soumnibot | a5670c3aac98914a5362e772289462f6cbcc64401ff6f2616b302b33706f44ab

Analysis

max time kernel
4s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
29-05-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5670c3aac98914a5362e772289462f6cbcc64401ff6f2616b302b33706f44ab.apk
Size

3.0MB
MD5

6b42038432d26334a9f5e654d97c9687
SHA1

6976254adbe5617ffdf2e089f7b32fe798d4a95f
SHA256

a5670c3aac98914a5362e772289462f6cbcc64401ff6f2616b302b33706f44ab
SHA512

09b3018615bae97733ca0f42d74732ac853c0dba9c7aa076d833609902c6134777f3f6a22f94baaf4ed73efc4e238fc3da43129a6ab74b517d87ea7e9f02851d
SSDEEP

49152:5mwu+ss8oqeK4VyLs+mVQXesLNM+vPMvg1aHP2Zr9KzPvA:5pnyeK4VyLmue8XmHP2Zr94A

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4625-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/impulses.answer.housings/[email protected]	4625	impulses.answer.housings
/data/user/0/impulses.answer.housings/[email protected]	4625	impulses.answer.housings

impulses.answer.housings
1⤵
- Loads dropped Dex/Jar
PID:4625

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/impulses.answer.housings/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
5e204ef07df65032c7c4ce6de4962e35

SHA1
16dfabde15ea7b30564bda5155bffa8cdb7d7bbf

SHA256
8ee0cf93b8b9ed6a53cf545211a7bf73dddcb0bdec2288fa97b5a94ec7359414

SHA512
53518af00b16f4885b88618e9a1c3f5fb4f9e95e6f55a3b13b142a0e18ee4b4b53f001d99a82b0db6e1020406e197d93d404798937a1b34b0a4b20331772507d

Download Submit
/data/user/0/impulses.answer.housings/[email protected]

Filesize
1.8MB

MD5
890fbefbc2263a74ad815b7f2cf38091

SHA1
ca677df010f9df4413a75d7f6759c1dcee8cb5f9

SHA256
020b2ae5331ffeb386e86e6c499f53cf26145c1e9b1e0917c75adca1090bce2b

SHA512
340746d492403f97f2841b2ba7898ea6cc42492648004960d0a5fea5368a4dd19e33eb0ef5cdb4186ad7a3d721ee85897f66fd9acf7f17723237a5be3f94ce4b

Download Submit
/data/user/0/impulses.answer.housings/oat/x86_64/[email protected]

Filesize
4KB

MD5
c27fff8dc349ed2758dcb81c25126052

SHA1
65287dafa79427f20ffbb5df6a76379d51537100

SHA256
8273f1a2e763f7e0a4c3f79b0a090dac953dcf9add5b2d954d63819286de23e6

SHA512
ae64d5d8a806e4fe6f93409d2f854d262e78a28b2c9d3f314027cb68acb5ae6b74b09711ebbb69a653eb5df9fc0dca8f01c0250d6b8932200bbcc48d841ef625

Download Submit