soumnibot | f697cd567febfe4a7620b9f906d744950e6738424fd5c120dbff9f154999a010

Analysis

max time kernel
1s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
16-12-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f697cd567febfe4a7620b9f906d744950e6738424fd5c120dbff9f154999a010.apk
Size

2.1MB
MD5

61e865527d5555824428a6b7f3f253b2
SHA1

fcd14231ef35d8c805e3460321fe252fda8c5e6b
SHA256

f697cd567febfe4a7620b9f906d744950e6738424fd5c120dbff9f154999a010
SHA512

0ff423e35327569d34d63c6d10fdd10c88a4c143bc6c96162e1fabddcf067cc4932338c9ce96e025f6bb171826cc91c69e8502146228a2c5f662b2860e55b523
SSDEEP

49152:pG/tLrqG1XhEKnXdRIX3kvQVXoSjgciEbr2gSXbvqsd:p8t3qG1RrnXYnJRPjFikrybvqe

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4519-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/aj054.y1fe_.x5s9h/[email protected]	4519	aj054.y1fe_.x5s9h
/data/user/0/aj054.y1fe_.x5s9h/[email protected]	4519	aj054.y1fe_.x5s9h

aj054.y1fe_.x5s9h
1⤵
- Loads dropped Dex/Jar
PID:4519

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/aj054.y1fe_.x5s9h/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
671367d578c37daca6d5faf0a91dadde

SHA1
5d8c4cb90d2fcd91e5d7e5c30825eb21b9f9fd82

SHA256
a9a13d276654b09286a9cc0902eef6b3bacbdbc8c3eab7bc542c47de39213ecf

SHA512
77d95518cb1abbb6c78907177885e015f1c70c8ec23561b20a7511b4132febc8bd3734cc6ba0f0583adf22c9250e90a14b12e5ab216ef47812107880e515cd3b

Download Submit
/data/data/aj054.y1fe_.x5s9h/oat/x86_64/[email protected]

Filesize
61KB

MD5
a4763823fafc46d86529f18ca1b92cf9

SHA1
54950cb653dc672a90eb88de40b88921deca0de5

SHA256
9c0b08bcaef388d4e80265fc03c2c51203ec5ff47220fbc6558686e9ace93cb2

SHA512
922233d5458a30aa3464435d050dd296e3a5e478deedb45327bfe7939ae706ab7fd1b915fed0f6b9db51f20643de432433c05e6b5a6e3a8c79fba5aae6d5daaa

Download Submit
/data/user/0/aj054.y1fe_.x5s9h/[email protected]

Filesize
2.2MB

MD5
1a47e912be5d2ad6f2ff839d45858bbf

SHA1
bd36c02772c02c0e7c0ad6af33c383fd9c03cb24

SHA256
5aac819161b52163490011aab3220ce440af1eccd5749a2d1c1e4b8be8429c5d

SHA512
28f7b48ea72a4ced84fcdc7661f9542bbe4829d11e7adeda96a5cccc59f159cf9cdfd1aba9e1238409b1fd16c1cb5f3d7b19a84f9c99c0db71551118d65916b2

Download Submit