soumnibot | 67cdce9dfee4dbad6981af897c13ad57b8a7a7971dcc34f2c24cb4623442f769

Analysis

max time kernel
5s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-07-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67cdce9dfee4dbad6981af897c13ad57b8a7a7971dcc34f2c24cb4623442f769.apk
Size

4.4MB
MD5

4dc32b44b360973b719e8165bf672e24
SHA1

78c841e3f736a93eb7c6fef45dd34a624b3e250d
SHA256

67cdce9dfee4dbad6981af897c13ad57b8a7a7971dcc34f2c24cb4623442f769
SHA512

0d1d240f79fce3270a02b7f0b538d3e122a6b94265dfe8896bd9a77ab3e6e7a4792dc80728a9c2ea43e02694da39a5423706eb9faacb6051090fa6e84f5d14fe
SSDEEP

98304:3NxAB2Pi733Fz+EHx21xAYCL/MJhpFds2b2Pgt0Yv:DGy8zNR21xAYO/OhpsKtv

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4260-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xcf55b000-0xcfb4d988	4260	ibcedeeg.dchidebh.jaededhi
Anonymous-DexFile@0xee8f6000-0xee8ff168	4260	ibcedeeg.dchidebh.jaededhi

ibcedeeg.dchidebh.jaededhi
1⤵
- Loads dropped Dex/Jar
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ibcedeeg.dchidebh.jaededhi/.jiagu/libjiaguv1.so

Filesize
125KB

MD5
866463144b4407ff376bb9b5ecc5fdc1

SHA1
4cc4fff0b1e6b30397c15331c74d76f567f5873d

SHA256
586bee24435fcacc85dcf27cfa2324ef64623c59d9029ce51fb28cc285d20367

SHA512
46510f9bad0136541e9a46358593e766a37bd38e93664bb5f21e5e0569aa9c8b674d99592d6d5dd4f25dd857dcd766f6a311f695faf0ddc900e9f75a13792980

Download Submit
Anonymous-DexFile@0xcf55b000-0xcfb4d988

Filesize
5.9MB

MD5
40881273d7aa78219742e7df55255b56

SHA1
cb1b1b2dea6dc46470dd211539b2c250db80baf6

SHA256
fa3d0a777dbc8250937b250265140d44b2148208373b67fc12b495fb7a7f29bc

SHA512
414434cc46a07b3533d863492b193c0a12ecb9c80f5a6906663d1deabd906063d0f2f83a513dfff25e685b38ab01803f5e2c1f18347c29c15f723504eeebfee4

Download Submit
Anonymous-DexFile@0xee8f6000-0xee8ff168

Filesize
36KB

MD5
62275d357e766f39af5b861919afcac6

SHA1
a3e57818b1e1626d2dafa00ff83b56d5abdd59b2

SHA256
b2a2648f6e4a9f2713d96cd8ebc0e74b42de9bac374772d819ec1996a0d45b65

SHA512
6f516465f7ac64f12944b6798df3565b346505d9a00d52f59344585271a1cb98d08ff4a9a7a6cbfacdb8107d175f5a47ec356c960313162d4ea717d63e0d5dd9

Download Submit