Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

b82631ef99...cN.apk

android-9-x86

10

Analysis

  • max time kernel
    119s
  • max time network
    82s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04/01/2025, 02:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b82631ef994561ec601a28d4caf2da14ed6d39d96b5ddd3fe98418971ba1206cN.apk

  • Size

    3.7MB

  • MD5

    54fcd493cc7f0aebb4bdc06e02d0e520

  • SHA1

    35eb554ef89db898666e7028df1b313ce9823ca1

  • SHA256

    b82631ef994561ec601a28d4caf2da14ed6d39d96b5ddd3fe98418971ba1206c

  • SHA512

    65057b3be1745f9369ae632c96b9f1da458b86211ec79c0388c0b957d02375a555234ad01b4f48b888db6ae2dbbd8b196b71ddafb188ed15b87b0fe11007be89

  • SSDEEP

    98304:obXP1b29WtW4vehyNY5k2uXxn+Gxu9nwsl2mh:orGWbve8NWZuXxnw9nwsbh

Score
10/10
soumnibotbankerdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Android SoumniBot payload 2 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Soumnibot family
    soumnibot
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • sdekfke.ewpfocoewsddfkide.lsdf
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4223
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/0.pobfs --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/oat/x86/0.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4283
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/1.pobfs --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4310

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.169.46
  • 142.250.187.202:443
    tls, https
    202 B
     40 B
     1
    1
  • 142.250.200.46:443
    tls, https
    858 B
     40 B
     1
    1
  • 172.217.169.46:443
    android.apis.google.com
    tls
    3.7kB
     7.7kB
     12
    17
  • 216.58.201.106:443
    semanticlocation-pa.googleapis.com
    tls, https
    1.2kB
     40 B
     1
    1
  • 224.0.0.251:5353
    3.3kB
     10
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     304 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.200.42
    172.217.169.10
    172.217.16.234
    216.58.213.10
    142.250.179.234
    142.250.200.10
    142.250.187.202
    216.58.204.74
    216.58.212.202
    216.58.201.106
    142.250.187.234
    142.250.180.10
    172.217.169.42
    142.250.178.10

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.169.46

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/0.pobfs
    Filesize

    5.8MB

    MD5

    cbeaeae5b59d85ad5fbb420b5fb7970f

    SHA1

    ac276c8a08d99fe9404e5246bb82e0778e9630ae

    SHA256

    a1dc3ef6734874daef8fc3877d4a8d836179be88932b691a7ef55c9165abc621

    SHA512

    ba2035634d0ecd4b1d57aa2b9ecf0461eca1b79310ed9d3ca8ae4f8bdffc00460a2ab09ea446b3475804910833f72a4cf52a1863aaf869e4e4d85b332921e3aa

    Download Submit

  • /data/data/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/1.pobfs
    Filesize

    5KB

    MD5

    ea1e28d2c998e56f149fd4861d27cdf0

    SHA1

    cb642fa7e595a89f0ae862ac31e15a660159e558

    SHA256

    d960de45709cbf0c376694042f62896b01595728e6dd2d39915398088ff07c49

    SHA512

    50da12bb5f4d5eb7e13b7d424421eb9087e5dd8ee214aa9e9e2512318204e901ad3058752dea86d37cb342981001c32a25339332c9ccdb2c45f6c37925279b73

    Download Submit

  • /data/data/sdekfke.ewpfocoewsddfkide.lsdf/files/mmkv/mmkv.default
    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

    Download Submit

  • /data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/0.pobfs
    Filesize

    5.8MB

    MD5

    6c7192c6a66a87be32efbe5857c12faf

    SHA1

    e89ece48602ad32fc78d49e8b58b251044e8f43f

    SHA256

    eb3663e30d7427fceef9dd4c4e490b02b769309d30f5437c2a2b17ececb6dac2

    SHA512

    6ba0c6b2958abb8bd6e8b09b5b6b7ab70d76ae98b8ffe3c2a4471f50203eee4faecc53d5a1e4f3d4b36909df2b18d926b1a8ffc01884e905cd0f7ffe28d7f8c3

    Download Submit

  • /data/user/0/sdekfke.ewpfocoewsddfkide.lsdf/app_sdekfke.ewpfocoewsddfkide.lsdf.base.BaseApplication/newobfs/1.pobfs
    Filesize

    5KB

    MD5

    2628ff594258a616cc771348b2fe35fb

    SHA1

    09d1f8f3c83c4c37b1eec02709e32dd52dc79af6

    SHA256

    f9f011e8a92e6fa54075174fe88b8a29a84b761b5eb24a3764fb864f376539de

    SHA512

    8ebfdacbedb9028c8216d1e0777ecd88045eb53981b1998aee485699371c4852745629f22a82c32f12b8ccf39f094cabcffc1720dc3bbfdeef239a04a464d123

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.