soumnibot | ac7619982b640793daa7d61c3e161b49303125977f1774692e16f031ad9b30ce

Analysis

max time kernel
2s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
06-10-2024 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac7619982b640793daa7d61c3e161b49303125977f1774692e16f031ad9b30ce.apk
Size

2.1MB
MD5

e3a1dc8cda6bf4c6599daab3ad24dec2
SHA1

2e7c31a0f8c03d908ddb42c97ad263c2879df076
SHA256

ac7619982b640793daa7d61c3e161b49303125977f1774692e16f031ad9b30ce
SHA512

5d7bad66acba035a3655d76f6cb2298d574f34d99740d60d88ea5682fecc75044c6816e9c2d81607e7c7070d9cd95e76257c63c42dce5ae14615a2a323e9e0d5
SSDEEP

49152:r757ed9ce56eNlqMjF5KCkrg0jVPL2aJWu0a1V+AiB:r75q/ce56GXF5KCJOcatiB

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4805-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/smk43.k9z66.pb1fl/[email protected]	4805	smk43.k9z66.pb1fl
/data/user/0/smk43.k9z66.pb1fl/[email protected]	4805	smk43.k9z66.pb1fl

smk43.k9z66.pb1fl
1⤵
- Loads dropped Dex/Jar
PID:4805

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/smk43.k9z66.pb1fl/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
5107dfedd09395af41fb9eed0a945fa0

SHA1
cd00d76fb6ea1395c86a130058102fa164c8cb0a

SHA256
b18f5f324b7b8af370156949098be6c48d20ab05475203ec84a980a058563d95

SHA512
9d22986ad1ce3e21696584fcdb4214db1e2811bee008fe8fa4b57ca2517604db35522266480e98705446e4aedbb72a95c89ae7046560ceed200893ec185957d3

Download Submit
/data/data/smk43.k9z66.pb1fl/oat/x86_64/[email protected]

Filesize
353B

MD5
0b168069e4fbfa12be24c8efeeba7aec

SHA1
b91241ecb3347bceaac1d35297f4dd1f5ebbce63

SHA256
f4cc3c399c45af9a1bade914aba5c36b2917c665c9c95c70c86a12150630e8d3

SHA512
a3a3c3361b7fdc3713f399f3117d7b292a1231f83bb9dcf4a74466346f40d4661691d41142202b16438f3d1f25b5285733d92e9996ceb1d2e96361df64b7012b

Download Submit
/data/user/0/smk43.k9z66.pb1fl/[email protected]

Filesize
2.2MB

MD5
e9b05eb79c191044cce0c82a9acb0d4c

SHA1
7654f6f9e88c0537105470b57025b4b8d0b1c079

SHA256
b45b8324bba866b949969d1c37ce11c104f4cbcc4abb0aac6598bd5d2d110a16

SHA512
59355372729db604bf2997a0ffcf31462bbf554c7c93298d3337803fa96f461666b6cf530e54cfcb4099e9946d1b445f0690f72e325727866eea5817cadb36ca

Download Submit