Overview

overview

10

Static

static

6

b82631ef99...cN.apk

android-9-x86

10

Analysis

  • max time kernel
    119s
  • max time network
    82s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04-01-2025 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b82631ef994561ec601a28d4caf2da14ed6d39d96b5ddd3fe98418971ba1206cN.apk

  • Size

    3.7MB

  • MD5

    54fcd493cc7f0aebb4bdc06e02d0e520

  • SHA1

    35eb554ef89db898666e7028df1b313ce9823ca1

  • SHA256

    b82631ef994561ec601a28d4caf2da14ed6d39d96b5ddd3fe98418971ba1206c

  • SHA512

    65057b3be1745f9369ae632c96b9f1da458b86211ec79c0388c0b957d02375a555234ad01b4f48b888db6ae2dbbd8b196b71ddafb188ed15b87b0fe11007be89

  • SSDEEP

    98304:obXP1b29WtW4vehyNY5k2uXxn+Gxu9nwsl2mh:orGWbve8NWZuXxnw9nwsbh

Score
10/10
soumnibotbankerdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Android SoumniBot payload 2 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Soumnibot family
    soumnibot
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • sdekfke.ewpfocoewsddfkide.lsdf
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4223
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/0.pobfs --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/oat/x86/0.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4283
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/1.pobfs --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4310

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/0.pobfs
    Filesize

    5.8MB

    MD5

    cbeaeae5b59d85ad5fbb420b5fb7970f

    SHA1

    ac276c8a08d99fe9404e5246bb82e0778e9630ae

    SHA256

    a1dc3ef6734874daef8fc3877d4a8d836179be88932b691a7ef55c9165abc621

    SHA512

    ba2035634d0ecd4b1d57aa2b9ecf0461eca1b79310ed9d3ca8ae4f8bdffc00460a2ab09ea446b3475804910833f72a4cf52a1863aaf869e4e4d85b332921e3aa

    Download Submit

  • /data/data/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/1.pobfs
    Filesize

    5KB

    MD5

    ea1e28d2c998e56f149fd4861d27cdf0

    SHA1

    cb642fa7e595a89f0ae862ac31e15a660159e558

    SHA256

    d960de45709cbf0c376694042f62896b01595728e6dd2d39915398088ff07c49

    SHA512

    50da12bb5f4d5eb7e13b7d424421eb9087e5dd8ee214aa9e9e2512318204e901ad3058752dea86d37cb342981001c32a25339332c9ccdb2c45f6c37925279b73

    Download Submit

  • /data/data/sdekfke.ewpfocoewsddfkide.lsdf/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/0.pobfs
    Filesize

    5.8MB

    MD5

    6c7192c6a66a87be32efbe5857c12faf

    SHA1

    e89ece48602ad32fc78d49e8b58b251044e8f43f

    SHA256

    eb3663e30d7427fceef9dd4c4e490b02b769309d30f5437c2a2b17ececb6dac2

    SHA512

    6ba0c6b2958abb8bd6e8b09b5b6b7ab70d76ae98b8ffe3c2a4471f50203eee4faecc53d5a1e4f3d4b36909df2b18d926b1a8ffc01884e905cd0f7ffe28d7f8c3

    Download Submit

  • /data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/1.pobfs
    Filesize

    5KB

    MD5

    2628ff594258a616cc771348b2fe35fb

    SHA1

    09d1f8f3c83c4c37b1eec02709e32dd52dc79af6

    SHA256

    f9f011e8a92e6fa54075174fe88b8a29a84b761b5eb24a3764fb864f376539de

    SHA512

    8ebfdacbedb9028c8216d1e0777ecd88045eb53981b1998aee485699371c4852745629f22a82c32f12b8ccf39f094cabcffc1720dc3bbfdeef239a04a464d123

    Download Submit