Malware Analysis Report

2025-01-19 07:46

Sample ID 241201-1w4zwstnay
Target df9375d15da3f8b10f2cd592131db4719f89f3791a83e81e8125511e795e0a57.bin
SHA256 df9375d15da3f8b10f2cd592131db4719f89f3791a83e81e8125511e795e0a57
Tags
soumnibot evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df9375d15da3f8b10f2cd592131db4719f89f3791a83e81e8125511e795e0a57

Threat Level: Known bad

The file df9375d15da3f8b10f2cd592131db4719f89f3791a83e81e8125511e795e0a57.bin was found to be: Known bad.

Malicious Activity Summary

soumnibot evasion

Android SoumniBot payload

Soumnibot family

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-01 22:00

Signatures

Android SoumniBot payload

Description Indicator Process Target
N/A N/A N/A N/A

Soumnibot family

soumnibot

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-01 22:00

Reported

2024-12-01 22:03

Platform

android-x64-arm64-20240910-en

Max time kernel

148s

Max time network

150s

Command Line

com.kero.slimming

Signatures

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

com.kero.slimming

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.78:443 android.apis.google.com tcp
GB 172.217.169.78:443 android.apis.google.com tcp
US 216.239.36.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 216.239.36.223:443 tcp
GB 142.250.187.225:443 tcp
US 216.239.36.223:443 tcp
GB 142.250.200.1:443 tcp

Files

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-journal

MD5 2f8147a9310850ecfd53329052f74cdd
SHA1 2eb47d3631c7f0b5fea7dcdd747fae2040c8ecd4
SHA256 b177a2752168b302219f07a900e8098b8f3161f7bfcc48ee9d07f3d43378471d
SHA512 d9704d913d374bed9b2b4f1a6dd24e40bc22ff55c59dd9543f3159a4947babcf60976cbebf7dd9563f901d58fd3ece5adb40b91d5ac4014a946fc67fd3d3ef64

/data/data/com.kero.slimming/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-wal

MD5 6b4f3ca5a7fd4d7996bae6522c479555
SHA1 54ec255e10fdadac429d89eab140d86aed8fa245
SHA256 66b67f8b6c749ada41d4398aa76d8f50f1d99569c9fdfeda38b154325ecba293
SHA512 be83ba6fcfa15305cd4c4da4a54432b11c98892d4b4ed6a2f1f694a8c3618425d4c12a225bb2846fdf1781459d784aba2b4dc0dbee200ae09f7ab3a12c28b6c3

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-wal

MD5 1b0bbdb1821963be6a001d5a0909246d
SHA1 79867af8c553eba6c9c897147a74e27a49c802a5
SHA256 a921bd9bc52d1306694b62c5b45db4b92f8bf627643483977f03d6331496fa1d
SHA512 02ae8b756bf8b427bccee636cf0853037c646b27dd5e7a58b312c03857705043c45f9bca742980429313855b2c0712eb299242efa3d7f0fb1cc12e885f30e7da