soumnibot | 597c031bc54a5c55255aaf5e5e019ad04c6f9b7e646065c459e14a7fcb1a6eaf

Analysis

max time kernel
2s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
26/01/2025, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

597c031bc54a5c55255aaf5e5e019ad04c6f9b7e646065c459e14a7fcb1a6eaf.apk
Size

2.1MB
MD5

8dcb2e54f809a9d7c2de84748e753aca
SHA1

5abb8f81adc76a0f3de13106750f14f89b22743f
SHA256

597c031bc54a5c55255aaf5e5e019ad04c6f9b7e646065c459e14a7fcb1a6eaf
SHA512

dd48a2861ccdd4b1215bd86b474e60f96aee8c8101d69d185ef3466abe2d478b732ae565429f49094c8c08f96c12497c9c031e86b62040066430710a07549912
SSDEEP

49152:iPzRqcFnNmgvyTG1jXKagvHvAJWu0nyw6JOgSOqY:iP9BFno6xufvAcnyPJXz

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4785-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/x_4yn.qjhj5.ewmug/[email protected]	4785	x_4yn.qjhj5.ewmug
/data/user/0/x_4yn.qjhj5.ewmug/[email protected]	4785	x_4yn.qjhj5.ewmug

x_4yn.qjhj5.ewmug
1⤵
- Loads dropped Dex/Jar
PID:4785

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/x_4yn.qjhj5.ewmug/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
b5e4db1480e0f410948f58ae6fdf6cb2

SHA1
d091ac93bc04ffced53b57e63fc59650df5552d1

SHA256
ebca3164fdf6f601c7a8300816441b64f02fe5c1a864ad4948f9e959d84c3a04

SHA512
ff22483830f0f7cfe882c950c6db6caffe4fd64bca36568499d8bfe357c0fa47ed7a5fffb3f4cd1242b319509006799d40eabe646cd0cbcdf205c79f4b189fcc

Download Submit
/data/data/x_4yn.qjhj5.ewmug/oat/x86_64/[email protected]

Filesize
5KB

MD5
0be496c68e0e76f600fb04212be3fea3

SHA1
ba860a7e4bb3354eeb49ef44408fd534939e2254

SHA256
d3345c7deb43160c2ea5b2399bfe3c4c53a9ddb62d60c991ddd6e9471b7ed4aa

SHA512
460ae892a802f5aba2ba11c960b123645019a6882012a92b41308f20eb55bbf355054761defbd68f4c41d2d48c3df3d18bdcc7a3c3232450eecf7725c0a13c65

Download Submit
/data/user/0/x_4yn.qjhj5.ewmug/[email protected]

Filesize
2.2MB

MD5
e0d71e100c203e09e2d29585ce7d3598

SHA1
bce1685a7c0902bde21f7cc1429ec1ccc7ffe68d

SHA256
fca57f569658ab1222d8a1d5e5932615d28c490dff6f3255c4de695308b8a25e

SHA512
0fb1dec7afcd57ca76d93e86e58cb2dd2858d3249cd179ec85cd581d01499de10e7ad20a61db0815199003129af3ca00654382080a63a6ae5f5f347133b87d01

Download Submit