soumnibot | f5913ecb4ee9204d74904634cb73e829ce017b6ea821ab92a65700fcc372cb60

Analysis

max time kernel
5s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
10-11-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5913ecb4ee9204d74904634cb73e829ce017b6ea821ab92a65700fcc372cb60.apk
Size

2.1MB
MD5

94af3cb3576b8db0b947673c018deea5
SHA1

4bc4cdd9fbfd1b35d686e6ee04a8ab028d47f8fa
SHA256

f5913ecb4ee9204d74904634cb73e829ce017b6ea821ab92a65700fcc372cb60
SHA512

253f84430abeea35ea2361630986dccad97297ac6831b18891ea7acac69c07a0f669c4ec219582d0d0e44065df8b53606a111adefb6efbf6ef366437efefd450
SSDEEP

49152:h7xT5n++4M+8kbMXHaTh2Fw9tGUfBJQJWu0xB9gSoJO:h755nf4MhkbMqTh0s9ZGcxwJO

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4654-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/szb3e.atrr3.okzck/[email protected]	4654	szb3e.atrr3.okzck
/data/user/0/szb3e.atrr3.okzck/[email protected]	4654	szb3e.atrr3.okzck

szb3e.atrr3.okzck
1⤵
- Loads dropped Dex/Jar
PID:4654

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/szb3e.atrr3.okzck/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
5107dfedd09395af41fb9eed0a945fa0

SHA1
cd00d76fb6ea1395c86a130058102fa164c8cb0a

SHA256
b18f5f324b7b8af370156949098be6c48d20ab05475203ec84a980a058563d95

SHA512
9d22986ad1ce3e21696584fcdb4214db1e2811bee008fe8fa4b57ca2517604db35522266480e98705446e4aedbb72a95c89ae7046560ceed200893ec185957d3

Download Submit
/data/data/szb3e.atrr3.okzck/oat/x86_64/[email protected]

Filesize
353B

MD5
245b40d33cc303df93eef0a51df2b784

SHA1
8d759ec4dad6153ba5c98f87f57c529fda6438f5

SHA256
9a3c79df932d312ae9baf04115f425be4d3945416da373482c2b75b76b59ce92

SHA512
26c35dee6ab22766355d8eedad8e6c0dfe120746c1d52dc3e5ae9699599278529ad1654c73f36b0c3cf4210732297b7f59c2278bb9d7d16cfa1407e508a5ab3b

Download Submit
/data/user/0/szb3e.atrr3.okzck/[email protected]

Filesize
2.2MB

MD5
cd87705ec344ebb5466f829126b3470a

SHA1
d8bc251d746a506de6c29d32f8a369efb2325a99

SHA256
db880ab0874f8c7660857de66bcc114d3afaafbc3bfca429f0d5da3bfaf5c46c

SHA512
9f80d45acb1f221212306333a8b460508bd1659e6d84aaa23ea0f6f79799bec90fd87e7dc10d57dc7304bd2ab095a959b588cace1fe152757e19a9b813203cc3

Download Submit