soumnibot | 1d80994c6ebbd1123b2be69b616d01ce61a5f589894a17d58935ed307d21fba8

Analysis

max time kernel
5s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
10/12/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d80994c6ebbd1123b2be69b616d01ce61a5f589894a17d58935ed307d21fba8.apk
Size

2.1MB
MD5

7b6fb7ef8dc7d8389a5e6b0a92c100ba
SHA1

a823f5744b1c6d7df53a8ad25a85281d659453e1
SHA256

1d80994c6ebbd1123b2be69b616d01ce61a5f589894a17d58935ed307d21fba8
SHA512

db7f579d2184d41f78e004092864e81e6b4eb3a2f4210b381f0aca0fa0c3393af451e2c24dc3e9ca4b55d82f6fa8732753b093f2ed085a82ffe18d2b3e0961bd
SSDEEP

24576:ygSNt2c6yP1+LvMteNipub50fuBf/iMUPt0ujOoXn6Qia4QIFe5meGzPhreUE55C:ygSbt6ydIgciEbXi7piaDIFoglYK9

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4316-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/yo2gx.ss4vf.zhf4b/[email protected]	4316	yo2gx.ss4vf.zhf4b
/data/user/0/yo2gx.ss4vf.zhf4b/[email protected]	4316	yo2gx.ss4vf.zhf4b

yo2gx.ss4vf.zhf4b
1⤵
- Loads dropped Dex/Jar
PID:4316

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/yo2gx.ss4vf.zhf4b/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
671367d578c37daca6d5faf0a91dadde

SHA1
5d8c4cb90d2fcd91e5d7e5c30825eb21b9f9fd82

SHA256
a9a13d276654b09286a9cc0902eef6b3bacbdbc8c3eab7bc542c47de39213ecf

SHA512
77d95518cb1abbb6c78907177885e015f1c70c8ec23561b20a7511b4132febc8bd3734cc6ba0f0583adf22c9250e90a14b12e5ab216ef47812107880e515cd3b

Download Submit
/data/data/yo2gx.ss4vf.zhf4b/oat/x86_64/[email protected]

Filesize
61KB

MD5
0d4310d218478d227df2227683fea957

SHA1
df1547a6a1ced4fb0decc2eb0e6edb3ef6baaec6

SHA256
ae4b4297b9f26a3e758ad3d83c9d79a66ad150f3f87dd2204bccc5b8904bd81e

SHA512
a2a5c55162c8456cbe99fc8822a2c79af46b910cfe19f170914daf0727d34867fba2e555a7cb942786a812b983c8680bda81edfa236760f92a6c663dee621b6b

Download Submit
/data/user/0/yo2gx.ss4vf.zhf4b/[email protected]

Filesize
2.2MB

MD5
f4778260015f5e2fd12e70cb2357370e

SHA1
8c6648b72cd0e8b75dfab55c3f848f4561571acf

SHA256
897849f9635798e38d26d39261f422eb3110f0926fff5d1ef720433fab6f415d

SHA512
fc514b85b7c73d9d5c0a9f22cfb4ee3cd6f9476152a2c27d1588dfada82bff0f1a1ee3e7f56aaff7ef3365f3af4edc52b5b29e8178e425597c50e2292aba53a9

Download Submit