soumnibot | 9f91256fed5a4f296abb9dce99f07049d1f37965b9c7c2276a2ea88f60bc33af

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16-06-2024 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f91256fed5a4f296abb9dce99f07049d1f37965b9c7c2276a2ea88f60bc33af.apk
Size

4.4MB
MD5

98f28a699923e85c68d360771e423dd5
SHA1

4334646e046deadba407f1d8b6f9670c6732a66b
SHA256

9f91256fed5a4f296abb9dce99f07049d1f37965b9c7c2276a2ea88f60bc33af
SHA512

d9c1f943e00dc3cbe00385bfc5ab4a089383d3d076d607e5f302931d6bae7d948a95fd051fd4ade81b204e7c4c7e97ed325d8390d99ada3c261f83de43620d47
SSDEEP

98304:qdvE+3mEZ47Ew8Rf2UjZ5UByUOmdWhJ7/8QD2xcMZb2TVyt0zPb:f+246sfuByoWh1Elcamb

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4300-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xc4819000-0xc4e0b9d4	4300	heehaafl.eedejcbm.jedjfajn
Anonymous-DexFile@0xe3f3c000-0xe3f45168	4300	heehaafl.eedejcbm.jedjfajn

heehaafl.eedejcbm.jedjfajn
1⤵
- Loads dropped Dex/Jar
PID:4300

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/heehaafl.eedejcbm.jedjfajn/.jiagu/libjiaguv1.so

Filesize
125KB

MD5
866463144b4407ff376bb9b5ecc5fdc1

SHA1
4cc4fff0b1e6b30397c15331c74d76f567f5873d

SHA256
586bee24435fcacc85dcf27cfa2324ef64623c59d9029ce51fb28cc285d20367

SHA512
46510f9bad0136541e9a46358593e766a37bd38e93664bb5f21e5e0569aa9c8b674d99592d6d5dd4f25dd857dcd766f6a311f695faf0ddc900e9f75a13792980

Download Submit
Anonymous-DexFile@0xc4819000-0xc4e0b9d4

Filesize
5.9MB

MD5
4536184008e45d6d004fb03022d9a4f0

SHA1
a32b06847807c8fb49ae8f021f49a94f47d4e921

SHA256
f1725c88542149b743a1b8c3a67289f650bf1b9240a17a8c87f31a70f2b73962

SHA512
39f0aa55f182edb31520c7f6acac81a238035d27d5dec0d4da239fdf9d3ef74393d6c93f2e5efb1f77643c11afe2ba2db44b79563dceba2c886efcad10e550b5

Download Submit
Anonymous-DexFile@0xe3f3c000-0xe3f45168

Filesize
36KB

MD5
62275d357e766f39af5b861919afcac6

SHA1
a3e57818b1e1626d2dafa00ff83b56d5abdd59b2

SHA256
b2a2648f6e4a9f2713d96cd8ebc0e74b42de9bac374772d819ec1996a0d45b65

SHA512
6f516465f7ac64f12944b6798df3565b346505d9a00d52f59344585271a1cb98d08ff4a9a7a6cbfacdb8107d175f5a47ec356c960313162d4ea717d63e0d5dd9

Download Submit