34b0a4b20331772507d

Download Submit
/data/user/0/macro.effort.needle/[email protected]

Filesize
1.8MB

MD5
c540445e2061c2210fcc94c198337ea4

SHA1
c29e7f3cf5c18df962ebf92dda7bfe7f990aa547

SHA256
726cb85e6ddf76b5fc42b7a2d69d0e18c0cab14aa2c4f888489c160659c4d02a

SHA512
ae2ef9e32af7cac1c5c743981722f131e400d41ed48d0a6083c96f2a1eb4fdc50af6681c443ca78194c25dd7a27a962dec9f70efeeb85759602f486d8640f00e

Download Submit
/data/user/0/macro.effort.needle/oat/x86_64/[email protected]

Filesize
401B

MD5
1e08890231561314c5c4f9bce1721b81

SHA1
186a1f489c689a4aefdffd92fba57fc4e56e314f

SHA256
0f9faa464bd4f766c4dd8edd1f31fe782f81b1a644f2fa4aff0047dce1843c3c

SHA512
36dab193dbf5065d5d732198f1f05ee38fba2ccb2eab5f46fe64bcadc57fd806faf13f520c54502b7db9613b7332929f4fc748c44abcb4a87df2f6baf76162e6

Download Submit