soumnibot | ccd448d4cfd4e2ac74933913454e5b1f34432203116a2824a3061ce6966b49d2

General

Target

ccd448d4cfd4e2ac74933913454e5b1f34432203116a2824a3061ce6966b49d2.apk
Size

4.7MB
MD5

9875b8589878709911163ee12b9d55b3
SHA1

2fde4c4024505f98e61c0f8be069c34a56fe58c8
SHA256

ccd448d4cfd4e2ac74933913454e5b1f34432203116a2824a3061ce6966b49d2
SHA512

b6f5cbc684b8bbabc26f9189ae432183cec1ac091658dcad8ebb6ed39e92d83d0bf8aeb634d588c556783bb8eff12647d6558401e2f37039b50407d0c618167e
SSDEEP

98304:X5gHdZla58f4yquKjjc+Bse8I0k9V7X/ZFyniGs3P/nFwsP2Zr9lo:0dn5f4od+BJVf7RsiGs3P9wNo

Score

10^/10

soumnibot banker collection credential_access discovery evasion impact infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/4624-3.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cubes.gears.blot

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cubes.gears.blot

Loads dropped Dex/Jar 1 TTPs 10 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/cubes.gears.blot/[email protected]	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]!classes2.dex	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]!classes3.dex	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]!classes4.dex	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]!classes5.dex	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]	4624	cubes.gears.blot
/data/user/0/cubes.gears.blot/[email protected]	4624	cubes.gears.blot

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	cubes.gears.blot

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	cubes.gears.blot

cubes.gears.blot
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4624

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Hide Artifacts

1

T1628

User Evasion

1

T1628.002

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

System Information Discovery

2

T1426

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cubes.gears.blot/.jiagu/libjiaguv2.so

Filesize
265KB

MD5
23c1696b63c1e3d44e50c6ebb6196e42

SHA1
e204e02cd2354ed225f57d5170114eca827b93f1

SHA256
004d3fba49899402d953819de96a3421c49e0df1efd705386d6a8745ebf3504b

SHA512
d50783c087a01ebfa6db10149aa01289be8f9999094b06eb4db529280bb409c09138f80775e9a1c5677c3a87edcb6561465ec9f603560fabdbcaacf9fcfc1d4f

Download Submit
/data/user/0/cubes.gears.blot/[email protected]

Filesize
465KB

MD5
c37155e7858a2f7d8d5e93659004ef08

SHA1
b8ed836a3f8e7dbcd0b3d4d043cc7f1b72267f67

SHA256
836a15feb041c9c586321f63728629d291112914c113dd0b84a43dc7b17e72ea

SHA512
441302dcb5e8e48c077b0d433211bc13048a4093ff82162f6681457a52952afa839d3ca3227def875480f93f1af2b9c6e58fac74cbeaa3bc3524aa703cafdd51

Download Submit
/data/user/0/cubes.gears.blot/[email protected]!classes2.dex

Filesize
491KB

MD5
eb8184eafa2f7e0d6414103aa2b0a3e8

SHA1
219f70c497a40cc019dba4c49f43870b9233add7

SHA256
49af3bdc9c9101b72ddb3d232c89c7c56df49667073a8b8533108f516f08cc32

SHA512
da0fad889ff7812bb3ab6a77f038e553f49a26fa422a36ff945b2cc85c7a4be7c7c88a56ed42eb3ccf3f656f61c4372c232709269ed1e6370ef0b43ff6e9723b

Download Submit
/data/user/0/cubes.gears.blot/[email protected]!classes3.dex

Filesize
464KB

MD5
4113a4346f11243c8e44ed0092efcc26

SHA1
c1e7cfee3d0cc49202aa10a6b384900076b8e3ff

SHA256
1e76852c350c43849ef3f0ae461f7860d82b97fa30b886963b11ee409640a547

SHA512
e891841689e76bbd57942c1acdb1b6572af930334091e5472124f4f6a90181a485977819bd203c513c484bfbe41913d7becaf64b1b899930aac101271c54460f

Download Submit
/data/user/0/cubes.gears.blot/[email protected]!classes4.dex

Filesize
471KB

MD5
e319a84a2f607581d65f108f18da3096

SHA1
49b42e267c8f2a1b1138159e30ec59f952e69a5c

SHA256
56bb3278df1fb6b3ea522b77007c9019775ca71c0b1445bcf81d92a24a8c5a8c

SHA512
e504a91dd0638decfa2e167b4367ae81ecefcdc00fc47cd7f721fd7f7ae4669f7da2b1a83f0c3d96e3b49bb5f3b3155402ad50f1f2c10ef91e645e3b1311fc1e

Download Submit
/data/user/0/cubes.gears.blot/[email protected]!classes5.dex

Filesize
476KB

MD5
1c288688d1c71a34e7c52852f9f7f75e

SHA1
4ccbb269e8e30285164e1ddfafe2f82031a50bb9

SHA256
cc6afbe80d413aa51c63879c8e63cb2a27f545f8bcff4c7067682409142be2b7

SHA512
ebd98e1bf9ce35e8e8de819211f0f3e0e6bbd6cf9a718b687a6e036af29ed8bdf33b02efa182b6bfc612ff5c57d31396182fba007a4ad600eb058438dffdd9ef

Download Submit
/data/user/0/cubes.gears.blot/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/user/0/cubes.gears.blot/oat/x86_64/[email protected]

Filesize
759B

MD5
5e7d1cea11bdba4c85bd0d58cb762e56

SHA1
b9288efef6123c4f13c5aab8039a9177ad16dbd9

SHA256
03c3e1983f0c60430b215f1de6ed1fcdf8a83528513257b4c5727e782aba20ad

SHA512
7b06f0e5109eb04f6abb7e764abc72d41012853f91b01bc71658d0ee9f8aa1ff2755eba01ef42bb610709d3f3f42aa64430d4a7c99824d7beea0af470590a6bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads