Overview

overview

10

Static

static

6

0b1f689b9f...4b.apk

android-9-x86

10

Analysis

  • max time kernel
    179s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    15-07-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b1f689b9f8e8900f098098f115f52be3ff75f03233aaae6a6b1791e6b45cf4b.apk

  • Size

    4.2MB

  • MD5

    f0141e2688066259487f619b1dd4d15a

  • SHA1

    68010d532364ca8b6e094870352dfd7ddd60c60e

  • SHA256

    0b1f689b9f8e8900f098098f115f52be3ff75f03233aaae6a6b1791e6b45cf4b

  • SHA512

    181aa1233c34b9bc495746a86665d50b4803f16a70f0438cd5f34655538a9967d5ed872f60a653c301cf91a9a912f4237f72509c8796f9119980cc5585a80765

  • SSDEEP

    98304:Eb257Or8Gs7HRsJFr15eQ2pD/F28O+ObmINcmoQuPQp9:Qs7WJF5VsBl/rINcmxLv

Score
10/10
soumnibotbankerdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Android SoumniBot payload 2 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • fgaidedc.cibebedd.abddbhfe
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4241
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fgaidedc.cibebedd.abddbhfe/app_picture/1.jpg --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/fgaidedc.cibebedd.abddbhfe/app_picture/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4270
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fgaidedc.cibebedd.abddbhfe/app_picture/2.jpg --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/fgaidedc.cibebedd.abddbhfe/app_picture/oat/x86/2.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4309

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fgaidedc.cibebedd.abddbhfe/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/app_crashrecord/1004
    Filesize

    237B

    MD5

    2669d141fef85ad8961020634a4aaf78

    SHA1

    27eb80a076be1d07bbbaf6d5dd2e5e7e684c0c1b

    SHA256

    dfb8b7120d3853969ae3a5a56669b07a5ca424fa72b03f23e7068cb08cf013ed

    SHA512

    ed266fe0c03406eb5fe12cf0e82eef3a7ff32b4e17a66ba8f879b298f456576e6a3e8b628f03d74fb7fd0b86b37125197cc80839e1691b500ebcba2de97c7469

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/app_picture/1.jpg
    Filesize

    5.9MB

    MD5

    ecced970b6004b1bf2064bb863e66fe8

    SHA1

    41d40f7c6b3e16849562aaa90252a46be0ea7a93

    SHA256

    0f8f6825a7400f02c20e67b0e468f6441445ac4ecb7827548ec17618842ed0a3

    SHA512

    33ecbddb7a663274ec809b7ca6673814ed0ea4dd701a1d5e8e4887a93240ea5866d6136a1d951227c29e0f99752d5663d0fae73742b23c7e1411e99581231e58

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/app_picture/2.jpg
    Filesize

    36KB

    MD5

    62275d357e766f39af5b861919afcac6

    SHA1

    a3e57818b1e1626d2dafa00ff83b56d5abdd59b2

    SHA256

    b2a2648f6e4a9f2713d96cd8ebc0e74b42de9bac374772d819ec1996a0d45b65

    SHA512

    6f516465f7ac64f12944b6798df3565b346505d9a00d52f59344585271a1cb98d08ff4a9a7a6cbfacdb8107d175f5a47ec356c960313162d4ea717d63e0d5dd9

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    65c7f649687ff23898deda1dcb6d18e5

    SHA1

    f0a8772aa52555481c6f44d406551b6deda57602

    SHA256

    1bb4ba13962fc5c901657c90cae84ab9b59a218a07c729919825b0eaf0a5e08e

    SHA512

    1ba9adc8272b6574db013cd4de715eadc1739cc5ed12b555603767999d69110b664d207b28525bb620ad52403882989d34f7ab771a45e2c644771cca8d155ab3

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/databases/bugly_db_-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/databases/bugly_db_-wal
    Filesize

    80KB

    MD5

    dd732d37175ebade05c442ee930e74b6

    SHA1

    402820463bc81200a252e8239aff29b90da63c65

    SHA256

    9489b74c8f203f7f72f011a740c7cbf6fc60da73e9865aaf1b1c1f43cd5c7e49

    SHA512

    a40534fa266953914644caeaad5b6022fb5981c0798f423b6b47de1d9b34509917c84b14af7c769940428954ad186fa2a081dd3d84ada4c1add9721b151148ae

    Download Submit

  • /data/data/fgaidedc.cibebedd.abddbhfe/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/user/0/fgaidedc.cibebedd.abddbhfe/app_picture/1.jpg
    Filesize

    5.9MB

    MD5

    7bfa2b30b7bf41d2f64bccfadd3b2359

    SHA1

    a35605c4985048f2867e10e0de8dec01ee3cee09

    SHA256

    536614a49ff36eea649afd506f984cbc38647d1183d8ca44c490711d89a24d3b

    SHA512

    d8879773ddf9f56058dea802ad0cbc48f4b42b10050580de4040004fa132586d2cc7fe4b18f9cc534f8a1a709091816ff26dedaa5c2b97ceb543d65ec72d16fe

    Download Submit