soumnibot | 437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17

Resubmissions

20/11/2024, 10:40

241120-mqrkqavgja 10

12/10/2024, 22:03

241012-1yvt1atejh 10

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
12/10/2024, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17.apk
Size

4.3MB
MD5

48f932bb31e422704fd463f73cdad524
SHA1

7e4b17021fe450b7b7eeae08b9988afb84bf9245
SHA256

437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17
SHA512

e98433cc4d23155cc545a9370a84a18716c8d4da66d782837b5848e253a44e9098e20afbfba0904abd0aed48c4c4051c908790af73ebe42b603598364ef66813
SSDEEP

98304:G9ax8Tx8QDAVQnxd11D6Yw9hEfA8iOahOYB+37C4lQT4q44YyBrMbCdiR:618QZnxleYw94AO7H7ZQTk4YyRUSu

Score

10^/10

soumnibot banker discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/kuj.uva.pdn/app_dex/classes.dex	4220	kuj.uva.pdn
/data/user/0/kuj.uva.pdn/app_dex/classes.dex	4220	kuj.uva.pdn

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	kuj.uva.pdn

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kuj.uva.pdn

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	kuj.uva.pdn

kuj.uva.pdn
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4220

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/kuj.uva.pdn/app_dex/classes.dex

Filesize
7.0MB

MD5
bb2e859ed4055b0fa9d40e3c9e7a04e1

SHA1
dfbadd6feeed02ad8b71f3d0172929d9b1401f87

SHA256
97ba27da82e3b3573ab0643440e4199b6237d075bd5824220d0cedfea1340fb9

SHA512
d4ee86cf22610fdcc5bd41f4ceb89420aec93de48150c90c61dfe67c8615a447855c95f606e6cc6d79f4fb2e10f3f95d8299c1a1817a28d09d054415a608db59

Download Submit
/data/data/kuj.uva.pdn/cache/image_manager_disk_cache/88bfcb6bce24319bc05d6aa5fe4b75a5e42802c10bdd3167fc1c87916054b13a.0.tmp

Filesize
166KB

MD5
f75aaa920b08fa0e17bc524bcddc3747

SHA1
08b960b03fc9c3373940da5ed8ba8955f367c8de

SHA256
00af88628626e15db3ddf56bfba14e390b40b299d714998594d26e0714fef657

SHA512
c1811b5eaddd24f114b9b37644006f4751adcfa7b859912fb013fdf44d4866f726d3375fd931781b5070bfb3d92c3dcb053f43b6216648dcfaa71592f273a371

Download Submit
/data/data/kuj.uva.pdn/cache/image_manager_disk_cache/journal

Filesize
180B

MD5
16a32559ff60385966e73769320fc47a

SHA1
99dc629f36569817bcef80abdea8d21ff876d14b

SHA256
4e2f0a2e3b5baa917d879a17acc900ae1b17d325f2dbab11312daac6ba588e96

SHA512
1b7394581056f3270c09d8e852114608f03d3b135d675b136e686a822fa1c523f3e010c3cfc4348e5c4a68447c65c16e37c44157d2e8572054d56a39f21b64aa

Download Submit
/data/data/kuj.uva.pdn/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/kuj.uva.pdn/files/PersistedInstallation6733970125804163861tmp

Filesize
569B

MD5
9b1a6e92121619543ce78195f7714277

SHA1
165d69683a450e21887cfe225cfded343a213562

SHA256
20b928d792d34dbe2f2415bef3a9ab3328df0a06e3e358e31cfd8697cd4f2735

SHA512
358cd571b8f5658756f3a3a67d65d3fd4ca78e5bbaf6ecbc769454ea8275dc99165da886156390f4d7b3588394b01044e49cd109beeda122d7d5a29acf92c868

Download Submit
/data/data/kuj.uva.pdn/files/PersistedInstallation8795363377863003101tmp

Filesize
90B

MD5
1daea11863fbb79db63588448fdda99e

SHA1
16e06927eca90f65aaeda6e9d899224ae478d16e

SHA256
07a9ab7028b02d4fdb80678e1694207c09231d3675c35daa8d15b5ef2d15a001

SHA512
c13dffb9c4d8697d67a79458383b33242c0df87cc4880fec041e25a7144f45efcea263bf6472cb4553fa63a969b7344426b87239943776f3d659b58648511bfd

Download Submit
/data/data/kuj.uva.pdn/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/kuj.uva.pdn/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/kuj.uva.pdn/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b5c020e420e4293723476ac62429146b

SHA1
ce137aaf35b7909085f2105a5ed29e2fc8ff8d6f

SHA256
55ec91b75658a972523301d1e8cdad41efe237fc6c9d8cec4aca255e023d3329

SHA512
d4dbf42a44076e34ce72dd48e138342e439f738c5bac139c0c3cfacdb46ca5f8d6aeb4eb0014fab32aee78213d626cfe7f27315ac9dab19a93c3135fdc550858

Download Submit
/data/data/kuj.uva.pdn/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/kuj.uva.pdn/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9ecfe5f7509cce287ae0ae2c6a2e4b99

SHA1
df204ce431abdb89df64ba2e1892dbb56c37395e

SHA256
4d554581f880ec62c96069f1462220a4555f8dd848347372ab5508422d367426

SHA512
1637f2174bb650ed1d8a8714e8b282782e20afc036af03de68acfcaa104367a2ab55fc91b9867c23cb1ff91c8e7637ef7351097bc29d83b7599f3db9b1a4f35a

Download Submit
/data/data/kuj.uva.pdn/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
5ecbfc57022b3c39167bdb831def879c

SHA1
163239ed65c4f484edcc22e32d6f7811aa37b5e4

SHA256
a5570d54cffcf074b8167a5d0f877b3c434608ed891b857e7752af42205cd3c7

SHA512
13c8abf8cdb9e7255f73e97795502e5fe8db10cc8cabd6032ba13f6fe3a6f8c559f1daf2f61a9458bb451b6558ba7998c747077a382ca34599e00d1a849f7c56

Download Submit
/data/data/kuj.uva.pdn/no_backup/androidx.work.workdb-wal

Filesize
120KB

MD5
7804cc48174630feb3065d9fadee1ccf

SHA1
08baa3f7029a0f937ee3e16dd36e3c6949748a9a

SHA256
473fc2514c96ecf27904b5f0f9262692d4dd8c104d6f75d57faa540c6ec0d43b

SHA512
b04b5c3d145173d6b0b3a31c37b728d67f694f5d2c187c43e837cef13a7a9c736b377032abf74916f3d959036613b715ab3b4907e5980de2b8e67e2c1160cc86

Download Submit