soumnibot | 24d48146d3eba4deb755d0023a237d8e3d67ecc4d108feed9f058f29d6cb5efe

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
21-06-2024 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24d48146d3eba4deb755d0023a237d8e3d67ecc4d108feed9f058f29d6cb5efe.apk
Size

4.4MB
MD5

b8fe7b5c61521ab258fba7bd5f82305b
SHA1

255b19bea55a8f5f368695ebc66fd7c41784e1d7
SHA256

24d48146d3eba4deb755d0023a237d8e3d67ecc4d108feed9f058f29d6cb5efe
SHA512

617b01519cfbcb42784850e81c820dd68bc44d7220643e5f032d50240ac418c6981c04feb62359f3009c28a88e36d8b8e6fb49935ed23200d50433bc8cdd85c0
SSDEEP

98304:lpgHpZ87W5cJRiVlrnxHe8n0kTV7X/ZFyniGs3P/rFYHP2Zr9v:qpWMcXi3UmJ7RsiGs3PJYM

Score

10^/10

soumnibot banker collection credential_access evasion impact infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral2/memory/4506-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.bean.waist/[email protected]	4506	com.bean.waist
/data/user/0/com.bean.waist/[email protected]	4506	com.bean.waist

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.bean.waist

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.bean.waist

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.bean.waist

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.bean.waist

com.bean.waist
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Checks CPU information
- Checks memory information
PID:4506

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bean.waist/.jiagu/libjiaguv2.so

Filesize
265KB

MD5
23c1696b63c1e3d44e50c6ebb6196e42

SHA1
e204e02cd2354ed225f57d5170114eca827b93f1

SHA256
004d3fba49899402d953819de96a3421c49e0df1efd705386d6a8745ebf3504b

SHA512
d50783c087a01ebfa6db10149aa01289be8f9999094b06eb4db529280bb409c09138f80775e9a1c5677c3a87edcb6561465ec9f603560fabdbcaacf9fcfc1d4f

Download Submit
/data/data/com.bean.waist/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.bean.waist/oat/x86_64/[email protected]

Filesize
340B

MD5
9fe2f1b9f58b887d42decc4634884c6e

SHA1
f3f3a326f7ee30f494fc487d5c12ec121e865e24

SHA256
e25640d892492dc13297a58f5bb8da4c5b9c2fc1cd3087e3a8be15bcf6f2a2f2

SHA512
931dcd4b8bffc6d0cb32b72b3aab3da8d6343dbec3ebccb761b22509ef721e9459eec8747e7470a9af6cbe51e3beb7ab5137a6541996701d3501fc0096657c82

Download Submit
/data/user/0/com.bean.waist/[email protected]

Filesize
1.9MB

MD5
a4093ff606e7edf65c78c8da24d1d639

SHA1
87b80253a3655fa22173505f4147694f14161321

SHA256
09f108c4f340c8ba35380ef0dc49c8dc51af2f8992e5643c8f211eccc0510ebe

SHA512
52bfc258fd4f0efab3b13259213a2fd96d5e4800b2e517bd9b4fc46db1d3b05b14d9651d4cd197b88c1e0175a2a6e0eb6ac9bda1e6e338b4b81b481ecba652e8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads