Overview

overview

10

Static

static

6

cdb1e4e046...02.apk

android-9-x86

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    12-09-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdb1e4e046c78783b9aea5b9b9a141d0f40cb41793be76ec06351a9d20e5d702.apk

  • Size

    3.5MB

  • MD5

    84726f482e92056fa5261c0fac085946

  • SHA1

    5802de8f45415ddbd7be51baad31a4ec81935692

  • SHA256

    cdb1e4e046c78783b9aea5b9b9a141d0f40cb41793be76ec06351a9d20e5d702

  • SHA512

    ac993ebcf1e838677f29afbb0a5cba2a94add745e0dd6977eca16f32881d84abf7c32b28857d34199f869e1ebbc5562b3de1ce539271f31811de3fc221b59135

  • SSDEEP

    98304:dZxgtImjr57+llJTK4AvgTDxIRUYRegfdpB7Ej8Pv:/6tIY+lDKUTD2e2pmAPv

Score
10/10
soumnibotbankerdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • Android SoumniBot payload 2 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • mmsll.aiijx.tyfv
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4349
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mmsll.aiijx.tyfv/app_dex/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/mmsll.aiijx.tyfv/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4376

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/mmsll.aiijx.tyfv/app_dex/classes.dex
    Filesize

    5.7MB

    MD5

    474e486a2327fe3c39cafe273b8da408

    SHA1

    c8e4c6068f990f8ca457a1857db1c130e79a8a5a

    SHA256

    d04a1967bc4f84b36427453101cf398fc6c1f21d32da09d304e7146daff1b3e1

    SHA512

    644d263dc77ff4028963d59372312ba303fbee963c1db166a7bb878e16504b90b5261fa3f1c8e639f1088dc12211fe9481b1873129e99a8ed8fd7c80dd72d81a

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    13e55cdb572f65a1f54acccc11941388

    SHA1

    89d1ad3e8f7fa766fb72e5eb6c266868f349c2fd

    SHA256

    ea58dcd5b248f837267d402e6c765f762e9b2beb6fcbc61c39cf6f9f8b1129a4

    SHA512

    e9746f8bdfb61b3dd817ad5746661ae0236bf42b87609f36f61c4d88ef311858c658c23be70b7526b86e9e59e37a40efa2150d898cab529bfad4caeb0f8e3d96

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/databases/com.google.android.datatransport.events-wal
    Filesize

    68KB

    MD5

    e23be193be0f48c41650c1551e530482

    SHA1

    d3fad303ab5e1af2e25ea4ab35f9a107b09e18e0

    SHA256

    033764a8dd3510c0c5a664c5470ad8e69e915bd6532b8fa3963345155942a6de

    SHA512

    134395c30f44655457a2bf7463b993a6d20655a5ca3a17abeca24876b390318b63c401ae672dbd17f415bb592789e63aa3c55faddbc713a1f7d1f42e52a66cc6

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/files/PersistedInstallation1248035180331952543tmp
    Filesize

    90B

    MD5

    e022d1bb2d012ea1fb6d58586b54245a

    SHA1

    b32c15e301b0d34bb4388138b14c58e1132aa607

    SHA256

    41e33fbc08db66617cb455c114a1c5f4a6e1f20be134c25ac03dfd0a2f955d1e

    SHA512

    1cf00983cebbf0ce8212688e6fc8047d01a55f756fb7aa11cfd69af9ff22a4f5da8fbf300ef8184262e08f5d5485d0fa403ae7841c95bb4e0fff4cda12acc22c

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/files/PersistedInstallation748913965366546800tmp
    Filesize

    569B

    MD5

    d528860038562769289e7464d6eb9d12

    SHA1

    796cf173bfd8b0d1180509310253eac87085f0cd

    SHA256

    1ed71ef04f6d10d7cb0095c540552966c4afd41b4bea8535c425f438a2ca2230

    SHA512

    90a9faa8afd31aa3d638e0b6a6269c8889b086ad998d3344008c91a29b082b08e45960a59de9c11ca1ffccc972dede47e68370f74931d774cce3217cc7b3fb80

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    e9df45df32fd23b11e0544d139de16d0

    SHA1

    22042c9773291927151c0aaefb5ce05311a96944

    SHA256

    23b823a08d12e68550db137f76f195fb84fdadb0f63db5b78b62912247a1551c

    SHA512

    218fc2a67b820196d499d140e573c7092a8390868049579ae0946c7c13f3a5c48b0c9338e0b14e79a7d3e70ee7d68fac5899f12d58dcb93bd25ea1f8a561ef3a

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    c006de9e7f00422d1a015bbc0a254879

    SHA1

    95c712e5833be0c1e4b0c4dd7ac35e28cc4a2444

    SHA256

    02676b179240c7c7c3206cff23f503b87ad1c5879879e9de360715929ba28749

    SHA512

    023286ca2d58b475b52aad3dcd0cb474bf908eda6a689fc637a8c3edeea703fea328eeb37a532bd2fa978580aef66e692cf73b762b0f9d8eb7e58d38d72709b7

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-wal
    Filesize

    112KB

    MD5

    324182e0bb4b36147469fa14fde2d363

    SHA1

    c5f013eb2e113e89fb7ef0d214f5f46be82cebfc

    SHA256

    01f3aad3111ff1a79c0bca7e24fd8041d3656235308d8258a61ae23a34ec0994

    SHA512

    1ee6a7e00218e5a72a174d07ebd6b1e94c351f4046575330fdc8fe6d79924b75f6d47882e0539d7372d9f99daa60b0f894aa1454847a8002c5bc7baa96de66c0

    Download Submit

  • /data/data/mmsll.aiijx.tyfv/no_backup/androidx.work.workdb-wal
    Filesize

    120KB

    MD5

    07d3edbadc6322632b4a97bfb882c3ad

    SHA1

    67b3abdf1251025192bf035a772868f85c342a83

    SHA256

    fa298173019d8c3583a14b4b89d308cd7e8fc1fbfbe55a86a7f49ea950e8c658

    SHA512

    632c4d4fafa6d2ba53a808cb3ea0ea572a18454ca233dbce01aebe92c106e5a7a1c89ac2f3dd7d2de28ddd99f35b2171c218effacee031a8cd028f6c4d6bebfb

    Download Submit

  • /data/user/0/mmsll.aiijx.tyfv/app_dex/classes.dex
    Filesize

    5.7MB

    MD5

    d6b1a0f8723f00eb59ff06ada71cb99d

    SHA1

    8d3fc00aa935a793f84092e921279d60bda0a58c

    SHA256

    c14c4cf13befe6d59de8eee93e616a9945704a925f2d504510b4d918b2ff0360

    SHA512

    e4e454f3da8e5275be3aebd8fe4f4d9a24a5576c22f627fcd7c996e0264fa5d07ddd89d928c5348c4e9403f6bf43ffade06c69fd26473d0a1d74547227fe17f2

    Download Submit