soumnibot | 08ac515c9fae341a27a5917a1b7af814675de19d27d11b94c0c4ed4943cd848d

Analysis

max time kernel
149s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
26/12/2024, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08ac515c9fae341a27a5917a1b7af814675de19d27d11b94c0c4ed4943cd848d.apk
Size

2.6MB
MD5

7e2df48e45f767477d52d915d7e56272
SHA1

ebe0ec29e5605fb1b781ade5c2cf1c3b8d4d7751
SHA256

08ac515c9fae341a27a5917a1b7af814675de19d27d11b94c0c4ed4943cd848d
SHA512

9622940121a29c8c2f1c71106a29e0f353bc8ae436562b5e1c249d8b46a8a95a20a38796425b64eb4bd678eb088ed778abc3f09f2a4c08a2d5f50d750ac23623
SSDEEP

24576:v18V4m51+WtE0fC+ynIQ0bA9PLo65gOeJyhCt7HPgcBd8SmLK4+T0Xm:v18mJWu0fC3a0KQM/Bd8SQW

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/rjg.espwfdvowe.vkswd/app_rjg.espwfdvowe.vkswd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4493	rjg.espwfdvowe.vkswd

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	rjg.espwfdvowe.vkswd

rjg.espwfdvowe.vkswd
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4493

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rjg.espwfdvowe.vkswd/app_rjg.espwfdvowe.vkswd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
49ceebd22c53a13bcebf1d0b6cc8a312

SHA1
a1fa600831c7a3e7a6e826c388a4c043a413bb3b

SHA256
3db5bbd6529cda0e747764d9f42ba21dc41f2e9940d7401ef76d9e9f87e6655a

SHA512
d9fb5f080ddaf378977b7dca1a8f3d8663508637e9e29ae5a35ecfb5121c660f586829a0cf44065f8207ba2bc9d9aed9d5290016b5edb3dbba703f505651e46a

Download Submit