soumnibot | e5a2698e3eb886b22a344124572c28cb6655a42028e5c87578062915a31e62bf

Analysis

max time kernel
2s
max time network
168s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
11/01/2025, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5a2698e3eb886b22a344124572c28cb6655a42028e5c87578062915a31e62bf.apk
Size

2.0MB
MD5

2fb9ce003beef7154da01e53331b36eb
SHA1

606551a89221394f6743c98215dbf6f40665ed98
SHA256

e5a2698e3eb886b22a344124572c28cb6655a42028e5c87578062915a31e62bf
SHA512

0c5179b344d16bc7eb83f2da5f91bdbd0e7c986f8c6e2b8b72b020847b4919378c35d6103d0d0e4b453e99f1c3546bf6fefeba9d26d59c4ffb6b077024993067
SSDEEP

49152:ePzRqcLuudtUp0kjRlZ8YUYJWu0BYJ3DNMJXgSmmu:eP9BLuudtUpPVlcYcBYd5MJCmu

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4514-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/znkng.yytyx.ea727/[email protected]	4514	znkng.yytyx.ea727
/data/user/0/znkng.yytyx.ea727/[email protected]	4514	znkng.yytyx.ea727

znkng.yytyx.ea727
1⤵
- Loads dropped Dex/Jar
PID:4514

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/znkng.yytyx.ea727/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
b5e4db1480e0f410948f58ae6fdf6cb2

SHA1
d091ac93bc04ffced53b57e63fc59650df5552d1

SHA256
ebca3164fdf6f601c7a8300816441b64f02fe5c1a864ad4948f9e959d84c3a04

SHA512
ff22483830f0f7cfe882c950c6db6caffe4fd64bca36568499d8bfe357c0fa47ed7a5fffb3f4cd1242b319509006799d40eabe646cd0cbcdf205c79f4b189fcc

Download Submit
/data/data/znkng.yytyx.ea727/oat/x86_64/[email protected]

Filesize
61KB

MD5
74186dbc5524c20c3b7660d0b2f305e0

SHA1
62f0087a88b7d618af293cb0b4696a37d8a9866d

SHA256
3d9a32cf6fea6fe4a9f982738214336ac3d7bacc7ecc7b566964242ae9b35c3a

SHA512
3489261744bada4af6a0b82b3c107270fca17fa0394bd5554db88fee7ea3213b4df0dcd1ec68bd3e7b3d555cf8b62a1f2e338fd82c21a03745fb56c721ec9030

Download Submit
/data/user/0/znkng.yytyx.ea727/[email protected]

Filesize
2.2MB

MD5
1e860f6c4794dc158d2f8892cbbc0b88

SHA1
e035ab925e02b58eebd00a082b69b6e821ce4c3a

SHA256
e2e9111ed894a5f0f8f604c616ebd244bf802ea141be148a0c321172a203700a

SHA512
e5e3df9db81d8cf4a3cca8e4c963d531510bdecda23f8ae8c33031b63ccc6d0f89d01c15ed36b3d58856eedc0638a436430f998324e156a3c898af6b1106447d

Download Submit