soumnibot | ace6940e4bf7b2b1b07d601166453730252c2a873fd57609e686a1cd2b9c3690 | Triage

Sharing

General

Target

ace6940e4bf7b2b1b07d601166453730252c2a873fd57609e686a1cd2b9c3690.apk
Size

2.6MB
Sample

240725-md891atanp
MD5

85c4fa5079b6f9cfa18ad731c5fc7f17
SHA1

cce52b2c230696cd0db1b1442d8b35a478a58dd3
SHA256

ace6940e4bf7b2b1b07d601166453730252c2a873fd57609e686a1cd2b9c3690
SHA512

97f23bf7428225c8a101159e3ab861bb5bd9ea93c0fd4a031457e85e54084a6f9111ed2fea86fd9996f6c72a0ef68da0e64a0d755426b8f99fcd4a7bcac586fb
SSDEEP

49152:JT/WZ7mNgS3YjJEBElX9iXAu1IgAOlgYk7Hh3fo23uMS9X79G3bxFh+9FPFKFXF5:JT/WVmNJ3Y1dlNiwuLlU7ZD3uhG3zAtg

Score

10^/10

soumnibot android collection credential_access discovery evasion execution impact persistence

Malware Config

Targets

- Target
  
  ace6940e4bf7b2b1b07d601166453730252c2a873fd57609e686a1cd2b9c3690.apk
- Size
  
  2.6MB
- MD5
  
  85c4fa5079b6f9cfa18ad731c5fc7f17
- SHA1
  
  cce52b2c230696cd0db1b1442d8b35a478a58dd3
- SHA256
  
  ace6940e4bf7b2b1b07d601166453730252c2a873fd57609e686a1cd2b9c3690
- SHA512
  
  97f23bf7428225c8a101159e3ab861bb5bd9ea93c0fd4a031457e85e54084a6f9111ed2fea86fd9996f6c72a0ef68da0e64a0d755426b8f99fcd4a7bcac586fb
- SSDEEP
  
  49152:JT/WZ7mNgS3YjJEBElX9iXAu1IgAOlgYk7Hh3fo23uMS9X79G3bxFh+9FPFKFXF5:JT/WVmNJ3Y1dlNiwuLlU7ZD3uhG3zAtg
Score

7^/10

collection credential_access discovery evasion execution impact persistence
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionexecutionimpactpersistence