soumnibot | 5252bb4647e37b6414d63d7bc26106b703452bc9802582f87374015cfaf2a310

Analysis

max time kernel
4s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
11-12-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5252bb4647e37b6414d63d7bc26106b703452bc9802582f87374015cfaf2a310.apk
Size

2.4MB
MD5

f7b278910e1445a9e56124921806890a
SHA1

4e44661d5ab1d00b367a38d343663378e3b4fa9c
SHA256

5252bb4647e37b6414d63d7bc26106b703452bc9802582f87374015cfaf2a310
SHA512

d3a444588a53813b2f0ce8582fdfda954282ad7ff1bdb7d9bbb71812f1f71bce737818e9f1fe3913f2b41d9579bc1ef9b2aaefec56a80d4ba64d186bae620280
SSDEEP

49152:iR5waP26nYccaYAzrrLKqyhHw5m0gciEbcgSdGfCQevD:QaaP26TYAzr/KqyJwjFikWGfCd

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4327-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/c4twq.gq5r4.mms95/[email protected]	4327	c4twq.gq5r4.mms95
/data/user/0/c4twq.gq5r4.mms95/[email protected]	4327	c4twq.gq5r4.mms95

c4twq.gq5r4.mms95
1⤵
- Loads dropped Dex/Jar
PID:4327

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/c4twq.gq5r4.mms95/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
dbf6186a7e1151fb8287fd7e34e735c4

SHA1
70805ef97d21e8eb80965750f4679f4af212dd85

SHA256
35de124826257236a8788c1903459b04f698602a128530f6735d33836ac9cccf

SHA512
c30ffac26d9ae72619c88d0cb90212ceb3fe6884dc4013b391ae86c78257843c2229559c74e98bc664119731d2d0d41eb90170af52f65fcb154e6295e093e1c0

Download Submit
/data/data/c4twq.gq5r4.mms95/oat/x86_64/[email protected]

Filesize
44KB

MD5
aae59089414792a943447bf4f1d1a73d

SHA1
16e3552ce2aa553d54374d36ed620f1f260bc5ad

SHA256
eb799cf008833ff22ae30037b0b87244e83c8875fc9e42ae6fbd8a6538341f75

SHA512
0988a9671ff334f4962c5c592cd27571f6193956333ee9d33b334901efe63a36ff47f2d18b21e92cad3c059fcff75e6de8c521d7e1db2c5c574424a8d32a8507

Download Submit
/data/user/0/c4twq.gq5r4.mms95/[email protected]

Filesize
2.4MB

MD5
65a431f363b3a5b906920ea01710f3c7

SHA1
1bc70847242ee3294930312b12cd7d1c8e988554

SHA256
2b783d51a5a8f3ff22e3d6452446be34563ce7e8780dbfa08ad70d9261a41c8d

SHA512
99658b93f7f96b76c72c7dd205c9a5b8edacc632be7eddf3821a62c86180c61c5e69bb8f1e8d7e11ac21eb344062ea26fcaf65a13d1c4c0a95c7aae9c29a3e98

Download Submit