soumnibot | 62acd5f13c53554bb416ca655ab20128b4b740f84264d69055446125276e66c7

Analysis

max time kernel
4s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
17-07-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62acd5f13c53554bb416ca655ab20128b4b740f84264d69055446125276e66c7.apk
Size

2.4MB
MD5

cba8f182e007bb9e629abbbabeb00f84
SHA1

55419e7d2cf279fbfa892bb0853575136d9bda71
SHA256

62acd5f13c53554bb416ca655ab20128b4b740f84264d69055446125276e66c7
SHA512

9f2390819c2d5ae266524e0430ca15d5012fda419c25cab593e8a78053239a3545a4ae3f253730ff0f5c2d57b93e633c2f23b1940d0ca011433ab5a8ea242409
SSDEEP

49152:52J2pd8k24m+tQzoeJcnM3RYtXwfO2h812TIUny/JWu0r0OwS:fpd8kV4c+cMBuXwm2h812TNny/cIO

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4321-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/lfdj.lv2q.kwuh/[email protected]	4321	lfdj.lv2q.kwuh
/data/user/0/lfdj.lv2q.kwuh/[email protected]	4321	lfdj.lv2q.kwuh

lfdj.lv2q.kwuh
1⤵
- Loads dropped Dex/Jar
PID:4321

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/lfdj.lv2q.kwuh/.jiagu/libjiaguv1.so

Filesize
302KB

MD5
9433b9100dbdf7497b7aeb2181efceb2

SHA1
cb878fc2f77e51122cc6adc4ce5f2fecd5517f0e

SHA256
54ea6d38e3dfef36caf0b5fbf492c054d93c22ec8c1fe11aaac14129b65cc904

SHA512
9c5259a9a7cad89d9ab4458d2b2dcb2c56457d28b838d0d9737f1f0ee2d98b906616de98d63592af17aa1bec320c3e1d3e0e1b49d4eb2c82a8e0c1e6dd617766

Download Submit
/data/data/lfdj.lv2q.kwuh/.jiagu/try.flag

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/lfdj.lv2q.kwuh/oat/x86_64/[email protected]

Filesize
61KB

MD5
790c7d7ca7ae874baf155749c988a128

SHA1
e11aab059472d57c1e01072bc2825f0564e841d0

SHA256
e5347d0dd8e6ff18e431bacffcf860c05466eb7b8cecaeb43cb6263e5c803823

SHA512
e30c89764a5da79b91307736f900ad04aeb13b8f5ee6a179681e489b2a34ab9a299f403a26cd7a5f94faa03ef26bab2b5bf54c430281448f3889d234e71f9fe8

Download Submit
/data/user/0/lfdj.lv2q.kwuh/[email protected]

Filesize
2.2MB

MD5
808d8b842918fbe2e29438483ecc21c6

SHA1
ad0d54f3df71a3ac037443c23ff8b3cb90816c11

SHA256
b57f1e06ce5ce8b61777b4b445dd9d8586ffd366bbdcf3b5cf224fd71902c0e1

SHA512
af3d98e5125b0d173dc1318b003d7b9963e7b40c4c90deb869d920ef11b3210af5ab8c875bb277cfb588436862c0c64c13c7f6654c00ca0cb77a1f95f216b050

Download Submit