soumnibot | d8af7527d8a4076f89ae56c2cb6f06fdb4540dea653e9b2b162e7523b37faebc

Analysis

max time kernel
4s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
14-05-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8af7527d8a4076f89ae56c2cb6f06fdb4540dea653e9b2b162e7523b37faebc.apk
Size

3.0MB
MD5

1f94fa509684ae16c591e7f040bed6c6
SHA1

1ff1c03d4a047e6be698e2cde17709e2224492d6
SHA256

d8af7527d8a4076f89ae56c2cb6f06fdb4540dea653e9b2b162e7523b37faebc
SHA512

52d9fc89838fef68fbee448520a145d153c74278200467778a7f98c6aeaddaa12bf9538a9cc9bd8bda2c8bef3f3d340a7f36d0f9a05f5ce6be377bc13855c931
SSDEEP

49152:wnwH+sRe0XIfKfFvbBpLJE0fEDesLNQqrCoLg16HP2Zr9K1Xlm:wt+e0YfMFjrfUe8y6HP2Zr9AX8

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4534-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sash.boresight.stage/[email protected]	4534	sash.boresight.stage
/data/user/0/sash.boresight.stage/[email protected]	4534	sash.boresight.stage

sash.boresight.stage
1⤵
- Loads dropped Dex/Jar
PID:4534

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/sash.boresight.stage/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
5e204ef07df65032c7c4ce6de4962e35

SHA1
16dfabde15ea7b30564bda5155bffa8cdb7d7bbf

SHA256
8ee0cf93b8b9ed6a53cf545211a7bf73dddcb0bdec2288fa97b5a94ec7359414

SHA512
53518af00b16f4885b88618e9a1c3f5fb4f9e95e6f55a3b13b142a0e18ee4b4b53f001d99a82b0db6e1020406e197d93d404798937a1b34b0a4b20331772507d

Download Submit
/data/user/0/sash.boresight.stage/[email protected]

Filesize
1.8MB

MD5
471e1e12365bd4eb63f0436f8f11857b

SHA1
b17b27b8f55b8043a51494423b0829aaf08eedb0

SHA256
2899c6e46098f5f74db1c2fc713276f59547fa52c1b991452087102052b864d2

SHA512
78fc72e4302bbc524b2c353c1a0f21c2bbf91f5c084475516e2da3fcf62bfc41fbb4ce8188f95bab21aeaaaebb30e1565606dcd8795d1f63f67d55c921f9a4d6

Download Submit
/data/user/0/sash.boresight.stage/oat/x86_64/[email protected]

Filesize
4KB

MD5
e8f418436cd0764fd4eda2982fb7c9fe

SHA1
50c38d5566a784757c031fb079ade15ca2b6e97d

SHA256
03e5322b8a7065ad279bd845f7843f39e30ae6b62e98096d1441fe731d17d9e5

SHA512
b99d086e21e6112cad53d99aab49e4d2f062d3983e0fda5ed44bece5e516e952a7ac34ee41c04e25d6afc7ebf4468b3aab0b174499465d2d9369a2fb16c080a1

Download Submit