soumnibot | 6e7dc5acbcf5601862c3dbd218beee92cb5cd17de962d0e9a8c477dc95a825f7

Analysis

max time kernel
2s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
15/01/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e7dc5acbcf5601862c3dbd218beee92cb5cd17de962d0e9a8c477dc95a825f7.apk
Size

2.0MB
MD5

2cd3490bbaffe06194a5d41fea9de5e1
SHA1

95f6f04f057515b7f7800c515bfe0d7967e2067f
SHA256

6e7dc5acbcf5601862c3dbd218beee92cb5cd17de962d0e9a8c477dc95a825f7
SHA512

b7becbd7cf844f643adf725d40792a255592a1fcbe9e67ceb2074ccc97f99bd59b8a51974b55af2a8f163d5661f44f0640ca30dd7059d7ed1fd586f2999d99a1
SSDEEP

49152:hFgyFkxVhi5Y0GMMueQtzJWu0fGoOS3gSXL:UyF+KgMMuNxcfGPSrL

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4744-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/g4_bn.knana.kot8u/[email protected]	4744	g4_bn.knana.kot8u
/data/user/0/g4_bn.knana.kot8u/[email protected]	4744	g4_bn.knana.kot8u

g4_bn.knana.kot8u
1⤵
- Loads dropped Dex/Jar
PID:4744

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/g4_bn.knana.kot8u/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
0bc47b51dd0c56b44c2bf4e3dc2ff3ee

SHA1
d7d481adbb157375abc58d8e35b6d040da3250f0

SHA256
ecff39f469ad88cd04319ad3127a1865cbbcc4f1dac1eba1c31d61ccb3fb6b55

SHA512
476091c5fdcd5457bf408081726308ad67fa2730a6ede6d634d9ef1cbd9878f0b95fd9d71c4f025f22bf1f08952d36ccf2052aae05df7032131293dce5e1c051

Download Submit
/data/data/g4_bn.knana.kot8u/oat/x86_64/[email protected]

Filesize
353B

MD5
308a2e3aac9ecffd837053b7d14e2cfb

SHA1
3ad2ec1a84e99858bbeac69498f5708771e84137

SHA256
960e2f9a26850fe46e946bb07b9d6631e409122c7a0f3e9c29d095353a83a299

SHA512
48ca8a35dc769f7057f384431fad602e6c1e994fb6c53e8f1db9f8e03ed0fbf4f9eee6b1e119d9afa6451c59e01d55f51e0d2ce74788f5e94419fe1aae3a0e9e

Download Submit
/data/user/0/g4_bn.knana.kot8u/[email protected]

Filesize
2.2MB

MD5
b66dfc5560dddd8b2ff2d5e9ac1254ec

SHA1
1f3a7e1890585d7b5f17248be0a46d6f3698cbec

SHA256
e21728909d7787d75f9d9045766bacc085e0c5191d9b5a82aa4247d6a52dcbe0

SHA512
82c936b809512b61f8da72043fafc6291e0c7c9259268fe9c86734c839eee9409cd597c8d5a33c929bb03757558d66897718fd1d685b8cef630d4a696124d496

Download Submit