soumnibot | df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d | Triage

Sharing

General

Target

df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d.bin
Size

2.0MB
Sample

250127-11t1gsxphq
MD5

99541d889d9cc004b371fb8a439c202a
SHA1

304697ad11daf080a895688251b55041b5773c60
SHA256

df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d
SHA512

46c931a8b24c4a92658811888138248dd1b6f9fbeeb378c250b7ec53b54abce2cce0e86b7da9e8fbd9d76b94c673598c69df0d001f03d54868427889029b09c8
SSDEEP

24576:BZdaLQntXiFUEkJatcrbnkE4aLLP25FqitOEJQ0z4m51+WtE09eUtiiKNGMGogSH:hIESFR6cIHP25zMQMJWu09eYi9/gSqU

Score

10^/10

soumnibot android banker evasion infostealer trojan

Malware Config

Targets

- Target
  
  df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d.bin
- Size
  
  2.0MB
- MD5
  
  99541d889d9cc004b371fb8a439c202a
- SHA1
  
  304697ad11daf080a895688251b55041b5773c60
- SHA256
  
  df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d
- SHA512
  
  46c931a8b24c4a92658811888138248dd1b6f9fbeeb378c250b7ec53b54abce2cce0e86b7da9e8fbd9d76b94c673598c69df0d001f03d54868427889029b09c8
- SSDEEP
  
  24576:BZdaLQntXiFUEkJatcrbnkE4aLLP25FqitOEJQ0z4m51+WtE09eUtiiKNGMGogSH:hIESFR6cIHP25zMQMJWu09eYi9/gSqU
Score

10^/10

soumnibot banker evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerevasioninfostealertrojan