Overview

overview

10

Static

static

6

30df97ff3e...08.apk

android-9-x86

10

Analysis

  • max time kernel
    179s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    05-08-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30df97ff3e61e7d2be4e698222800deddecb3edb2154e03a3b8380ac6f6a9a08.apk

  • Size

    3.8MB

  • MD5

    79eb995a05ea272dfc681c8f5366f56a

  • SHA1

    a53b98dbc24f233df03647be83c448ce2fe30494

  • SHA256

    30df97ff3e61e7d2be4e698222800deddecb3edb2154e03a3b8380ac6f6a9a08

  • SHA512

    43bac1f2f70f989ad4a93c75302dca58933308e43cb5c428ec6e6a871e95db5589fb43654211591dbfac02650cf6c64be9f4cdf9c769c76ca67e9d9c9f705fa6

  • SSDEEP

    98304:3oZn20M8mUNiFKZ31HrV52gQYpyb2Nd4uwGnppS:3/0M89TZ31Hx5p1d4uwGppS

Score
10/10
soumnibotbankerdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Android SoumniBot payload 2 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • sdkfk.esfoosweivf.eswgvlof
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4311
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/0.pobfs --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/oat/x86/0.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4336
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/1.pobfs --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4371

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/0.pobfs
    Filesize

    5.7MB

    MD5

    125d37ce6eb2c1479ca7ca7893dbc3ad

    SHA1

    c22a5221113f481fb8639c1a3bf94a49c8d180bc

    SHA256

    9bbf4a57e35ef2c888577454e3bcdfa1fd2ff0be6babce306b495bdd761e518d

    SHA512

    784ee794ef5534dfc97a045d5cb7d6f00760d6fa62e51975d07745ffd6241998e6e8856e11bfb26ce508f4b60e7dad316830a595e144351512204893e64a12e3

    Download Submit

  • /data/data/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/1.pobfs
    Filesize

    4KB

    MD5

    3078d6d24cc2e13a38f5b788766bd1d4

    SHA1

    70aacc26fb26c114cc9deba310f0fdc78913dd7c

    SHA256

    45fab82c2bcdb61c4242afd15cb1fb7f42ab6110fc0c68ddfd3c4c46cce5307f

    SHA512

    ac16d43d8feb21306326a506c9030a443f819fdcf1b1d650338850150ae6db8d1c50118f8d6ee7cbadd55f864d7fe5cef1dcfc71742a73eafe0efb945b9a61d2

    Download Submit

  • /data/data/sdkfk.esfoosweivf.eswgvlof/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/user/0/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/0.pobfs
    Filesize

    5.7MB

    MD5

    d5ddbff0ab570d91a71f726c1f3db434

    SHA1

    22ce0f5f368bac1816490785753ca566106daee8

    SHA256

    1c8f84f3c3937dd11208935d73f0f4913b3943fbcc8a6e5ce76f68f2578ade2b

    SHA512

    5172721eb1650971633cea24e0ddc19422e8ebd68342f00658d9376920421f048162b43eefdc223dcdc58b4048c5826e9a7b4befe78b60e7a1455e49db4c9239

    Download Submit

  • /data/user/0/sdkfk.esfoosweivf.eswgvlof/app_sdkfk.esfoosweivf.eswgvlof.base.BaseApplication/newobfs/1.pobfs
    Filesize

    4KB

    MD5

    d060bca060834fb124ed1fb797b6e240

    SHA1

    27810659db02db00868cf6ca919eca202b463af1

    SHA256

    bd42f2fec1bf1a5bff77afe9a3fdfb0e2fcdbf9ff0416bb7249da2d285461c9e

    SHA512

    8fff163d9a6db511147aa9056b73a02b0ea34939a190b619d16fd83595bc6d7571276f00885903e5101d0c58426be7b700d86a0712aa2a182ad639aa761becf3

    Download Submit