soumnibot | 09eb8f0de5f1f0c10ddbe76532f22149e15112858c153f942d75b2d32c25b127

Analysis

max time kernel
149s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
11-10-2024 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09eb8f0de5f1f0c10ddbe76532f22149e15112858c153f942d75b2d32c25b127.apk
Size

4.3MB
MD5

0bc28a430a3eb7b94be4e6854cdd5fc0
SHA1

69266b9b8eb7d7544a7f3efa703b2bf37903b914
SHA256

09eb8f0de5f1f0c10ddbe76532f22149e15112858c153f942d75b2d32c25b127
SHA512

991cd3ede895244f23146cdae8ffaef428d7ec49e4cfcf2354761387d4aa7199b160174bba04af6a400090b290a721c47f493a5a8b558374b6f535910dc27e07
SSDEEP

98304:o9LxQCx8CDAVwiaIeF3arLvzQ0zzymwTSJ7x2orSB4d38:Fk8CTiaoLz/zzymWSJ7s638

Score

10^/10

soumnibot banker discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/knwj.dzn.fk/app_dex/classes.dex	4217	knwj.dzn.fk
/data/user/0/knwj.dzn.fk/app_dex/classes.dex	4217	knwj.dzn.fk

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	knwj.dzn.fk

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	knwj.dzn.fk

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	knwj.dzn.fk

knwj.dzn.fk
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4217

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/knwj.dzn.fk/app_dex/classes.dex

Filesize
7.0MB

MD5
6a14b3871db03de3693dd3862fb0988b

SHA1
719ff9a1efbabfd91d837fec8df346a36b419d14

SHA256
4e37da5ddbd6a9e91933edc388c3d00beb3ef0996c931e58458dce3c26083f6c

SHA512
90b9e56e0c9433fe2565415ac2c5a7c4df2929761183819ea5e1eaf4ea7ec49e36354c17f9962ccbe04bfffc0745f451368f6e44ef73b7dd647ee3f3c59ecb13

Download Submit
/data/data/knwj.dzn.fk/cache/image_manager_disk_cache/88bfcb6bce24319bc05d6aa5fe4b75a5e42802c10bdd3167fc1c87916054b13a.0.tmp

Filesize
166KB

MD5
f75aaa920b08fa0e17bc524bcddc3747

SHA1
08b960b03fc9c3373940da5ed8ba8955f367c8de

SHA256
00af88628626e15db3ddf56bfba14e390b40b299d714998594d26e0714fef657

SHA512
c1811b5eaddd24f114b9b37644006f4751adcfa7b859912fb013fdf44d4866f726d3375fd931781b5070bfb3d92c3dcb053f43b6216648dcfaa71592f273a371

Download Submit
/data/data/knwj.dzn.fk/cache/image_manager_disk_cache/journal

Filesize
180B

MD5
16a32559ff60385966e73769320fc47a

SHA1
99dc629f36569817bcef80abdea8d21ff876d14b

SHA256
4e2f0a2e3b5baa917d879a17acc900ae1b17d325f2dbab11312daac6ba588e96

SHA512
1b7394581056f3270c09d8e852114608f03d3b135d675b136e686a822fa1c523f3e010c3cfc4348e5c4a68447c65c16e37c44157d2e8572054d56a39f21b64aa

Download Submit
/data/data/knwj.dzn.fk/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/knwj.dzn.fk/files/PersistedInstallation3102802038583544531tmp

Filesize
90B

MD5
3b3aac68f94acc511a6738a88193944e

SHA1
901c87507c1b202bffe236b851eb38804742a6f0

SHA256
88666ccc79554871ffe26d44df353d74c87e82c0c959e4a2a6eeb905e1bdbdc4

SHA512
86c4a90194bbdd0864755f6f8f92307c7819e2e67a1aebc79ab3ef98ae6dc0968c7864a343201aebb18bbadd59f14b3fb4ff4367932e98eb029e83271aa3ee94

Download Submit
/data/data/knwj.dzn.fk/files/PersistedInstallation351232261029744850tmp

Filesize
569B

MD5
c329b61e609d2158f7aaaee192cc90e3

SHA1
ae2b0d2b6585aaf600ac00a500951f3df4a698a6

SHA256
69109d4096312f22b9e48c0d95d732b077874bd1fc4765984681cc74eb08c98c

SHA512
4c0fd41482979c0f5b56bec929a0cf2b5344a7d0a3e41ec80f357afa979124df8b229855d7d00a33b0728bfacd2b401f6f460b0ba0f4f556f97cffdeffa57484

Download Submit
/data/data/knwj.dzn.fk/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/knwj.dzn.fk/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/knwj.dzn.fk/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
201a8db466f85f2ea6131bbf57583d07

SHA1
afae327c97b871e19f70fa68331cd8fda5a7e5a9

SHA256
9eef0fe80ef60d065527f569bd4158bf2da654c43688eac77794ed1ab859663b

SHA512
930d003fa3968b4dab1eeeab1014f90645b885e7ef9a98ccef8d620184ccaeca6d52eb8a124436a8054c0fc689cf6a772d4b58dd6020a43fc99c3f90c22dd1e9

Download Submit
/data/data/knwj.dzn.fk/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/knwj.dzn.fk/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
00c2ac39676a5ee55f177a8f95f29c3c

SHA1
176a69008901ed0e05ef73924f186d9aaa525047

SHA256
d930069cea21167439ecd2f09b35dd599771280c59731a38a0ee0e4521ced8d9

SHA512
bff74d28f598b493370d2ba1a0ea3e888b86deaf61e3d75f605c7dfa39d8be01cb400dbfec4d7f125fad8785b4a568b2fa543403931cebaf47b00b1b03aff755

Download Submit
/data/data/knwj.dzn.fk/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
efe432e20d20fa63b5918bec2357cf3e

SHA1
d88865a15477d9cb3fee923c58556c1c37727705

SHA256
e38b9555b6b494e42aac80170d82999ce4cb86b02fb9bc16d003b4e53f433efc

SHA512
eeea5604def26666cd34a0b2ea1d6fccffcca2bcf068ac6ec03315a72c6d34e78e273491977f8e0c1dee442fa662529e4a8f1173c1bad5ee2ae209ae2024dbe9

Download Submit
/data/data/knwj.dzn.fk/no_backup/androidx.work.workdb-wal

Filesize
120KB

MD5
a4e59e3f6bd53922e51b6d6a2d7e133d

SHA1
7d1b623e70b95e5f8be587f28b1d6edae44e5b67

SHA256
d70ddf2adad3026a3b546472fa8736861f011a00be1e199e383d06e2be99badb

SHA512
31b9224b036ae6e59e3ebb6d29c7b82436863838bf2c7ec07169e20f9c9809b69f45c31de84f97d8c2631ee67b37367308193fc0c32ee8316a52baaa23daa59c

Download Submit