soumnibot | 4625cdd7081f0f6e37491d9a4088cabd9935e2b3a3fa6ad20def3dc76a29de5c

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
12-10-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4625cdd7081f0f6e37491d9a4088cabd9935e2b3a3fa6ad20def3dc76a29de5c.apk
Size

4.3MB
MD5

ccefb13ebd0eaa4a682d582ee7ef92bd
SHA1

7fea7af543542183c964c5fe77724de743914cbe
SHA256

4625cdd7081f0f6e37491d9a4088cabd9935e2b3a3fa6ad20def3dc76a29de5c
SHA512

f52aa70fb46964f6c9ce619cd43c9425524aad9b1d7e718eff8af70234174724297d38966b4716d4dabf1601848c62057132a9901d1cd1564d6ec7a290b6857e
SSDEEP

98304:s9Ex0BCx8gDAV8n667GBoN8i/RNzWQ6n3VEO+v+v7PE1h1kCeMVIodL:WBk8gXnF7kC84KinU7PE/JL

Score

10^/10

soumnibot banker discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/kstmzo.dm.tbrz/app_dex/classes.dex	4276	kstmzo.dm.tbrz
/data/user/0/kstmzo.dm.tbrz/app_dex/classes.dex	4276	kstmzo.dm.tbrz

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	kstmzo.dm.tbrz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kstmzo.dm.tbrz

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	kstmzo.dm.tbrz

kstmzo.dm.tbrz
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4276

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/kstmzo.dm.tbrz/app_dex/classes.dex

Filesize
6.9MB

MD5
0b889e77c3f0d1d64c53bef1fbf178b8

SHA1
9a5410c2bc368e1900d8f6e106da0e175a45c965

SHA256
4bfa52cb9b8f3837157d902b521a9b402f51f54c895cdf36257afa1722a714c9

SHA512
e3f996881d4a26af1fc3cdd47230361fea77e2d5de66c4ac52b5a7b62b0c60cb607572ed820325a71d9935878581dcd1a60a17ef8725bd689ae298c5cbf05b2b

Download Submit
/data/data/kstmzo.dm.tbrz/cache/image_manager_disk_cache/88bfcb6bce24319bc05d6aa5fe4b75a5e42802c10bdd3167fc1c87916054b13a.0.tmp

Filesize
166KB

MD5
f75aaa920b08fa0e17bc524bcddc3747

SHA1
08b960b03fc9c3373940da5ed8ba8955f367c8de

SHA256
00af88628626e15db3ddf56bfba14e390b40b299d714998594d26e0714fef657

SHA512
c1811b5eaddd24f114b9b37644006f4751adcfa7b859912fb013fdf44d4866f726d3375fd931781b5070bfb3d92c3dcb053f43b6216648dcfaa71592f273a371

Download Submit
/data/data/kstmzo.dm.tbrz/cache/image_manager_disk_cache/journal

Filesize
180B

MD5
16a32559ff60385966e73769320fc47a

SHA1
99dc629f36569817bcef80abdea8d21ff876d14b

SHA256
4e2f0a2e3b5baa917d879a17acc900ae1b17d325f2dbab11312daac6ba588e96

SHA512
1b7394581056f3270c09d8e852114608f03d3b135d675b136e686a822fa1c523f3e010c3cfc4348e5c4a68447c65c16e37c44157d2e8572054d56a39f21b64aa

Download Submit
/data/data/kstmzo.dm.tbrz/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/kstmzo.dm.tbrz/files/PersistedInstallation4223439250080988941tmp

Filesize
568B

MD5
5e067b613b76ff9f5a5bda3152fc97c0

SHA1
6e236d84c32a625e3e9d32fb5ee1cc0977c199d6

SHA256
be0e239ddf88b18aadc5d4dc22b9c2530fa498e27016cd93a1ad1ec3eaffe4db

SHA512
feea414fb22215b601d829f6ac3c7fab9de89e6f1461f33e4582eedf1434885f35972507a9fbb7e6cc8a3e00339844dfb3281b77b109bbf3d62dad3475425c2b

Download Submit
/data/data/kstmzo.dm.tbrz/files/PersistedInstallation6849190945028004047tmp

Filesize
90B

MD5
e4ca3b23e6990f509a12ff9a63b1ffd6

SHA1
39ea7dda16b1d34d3403d4e20bae3b6d37a4df05

SHA256
25b6ed0442863f5079b7e75122ea53d83d80048cf56f205e01db8b683e935c2d

SHA512
6b72bf8ce2f59d55db62bef1dedff938e3d1cd39e54e1b82116229b6b8fcc900aaaf391eabb8e99da9bced30a1e6595840fa709b11e73714a682784e559e7ee6

Download Submit
/data/data/kstmzo.dm.tbrz/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/kstmzo.dm.tbrz/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/kstmzo.dm.tbrz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6be45d63bccc8bd2c43304d66557f4c2

SHA1
03cda279f43bf342019d76fdfae1c3a01df0e1b4

SHA256
48ed96bd436595f5b1dab1ca259855daeb6aa681179f229e4449dd4f939f1e84

SHA512
e8cdabffdd50ceefd8c0eb43c0a59870b250ecec78cf93ca8a27e3674a98f9d13ba43c4853b0b06d1a44d1002eff076f6efc3f63aa80e2b4199e8a39b8d95665

Download Submit
/data/data/kstmzo.dm.tbrz/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/kstmzo.dm.tbrz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a8b1d6b5eadfae9f25ece144829c61fc

SHA1
61d3791e1d9a69aa822feaa0d705f69a9f4d6862

SHA256
6f5536a8dc7838650cf13716d0540785c3cc3eecb4e9ba4de445c27169812860

SHA512
9deea150eaae537d761a2d9ba56c431b52ead1782394c75df8ffeceedb2f67c16ceb72a3f957cb49fb45706b2f18994b5e15438dddadc946aa234b2039e27f71

Download Submit
/data/data/kstmzo.dm.tbrz/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
4b17847b78c1ab0e880ed65062064d27

SHA1
03c2c010d1daa7e5937149866a1a8b8d42ef7f0f

SHA256
bc626faf129399abbc60c7e50c170b7c7c71b773bcbaa8bcf8395818892b7689

SHA512
b9e80e6f8aa639072b8d4124b51e06b27227d7d880308a87fb06e805c9fad767e441099c761d35f20ff94107971ee17a14a2168c3da8fd2b27e660ab0ab0aa5e

Download Submit
/data/data/kstmzo.dm.tbrz/no_backup/androidx.work.workdb-wal

Filesize
120KB

MD5
5fbc9a85b94534de1d63799ff4bfbef3

SHA1
40cbd146b112ad4f159fba076e516cfeef808635

SHA256
c69bf58440235c0c9e2880e8f65eefe885bafb19368ddc9c8e96bb13d84f5cc6

SHA512
51153340626d809a1595e7d4e0d4a684597a3662cc9298e3792f7f636ff0d2529294e28e86fa2e2db0f9fc2e4c0e7593334f8c3a17ac7bda9b94f6db831394b4

Download Submit