Malware Analysis Report

2024-09-09 17:17

Sample ID 240614-argexs1ekq
Target 28d0e20e586cc9eb9b1e997c255341ca4cec3ec5b723053bb81f21d5c53fdb90.bin
SHA256 28d0e20e586cc9eb9b1e997c255341ca4cec3ec5b723053bb81f21d5c53fdb90
Tags
soumnibot evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

28d0e20e586cc9eb9b1e997c255341ca4cec3ec5b723053bb81f21d5c53fdb90

Threat Level: Known bad

The file 28d0e20e586cc9eb9b1e997c255341ca4cec3ec5b723053bb81f21d5c53fdb90.bin was found to be: Known bad.

Malicious Activity Summary

soumnibot evasion

Android SoumniBot payload

Soumnibot family

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:26

Signatures

Android SoumniBot payload

Description Indicator Process Target
N/A N/A N/A N/A

Soumnibot family

soumnibot

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:26

Reported

2024-06-14 00:29

Platform

android-x64-arm64-20240611.1-en

Max time kernel

4s

Max time network

131s

Command Line

output.stair.ratio

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/output.stair.ratio/[email protected] N/A N/A
N/A /data/user/0/output.stair.ratio/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/output.stair.ratio/[email protected]!classes3.dex N/A N/A
N/A /data/user/0/output.stair.ratio/[email protected] N/A N/A
N/A /data/user/0/output.stair.ratio/[email protected] N/A N/A
N/A /data/user/0/output.stair.ratio/[email protected] N/A N/A

Processes

output.stair.ratio

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/output.stair.ratio/.jiagu/libjiaguv2.so

MD5 ac7c38994ccae5da411d9dfac19be51b
SHA1 3b30612a7f9f3bcc65dbf0445ee91f25e55392a9
SHA256 d242f9fd458c1da022e2bd8b967f167e5e35c460cd27d035aadf55bfa83c6738
SHA512 08a10496349960ea7403f698e7e451291d362bc7e2b1a8eb8348745d947500af732af8d87a96f0884b668272e3eedb7f84e6d01081114fbbd46d0357fc12c9fb

/data/user/0/output.stair.ratio/[email protected]

MD5 47cd3af13c36ceddde70024cdd2dd471
SHA1 a99455ca2048ff27e7dee270ecdd939728bd7d12
SHA256 764c4077f4768ced454ceefd47182e5586746a2d9b4a442deb8b4fb8eda15a4e
SHA512 aa0d4297d08af986a7228ea739fadcbdf298599863553c1301313ef9b12cc31d17619941bccde18eb9a7e4e2a6f2796c4e211a0a8ffcf439bd66d1172537a77c

/data/user/0/output.stair.ratio/[email protected]!classes2.dex

MD5 cb3364a4e44668eba46cb4256b8785fa
SHA1 2e181b1fc628ace48f3f1e896d2a46f73ca49bf6
SHA256 6afde59b7dd816cef53fae5aba6882832369a48843b6c50d9c02593ad690ba55
SHA512 a3ff011a41c28b1b56a4e21e74da82ed249aa181d0b8aa9f0d9b21b16a10ea80b9bb803102be1511fae75fc46c7966364996d6f27f5cae5f085dfe575cc14662

/data/user/0/output.stair.ratio/[email protected]!classes3.dex

MD5 7eebad851f44d11f2bb326232cb219aa
SHA1 1aa6e17464be5cc738017d74cbedc2bce3209bd2
SHA256 c2829ecf91d58b36670a7b1d73618fca9ea0c90be8929e7c917892f3226bf2df
SHA512 0801a84ab31adefb18f32b1292e326f2bcc6fd4bb0d80309e1c545f4e020bde0ef6bc07207911cfef13b297b462d5c67fa04d63424d0f18170beeb12db76312b

/data/user/0/output.stair.ratio/oat/x86_64/[email protected]

MD5 1b8dba5255b8b825fa64f9c55bca1fd3
SHA1 b259b63e912b51da95c2b82160dee6af108d9859
SHA256 b0f36ae14c513f6082d45c1a01e85dcefaa4606c054874e5943aa6c94190dbd8
SHA512 03025b41bb1b44ffead8127ba2b1a17164637c84b03beb9d0188bbea2476f655563a0269a2aa56e636ee688f171e1483e239af9c89745e88bbec02af25b605c2