soumnibot | da433be2058669b07a988adff07e5d01d2170990b7e286d6c79a6f6eb81c8902 | Triage

Sharing

General

Target

da433be2058669b07a988adff07e5d01d2170990b7e286d6c79a6f6eb81c8902.bin
Size

4.4MB
Sample

240621-azgqnaxgrj
MD5

823d8de1bd73ac64fa07a412734dccf1
SHA1

646b6e9789e813bc9aae8b406c7301fea391d8ad
SHA256

da433be2058669b07a988adff07e5d01d2170990b7e286d6c79a6f6eb81c8902
SHA512

42b810c7c9e08558832be4525bec6a17dfa9399a4ff9b5f81cf5c6a8f2f8e9579edb8e0a55b3ccb28414a2547daa7d78b30691029fb1179dd8ce7cde8709b826
SSDEEP

98304:lpgHpZ87W5cJRiVlrnxHe8n0kTV7X/ZFyniGs3P/rFYHP2Zr9j:qpWMcXi3UmJ7RsiGs3PJYo

Score

10^/10

soumnibot android banker collection credential_access evasion impact infostealer trojan

Malware Config

Targets

- Target
  
  da433be2058669b07a988adff07e5d01d2170990b7e286d6c79a6f6eb81c8902.bin
- Size
  
  4.4MB
- MD5
  
  823d8de1bd73ac64fa07a412734dccf1
- SHA1
  
  646b6e9789e813bc9aae8b406c7301fea391d8ad
- SHA256
  
  da433be2058669b07a988adff07e5d01d2170990b7e286d6c79a6f6eb81c8902
- SHA512
  
  42b810c7c9e08558832be4525bec6a17dfa9399a4ff9b5f81cf5c6a8f2f8e9579edb8e0a55b3ccb28414a2547daa7d78b30691029fb1179dd8ce7cde8709b826
- SSDEEP
  
  98304:lpgHpZ87W5cJRiVlrnxHe8n0kTV7X/ZFyniGs3P/rFYHP2Zr9j:qpWMcXi3UmJ7RsiGs3PJYo
Score

10^/10

soumnibot banker collection credential_access evasion impact infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

behavioral2

soumnibotbankercollectioncredential_accessevasionimpactinfostealertrojan