soumnibot | 13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c[.]bin

General

Target

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c.bin
Size

2.1MB
MD5

e0c9c8de8050934d2a028ef12a72224d
SHA1

75c0f4e038960b1896e9bbf9db5541d697792234
SHA256

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c
SHA512

04b5f5136207794cf973514103fba6c76b6f168496ad6a2a7d0415c354227dbe6de61dfc4486ea183e5e272bda859d0e506252d61152ef4eda3a6d9ba3d48716
SSDEEP

49152:T7hp39jp11W45k3f+ruo5EngZJWu0LH3ggSYVB0l:T7hp3/18YkPQeGcLH5VB0l

Score

10^/10

soumnibot

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
sample	family_soumnibot

Soumnibot family
soumnibot

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS

Files

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c.bin
.apk android arch:arm64

o3lb_.zwo01.ao3d2

o3lb_.zwo01.ao3d2.wefreg.erwgler.ssfskdekvgrfd

Activities

o3lb_.zwo01.ao3d2.wefreg.erwgler.ssfskdekvgrfd

android.intent.action.MAIN
android.intent.action.VIEW

Permissions

android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.GET_ACCOUNTS_PRIVILEGED
android.permission.MANAGE_ACCOUNTS
android.permission.ACCESS_NETWORK_STATE
android.permission.CALL_PHONE
android.permission.READ_PROFILE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_PROFILE
android.permission.INTERNET
android.permission.SYSTEM_ALERT_WINDOW
android.permission.NFC
android.permission.READ_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.WRITE_SETTINGS
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.USE_CREDENTIALS
android.permission.VIBRATE
android.permission.READ_SYNC_SETTINGS
android.permission.READ_EXTERNAL_STORAGE
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.READ_CALL_LOG
android.permission.READ_CALENDAR
android.permission.SEND_SMS
com.android.voicemail.permission.READ_VOICEMAIL
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.READ_SMS
android.permission.MANAGE_ALL_FILES_ACCESS_PERMISSION
android.permission.FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE_DATA_SYNC
android.permission.READ_CONTACTS
o3lb_.zwo01.ao3d2.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

o3lb_.zwo01.ao3d2.AAkeepaliveZZ.receiver.AAbfsghsfghsfhZZ

android.intent.action.PHONE_STATE
android.intent.action.BOOT_COMPLETED

Services

Android Permissions

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c.bin

Permissions

android.permission.ACCESS_WIFI_STATE

android.permission.WRITE_CONTACTS

android.permission.GET_ACCOUNTS

android.permission.GET_ACCOUNTS_PRIVILEGED

android.permission.MANAGE_ACCOUNTS

android.permission.ACCESS_NETWORK_STATE

android.permission.CALL_PHONE

android.permission.READ_PROFILE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.WRITE_PROFILE

android.permission.INTERNET

android.permission.SYSTEM_ALERT_WINDOW

android.permission.NFC

android.permission.READ_PHONE_STATE

android.permission.WAKE_LOCK

android.permission.WRITE_SETTINGS

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.USE_CREDENTIALS

android.permission.VIBRATE

android.permission.READ_SYNC_SETTINGS

android.permission.READ_EXTERNAL_STORAGE

com.android.launcher.permission.INSTALL_SHORTCUT

android.permission.READ_CALL_LOG

android.permission.READ_CALENDAR

android.permission.SEND_SMS

com.android.voicemail.permission.READ_VOICEMAIL

android.permission.WRITE_SYNC_SETTINGS

android.permission.READ_SYNC_STATS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.READ_SMS

android.permission.MANAGE_ALL_FILES_ACCESS_PERMISSION

android.permission.FOREGROUND_SERVICE

android.permission.FOREGROUND_SERVICE_DATA_SYNC

android.permission.READ_CONTACTS

o3lb_.zwo01.ao3d2.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Sharing

General

Malware Config

Signatures

Files

o3lb_.zwo01.ao3d2

o3lb_.zwo01.ao3d2.wefreg.erwgler.ssfskdekvgrfd

Activities

o3lb_.zwo01.ao3d2.wefreg.erwgler.ssfskdekvgrfd

Permissions

Receivers

o3lb_.zwo01.ao3d2.AAkeepaliveZZ.receiver.AAbfsghsfghsfhZZ

Services

Android Permissions

13ba519f4882b55c6445bb2ee3b8d08e6c397bea378905d572b6414302469c3c.bin