soumnibot | 5cc99ff25c71eb8110a1666607516ed22d4d60ee5f8132b686106cf13b89742b

Analysis

max time kernel
4s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29-07-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cc99ff25c71eb8110a1666607516ed22d4d60ee5f8132b686106cf13b89742b.apk
Size

3.7MB
MD5

cffbbb44cd99b1e17b68c356893e65e7
SHA1

72e4f468e7fdbe9cc092167abc2c26aaa558da2e
SHA256

5cc99ff25c71eb8110a1666607516ed22d4d60ee5f8132b686106cf13b89742b
SHA512

c1e336002dbcdac4ed7bbbc8ec81401da91f841df335614c714cba5bc9c15592be0be347d5985ce7c8a56449332b58d68069cfd8912ac11d04714fbaa17d7d53
SSDEEP

98304:qNn8ILrA5ersLxc4DYjxsFwjig1cwB8TdTmer0P:qhcermm4Dfijizw6TdiTP

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4650-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/rxiu.l9ww.j_2k/[email protected]	4650	rxiu.l9ww.j_2k
/data/user/0/rxiu.l9ww.j_2k/[email protected]	4650	rxiu.l9ww.j_2k

rxiu.l9ww.j_2k
1⤵
- Loads dropped Dex/Jar
PID:4650

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/rxiu.l9ww.j_2k/.jiagu/libjiaguv1.so

Filesize
1.7MB

MD5
5003333ff88476ce4785296250c4aea3

SHA1
60c89cd6dc8206801d99c4643fdbfe2f7adf3296

SHA256
a25b2f5ef38d8d0a0de91fdfddd05c95a4bd67b9b09566af154aecf9913f7967

SHA512
e7b419adb884e69f559d399c179227af89607b633afd0b41fb580e450a7eeae9831c80e30283a921a9a2f48d3cb0901201351b9de7414a7e51077134851b0614

Download Submit
/data/data/rxiu.l9ww.j_2k/.jiagu/try.flag

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/rxiu.l9ww.j_2k/oat/x86_64/[email protected]

Filesize
346B

MD5
b2af2bdede2793014edb124271b9b788

SHA1
f5bbbb731a610f7126feb1bce4f15d4e0476e642

SHA256
2945b2d557c86c91c71fd230e053a4521cecc38d3f45078ace5d1cec4d71d19f

SHA512
230157a4111a84482d52ffc15384eafe5f7f38467e8aac3255c293981812fab1dbf5ee0de2721490a0da6dd7e7c1a029f374bb4c01a06ddd93a398ba56d2d9a1

Download Submit
/data/user/0/rxiu.l9ww.j_2k/[email protected]

Filesize
2.2MB

MD5
f89dd77914b5373b7c6592a4a116c90a

SHA1
3af11774bc356e4ae7c70493d7061a3eaf731abe

SHA256
0a0bcaba1212ba8884993dd3c156507b4a9af8c46b99ca3856ba89c66474daa5

SHA512
d344408944480cd13215669b96c48bc4536f5a5ad6de466ea36cd3c3f11aec7e3049f25c05f5acb147a1784b4f5136721789b68d1990d1fce7ee3a43c0d4a974

Download Submit