Malware Analysis Report

2025-01-19 07:46

Sample ID 241204-137dlazkhp
Target 111969cb0d27a1ea7e8b7c108e1c086a958d4eafbd6beb8879798c9dc780e67b.bin
SHA256 111969cb0d27a1ea7e8b7c108e1c086a958d4eafbd6beb8879798c9dc780e67b
Tags
soumnibot
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

111969cb0d27a1ea7e8b7c108e1c086a958d4eafbd6beb8879798c9dc780e67b

Threat Level: Known bad

The file 111969cb0d27a1ea7e8b7c108e1c086a958d4eafbd6beb8879798c9dc780e67b.bin was found to be: Known bad.

Malicious Activity Summary

soumnibot

Android SoumniBot payload

Soumnibot family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-12-04 22:11

Signatures

Android SoumniBot payload

Description Indicator Process Target
N/A N/A N/A N/A

Soumnibot family

soumnibot

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-04 22:11

Reported

2024-12-04 22:14

Platform

android-x64-arm64-20240624-en

Max time kernel

11s

Max time network

132s

Command Line

com.kero.slimming

Signatures

N/A

Processes

com.kero.slimming

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-journal

MD5 5a446e9881dfeed1adcce92df2beab1f
SHA1 ab2cac9287f5591fd56a5af4bb543361ae541971
SHA256 0effc02151f01dea0d4a0814bb2db4cd24654dabaf97b1610bc0a077872a4e86
SHA512 5d682695d18f87c0be387a88a736fe59568afa3f7f0c4f1b70d044daba65ae53d7accaf39fc5c1851f62f471b2790e06264649faa55e9bdb53f577436417e871

/data/data/com.kero.slimming/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-wal

MD5 f511e119365db3ba54ab6ab07605319f
SHA1 7e2683aa0d3c253f0ab79b90cd8127ed75c1d488
SHA256 cd57d5b7d8cedecd4152170eb5b43c3315fc448c4c03e43f52bcfdb5dedbeb65
SHA512 a16872ded1f34b3340c0a0e9f3d2cb87f3b087682e9077c7003089d0ad101ed67177fb400f055600cd5e8dd8e72520a2d3693287050f4aa8b5af4a63dc06cc01

/data/data/com.kero.slimming/no_backup/androidx.work.workdb-wal

MD5 48e6ebfbfd5d35fcc2a942d80778026e
SHA1 6e6b7a35a1dc76ee9afdf28453b9cfe1519e0fec
SHA256 d6911beb35e050ba6c83ecf54e7dbee5bf39036fcb77dc66fb5a19bb315105e4
SHA512 32c541337d5afbf869d05114df509359e47d14340dc4508ddc66933f004af2dd33b661a2457ef686ce309bc7c32bfb19857d387a9296b1264ddf8cd06af5dbd8