soumnibot | 2be52ceb5cd51bb7041d131a15c2aeb899cd4b0e7f0835393c4381b8611e0840

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
15-01-2025 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2be52ceb5cd51bb7041d131a15c2aeb899cd4b0e7f0835393c4381b8611e0840.apk
Size

3.4MB
MD5

b2816f155b2f3be229e1296be0a372f3
SHA1

e1b981e6b71fa17ca632feb6b4b43483c5e96bea
SHA256

2be52ceb5cd51bb7041d131a15c2aeb899cd4b0e7f0835393c4381b8611e0840
SHA512

81c3a19f1383ef44e6711ed6f67e50332a0a8bc37352e1a5ba4d38a5eaf9684a6f1a21bf47dae81397b2fb88468be6d55e60c1f83eea5d65fcb68102ac30e7b0
SSDEEP

98304:oxfFFzxa+JUxO09bWjneBtQEWNP87hTvDT92AdGc9txoA:yFFz0+JUg0dvcP87R9nGzA

Score

10^/10

soumnibot banker discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/int.state.filter/app_dex/classes.dex	4802	int.state.filter
/data/user/0/int.state.filter/app_dex/classes.dex	4802	int.state.filter

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	int.state.filter

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	int.state.filter

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	int.state.filter

int.state.filter
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4802

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/int.state.filter/app_dex/classes.dex

Filesize
5.1MB

MD5
cea64fdf70dbf6da813604071f1d0037

SHA1
744b44eea18d6eaa1830a1709eded76b1aca8ac0

SHA256
83edb0d8c787e824b2385fe6a3ebec37d2f36f2083f621f73207001f8243e112

SHA512
17808f295e4d5a864e40ee6199558f3d732bf54205bbeae38fc10f5f32ff000d54ae1c9e549b3cd7f7c6ae3cde3bdd1159ecd78f9cbe81804cc4b5a18e333472

Download Submit
/data/data/int.state.filter/cache/image_manager_disk_cache/56420aaa66db46851d831354f7758e84e216f278f7db3433e8922de2e30ac680.0.tmp

Filesize
166KB

MD5
f75aaa920b08fa0e17bc524bcddc3747

SHA1
08b960b03fc9c3373940da5ed8ba8955f367c8de

SHA256
00af88628626e15db3ddf56bfba14e390b40b299d714998594d26e0714fef657

SHA512
c1811b5eaddd24f114b9b37644006f4751adcfa7b859912fb013fdf44d4866f726d3375fd931781b5070bfb3d92c3dcb053f43b6216648dcfaa71592f273a371

Download Submit
/data/data/int.state.filter/cache/image_manager_disk_cache/journal

Filesize
180B

MD5
3c89d4533b7c855183bf792aa92b2c29

SHA1
0697fad8a47e08a40f45c8a6b785528d6560312c

SHA256
0e916894b73b7a10bb6e04ee251ac5e39205ed5e69aa72ff30d7f4f75d835f5a

SHA512
b62983ec11f47144b0817f3dfa669de6e916f37c1eb511b6016072aa9e80fa2e19cff939136cc4fbb7cc5642e910de71f17a3d9db1e5c0d7aec5ca890bb71a55

Download Submit
/data/data/int.state.filter/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/int.state.filter/files/PersistedInstallation2706957254808067660tmp

Filesize
90B

MD5
925bdbe25e7c86cb34219226a74fe1da

SHA1
0adfc1c0d4cf913c480bade066282ceb176aea69

SHA256
f945c2334a5a236f16d724516de97fd7319373c47ed58501478fc2b0ddae4750

SHA512
b6194154fa182508be17adb324e841f3f1941db9a377c6f65db6103d9dd097819d89eece445ecfddf8bbb831ac9b382ebcc2e6ffb5e909ce048a486ac85f443d

Download Submit
/data/data/int.state.filter/files/PersistedInstallation8298501131910595009tmp

Filesize
566B

MD5
ffda8e0f7d1da5c3e7cf2f547a3d7afa

SHA1
a97b5ca57ec09731aa7cd56d4ac220ac8ffad3c6

SHA256
2598420cdca55a4f0975b509a06ac89b18a29ee9be48ee2b896e57a470246d6f

SHA512
de238637e9019284cb22e66c4e9388ff682156789349d82655c52ca23108002a98a40ddf7fc69860862fffebd04eb03fcbf1398412812a5854212bd34c7465fa

Download Submit
/data/data/int.state.filter/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/int.state.filter/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7ed64d3aecbbc1a5a1d758873dadf63b

SHA1
5b80239fc2edbbff7c4d0041b7386226891cf053

SHA256
c23cd6377faea61608f823d2bff1dba120905d12f5233b4e8a39d0dbdbe1a4c0

SHA512
88296b7c1805fd1feb3a9c038565f2215141a03bccf9f6177115d939fc768e299abf59a2cbff9fccfad977aa0e4356152e531b9af9ed5757285baf0f0e70042a

Download Submit
/data/data/int.state.filter/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/int.state.filter/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
c88bc3f98a50e11f59d0984560421100

SHA1
7c78d0e8b3cd5170cd0378d26897b72aff7cc8fd

SHA256
5414d214329070b1f9cbd58650e4485027d7efad5bb93c985d8a95a57ec1f338

SHA512
789677dde608e925cb8ce8cdc2cb4c157f8e6f8e0f8bf4d16415d8ce0d5897bfdfd49c19e6b772ab18495bf4892a63ff392f17b390db9d12498ea13b498efe36

Download Submit
/data/data/int.state.filter/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
cd8f333ed958af14a2bd556a8f42cbfc

SHA1
678bf4898cc348c752c50a24ef2799cbc6539fd5

SHA256
0931bb783cf5fe996be3346860e7d7d31d7219888f30916aca8fc7c06cf165a0

SHA512
cde8425282e1654ba49daae4fe7f1dbc2e2e5760d63254e0b429fc6a0addd9a3a6cbf7095b8446e32361220b4bd408646a3492b752ae5458c6012bb6f735dd00

Download Submit