soumnibot | 4600ed5fc19e49b077f89cac19b186824274d79de2bbbc71ad0e4c9d380c5afa

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
12-10-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4600ed5fc19e49b077f89cac19b186824274d79de2bbbc71ad0e4c9d380c5afa.apk
Size

4.3MB
MD5

37092201b61fb30091dbca1a8488d49d
SHA1

48396b6bd0afb497d603e948ab9ee22a40a53f37
SHA256

4600ed5fc19e49b077f89cac19b186824274d79de2bbbc71ad0e4c9d380c5afa
SHA512

29bbf302e70df704ce247f17e131d0ccc7b30cb4f074d1594b76bc9c094de522a714951ec0edba7de8c96013277ba86d8a22c370228fdd0984beab1fba263dc8
SSDEEP

98304:T97xcax8xDAVXWpG7o67avJ1kwuwaOA98bUBvfv8KREJddW2+p9dWTGEud9:Y88xsWpGc6+M+A98KREDdW2odXEe9

Score

10^/10

soumnibot banker discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 2 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot
behavioral1/memory/4345-1.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/shyfx.jn.iiy/app_dex/classes.dex	4345	shyfx.jn.iiy
/data/user/0/shyfx.jn.iiy/app_dex/classes.dex	4372	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/shyfx.jn.iiy/app_dex/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/shyfx.jn.iiy/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/shyfx.jn.iiy/app_dex/classes.dex	4345	shyfx.jn.iiy

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	shyfx.jn.iiy

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	shyfx.jn.iiy

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	shyfx.jn.iiy

shyfx.jn.iiy
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4345
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/shyfx.jn.iiy/app_dex/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/shyfx.jn.iiy/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4372

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/shyfx.jn.iiy/app_dex/classes.dex

Filesize
7.0MB

MD5
711cf4dc54fbca0c92271a751c767a62

SHA1
fb3f20f4b7cf84b2de0f7473e7c2bef31200ba6b

SHA256
c35ff6dd774b60d839c787e0360313497e758ddec2b433257f8382764a409571

SHA512
0d7becd881becadc153dac37f4014ace52e118aaf8375071227e13de90335d4cf9daeb7b3475af9af7cfef963ba37e3f90962945e5ee8c4a56f760873307c9aa

Download Submit
/data/data/shyfx.jn.iiy/cache/image_manager_disk_cache/88bfcb6bce24319bc05d6aa5fe4b75a5e42802c10bdd3167fc1c87916054b13a.0.tmp

Filesize
166KB

MD5
f75aaa920b08fa0e17bc524bcddc3747

SHA1
08b960b03fc9c3373940da5ed8ba8955f367c8de

SHA256
00af88628626e15db3ddf56bfba14e390b40b299d714998594d26e0714fef657

SHA512
c1811b5eaddd24f114b9b37644006f4751adcfa7b859912fb013fdf44d4866f726d3375fd931781b5070bfb3d92c3dcb053f43b6216648dcfaa71592f273a371

Download Submit
/data/data/shyfx.jn.iiy/cache/image_manager_disk_cache/journal

Filesize
180B

MD5
16a32559ff60385966e73769320fc47a

SHA1
99dc629f36569817bcef80abdea8d21ff876d14b

SHA256
4e2f0a2e3b5baa917d879a17acc900ae1b17d325f2dbab11312daac6ba588e96

SHA512
1b7394581056f3270c09d8e852114608f03d3b135d675b136e686a822fa1c523f3e010c3cfc4348e5c4a68447c65c16e37c44157d2e8572054d56a39f21b64aa

Download Submit
/data/data/shyfx.jn.iiy/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/shyfx.jn.iiy/files/PersistedInstallation1545850502437624305tmp

