soumnibot | 13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c

Analysis

max time kernel
2s
max time network
153s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
14-11-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c.apk
Size

2.1MB
MD5

e0c9c8de8050934d2a028ef12a72224d
SHA1

75c0f4e038960b1896e9bbf9db5541d697792234
SHA256

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c
SHA512

04b5f5136207794cf973514103fba6c76b6f168496ad6a2a7d0415c354227dbe6de61dfc4486ea183e5e272bda859d0e506252d61152ef4eda3a6d9ba3d48716
SSDEEP

49152:T7hp39jp11W45k3f+ruo5EngZJWu0LH3ggSYVB0l:T7hp3/18YkPQeGcLH5VB0l

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4522-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/o3lb_.zwo01.ao3d2/[email protected]	4522	o3lb_.zwo01.ao3d2
/data/user/0/o3lb_.zwo01.ao3d2/[email protected]	4522	o3lb_.zwo01.ao3d2

o3lb_.zwo01.ao3d2
1⤵
- Loads dropped Dex/Jar
PID:4522

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/o3lb_.zwo01.ao3d2/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
5107dfedd09395af41fb9eed0a945fa0

SHA1
cd00d76fb6ea1395c86a130058102fa164c8cb0a

SHA256
b18f5f324b7b8af370156949098be6c48d20ab05475203ec84a980a058563d95

SHA512
9d22986ad1ce3e21696584fcdb4214db1e2811bee008fe8fa4b57ca2517604db35522266480e98705446e4aedbb72a95c89ae7046560ceed200893ec185957d3

Download Submit
/data/data/o3lb_.zwo01.ao3d2/oat/x86_64/[email protected]

Filesize
61KB

MD5
c7c222c5d8a947a6bc68faaddce32ab7

SHA1
9838658ee650dff647fd6f3ebe7a4aba0cd01ddc

SHA256
1c60e86a72cd29effb793625f4695f3e895fa6418c9c56411cee73d195a6ce19

SHA512
be4f73dd0bc8f5e16d2533d72449dcb899fca9ecde3b94ab9c15382497f6d241ac96db0a3f1113463a09dc0ac3d1c2315a9091d8d432663e3d973930581ad768

Download Submit
/data/user/0/o3lb_.zwo01.ao3d2/[email protected]

Filesize
2.2MB

MD5
525be83221a674e1c95e74418ef7e14d

SHA1
2c980c28eacdced7a1f20e58755f2a41768b51d7

SHA256
ad849d0a24d14d574912190aff8ac7cae78b1e1a1da93effebf769b0c10c8ab9

SHA512
e7323ffd468f2a111cc1cc72e7152fd86906be49a85264f36c0ecd02290038f5d0c4c7597306a543b7903ab1abe51da557eb35b9f23b372cee1cd132f9bc5b50

Download Submit