soumnibot | b12577e4f2d7f78b2ac810b7704d6488539beb2a106bb101c43981a6b11940d3

Analysis

max time kernel
5s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
08-11-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b12577e4f2d7f78b2ac810b7704d6488539beb2a106bb101c43981a6b11940d3.apk
Size

3.0MB
MD5

de5a39440a19c9639e08eaeb8108713d
SHA1

322482b8ba45cb648caa01cbc45a501ca5992627
SHA256

b12577e4f2d7f78b2ac810b7704d6488539beb2a106bb101c43981a6b11940d3
SHA512

c5c371e8be003cacd776fef3a4dbc7c4677d3f4aaa49274e6b8b8efa0d4b7efc5a897c910af31990918551443fe739d3f9918e1dd5479c1d58b1733eb36ac31b
SSDEEP

49152:AdwB+sXbQ/fZhlJ02ge3rDOGpesLNc2HSsqg1wHP2Zr9KI8:AxMbQHZhz02gCrle8C3HP2Zr96

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4434-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/hills.opinion.groans/[email protected]	4434	hills.opinion.groans
/data/user/0/hills.opinion.groans/[email protected]	4434	hills.opinion.groans

hills.opinion.groans
1⤵
- Loads dropped Dex/Jar
PID:4434

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/hills.opinion.groans/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
5e204ef07df65032c7c4ce6de4962e35

SHA1
16dfabde15ea7b30564bda5155bffa8cdb7d7bbf

SHA256
8ee0cf93b8b9ed6a53cf545211a7bf73dddcb0bdec2288fa97b5a94ec7359414

SHA512
53518af00b16f4885b88618e9a1c3f5fb4f9e95e6f55a3b13b142a0e18ee4b4b53f001d99a82b0db6e1020406e197d93d404798937a1b34b0a4b20331772507d

Download Submit
/data/user/0/hills.opinion.groans/[email protected]

Filesize
1.8MB

MD5
f28a496ac8513e80aa037ff98094ff37

SHA1
bd9bc0e038d52cb01b22a4cff4e08849cb58e523

SHA256
eca36ca8c597c65d223a22d82c889c82da6efb43c1adf7e3f8bb43bd196bfc7b

SHA512
93c63d1a2eb57dd019efafda5296ec750d2d48002f2a9e363c6d4b4ba4944cfa4319e6670e5fdd0b68097fd94f96a175cd2528bca3cb6df5f82237fc5c2f9726

Download Submit
/data/user/0/hills.opinion.groans/oat/x86_64/[email protected]

Filesize
402B

MD5
71044b1de02bf9d2a8c0d0d0db6e48a5

SHA1
10e1777cc51fff94d4a7de996ae5583090f00853

SHA256
2ad26ef27ca7a0facc395d0ea7e8be17d2baccba5120d8266ba56dbaa7f2baee

SHA512
0215c588a926a42785c4ee10b7c8b3b4f5b69f762bdfab2dd8797641e44dfd7f6e43bfa1ad4ad183480347f9356c27607b8adcac1117064ccf3eb00a8f41a9e4

Download Submit