Filesize
90B

MD5
89729756cd0467f0aa95deeba3956013

SHA1
d311381b0130bdb3f1e01125197118a9f48da755

SHA256
20420628889a21d99e7b5ab2680d61438682b80b622a37569e1f8fd69c5c600f

SHA512
864180f2feafbf63fdddacc454345ae9fe67331b1a6f6446d92379f6373003cde2470485255e92d99bf6f7497a8ea28787d5561b08c893cf7cd847ca852fabc4

Download Submit
/data/data/shyfx.jn.iiy/files/PersistedInstallation8629016537302257271tmp

Filesize
569B

MD5
f30d53f000b2b1c3276e19e3171adda8

SHA1
ea5e7dfffcbbf9a091db8e0a763e396b3746e683

SHA256
583ebc2a2d857af71b27b8d32af11004fce0ef4f8feb357c3e3204859131c1c6

SHA512
37c3ea92577f689cd087bd9ffd42130fe8e8999adb7b1fe40df537f56dc6041f0b13372166d4e11c92a75ccf2815c1155a0e5aa8b40726d75adbf4a3f6d727fe

Download Submit
/data/data/shyfx.jn.iiy/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/shyfx.jn.iiy/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/shyfx.jn.iiy/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
04bf6dc96df540cb1bd315a17e8636a5

SHA1
d2fe3a70d1d805f2c7464d54bd0bf5da7c81534f

SHA256
ac5c865949a29f02a852ef79104bf71cdc8e11e3e32a7e637dc59730c33c5338

SHA512
6963ee74a7c706dbe47395696617bb71428ead4b4c2f8b78c66aa74b9918fcf0c4c0c9328bfbf264677fed6017deab4934b465796fea71158f13ffff4793ae8a

Download Submit
/data/data/shyfx.jn.iiy/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/shyfx.jn.iiy/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
76e4a64323f62b1987e547644f862a2c

SHA1
d1183890c24dea0f58cda3c4a9b5e1ad86d244ad

SHA256
fa8c6bc111dd0318bb61dc3f17b36930b702b2662cc64dfd415d845e6357effb

SHA512
8646a6ae44aa3e19c8bfe6816e8cf5e8a6b0d367e767c5ef93a9b13cf9fa67f98c5f52d93bfd1ab1bd7e73a22b957f016518b91350ac41df9c65f242da671b29

Download Submit
/data/data/shyfx.jn.iiy/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
2c9ac07c3138117ac8e49e890a82fdd5

SHA1
05341ae34b97142e001e7ecca11fd896bb45cbd0

SHA256
ab4a5aaaccaf7a336785de1ba50a8bb5e14e997eb144c6213dc2ae14e01580f6

SHA512
5ebf9802bb5873f471fc90383b89f66bc28f2cbb8f2aee8a876d1c7ca69c032dd9fd3f34667f9f83459b23a65d1df07024dd84b5bd50c2243c776c776c58b333

Download Submit
/data/data/shyfx.jn.iiy/no_backup/androidx.work.workdb-wal

Filesize
120KB

MD5
89d3003618f6de946a274a10ac9d8c57

SHA1
faa6c8c9ae79cd2c8a35ab646cdeef0766991b0e

SHA256
774ad29ab4b0d887c9d240d18fe8ef65423b2f1433c927ee698f8302fa9ed2b8

SHA512
f0c0782734f080c9a440173ae8345dffe1b4d91766a2c4e448070939c1f0acac35c42c3080a93ca2e2f913b606e765ec4696aabf65fda221e4d0853e4b02ad07

Download Submit
/data/user/0/shyfx.jn.iiy/app_dex/classes.dex

Filesize
7.0MB

MD5
3e93fe6afdd30cadfac631fb3ac615dd

SHA1
89d090e71cfa29d9a44b7f83d55606d392259d5d

SHA256
aa15d0c5d48debfe0582736c5a5323c520aa619115b4ba60bf8192d688a0444f

SHA512
f83529c2421a6a20c0b899a8ad1df7a6d2750d3006fc8328d38a6ec3f4831323370669d167b67c643bfe931807129e450752fec51ecc17092174babc42f690e4

Download Submit