Analysis

  • max time kernel
    3s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22-12-2024 22:06

General

  • Target

    b3316495c827454bfd84b00013a336f94a939ef4e0fa589e66e460130347f9aa.apk

  • Size

    2.5MB

  • MD5

    75adecc6370d5241370efe12797ff357

  • SHA1

    b4715b52fd2c9f56ddd1ebe4cb3103e22515ac53

  • SHA256

    b3316495c827454bfd84b00013a336f94a939ef4e0fa589e66e460130347f9aa

  • SHA512

    de6309e32771c45fd3da49656a5989374686610921b18197f317328cec3b32e2f40021321945db5e4785b0cdd5170b3c0023dcf186566080de83d171e135fff2

  • SSDEEP

    49152:w8opJAdTa27IDJIvQGr4Kd12Hd25zg7dyg2Amjrra:w83dG27SI94Kb297wjrra

Malware Config

Signatures

  • Android SoumniBot payload 1 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

  • Soumnibot family
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.yxhuiueaon.xnniiaauin
    1⤵
    • Loads dropped Dex/Jar
    PID:4262

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yxhuiueaon.xnniiaauin/.jiagu/libjiaguv1.so

    Filesize

    125KB

    MD5

    889b8fb63cef543863398ddc7ed1f62f

    SHA1

    bf1982faae81e36aa1e998ef9ec8ccfcc7b59b17

    SHA256

    a7cc5386e0cc7dc773aa2090f692b84aa758492b3006f806961ce0ba7a126c48

    SHA512

    e6c7b8207007e68aa625b1db04aed7c981ef67f6dbf9f8b38963638cb2230aef771adaf42bb1b56c3338e34fce5c4dd34e5e632209c970d28395a87e1928c628

  • Anonymous-DexFile@0xd2cae000-0xd2e7fab8

    Filesize

    1.8MB

    MD5

    e092e1ee3699367530854c86287464e2

    SHA1

    54dcaaa192c958da336b0979bcb0c7707fd420cc

    SHA256

    ba9c3afd70f7f4381991f3e889773bbfbbeb5bc0c287ac3bdac6a7b0e88b938e

    SHA512

    53909479e45d9f7e69888726d260add7452bf062124b03192a7bd381a9f2df88f8ae179784d863a5e221b3b6c776b9333a51ea6eccb4f7d81eb9fa47a3cd6afe