Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

df80a998f1...0d.apk

android-13-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    27/01/2025, 22:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d.apk

  • Size

    2.0MB

  • MD5

    99541d889d9cc004b371fb8a439c202a

  • SHA1

    304697ad11daf080a895688251b55041b5773c60

  • SHA256

    df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d

  • SHA512

    46c931a8b24c4a92658811888138248dd1b6f9fbeeb378c250b7ec53b54abce2cce0e86b7da9e8fbd9d76b94c673598c69df0d001f03d54868427889029b09c8

  • SSDEEP

    24576:BZdaLQntXiFUEkJatcrbnkE4aLLP25FqitOEJQ0z4m51+WtE09eUtiiKNGMGogSH:hIESFR6cIHP25zMQMJWu09eYi9/gSqU

Score
10/10
soumnibotbankerevasioninfostealertrojan

Malware Config

Signatures

  • Android SoumniBot payload 1 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

    trojaninfostealerbankersoumnibot
  • Soumnibot family
    soumnibot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • t2wvu.c47w3.dsuxe
    1⤵
    • Loads dropped Dex/Jar
    PID:4303

Network

  • flag-au
    DNS
    rcs-acs-tmo-us.jibe.google.com
    Remote address:
    1.1.1.1:53
    Request
    rcs-acs-tmo-us.jibe.google.com
    IN A
    Response
    rcs-acs-tmo-us.jibe.google.com
    IN A
    216.239.36.155
  • flag-au
    DNS
    remoteprovisioning.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    remoteprovisioning.googleapis.com
    IN A
    Response
    remoteprovisioning.googleapis.com
    IN A
    142.250.178.10
    remoteprovisioning.googleapis.com
    IN A
    216.58.201.106
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.10
    remoteprovisioning.googleapis.com
    IN A
    216.58.212.202
    remoteprovisioning.googleapis.com
    IN A
    216.58.212.234
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.202
    remoteprovisioning.googleapis.com
    IN A
    172.217.16.234
    remoteprovisioning.googleapis.com
    IN A
    172.217.169.74
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.42
    remoteprovisioning.googleapis.com
    IN A
    142.250.179.234
    remoteprovisioning.googleapis.com
    IN A
    216.58.213.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.180.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.200.10
    remoteprovisioning.googleapis.com
    IN A
    142.250.187.234
    remoteprovisioning.googleapis.com
    IN A
    216.58.204.74
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    content-length: 55974
    x-request-id: 433e3ed3-5c75-408f-a3e4-24dc104fb4b2
    date: Mon, 27 Jan 2025 14:46:48 GMT
    age: 26485
    last-modified: Thu, 23 Jan 2025 16:52:25 GMT
    etag: "3cdbd4f"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-length: 979968
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: 647c6fad-2895-44fd-bb43-bc087501c8c5
    date: Mon, 27 Jan 2025 09:23:36 GMT
    age: 45877
    last-modified: Thu, 16 Jan 2025 21:01:38 GMT
    etag: "3c709cd"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-length: 5921
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: 178aa8e7-bd0f-497e-a518-ce20371ab6dd
    date: Mon, 27 Jan 2025 15:46:08 GMT
    age: 22927
    last-modified: Wed, 02 Oct 2024 21:19:33 GMT
    etag: "33656f1"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    content-length: 24625
    x-request-id: ef95dd9a-8b79-41fb-a5e8-470244431915
    date: Mon, 27 Jan 2025 20:49:19 GMT
    age: 4737
    last-modified: Mon, 27 Jan 2025 20:48:30 GMT
    etag: "3d19360"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: 6577b415-301b-4e69-9fa9-f3f230c10f7f
    content-length: 3145
    date: Mon, 27 Jan 2025 10:05:21 GMT
    age: 43376
    last-modified: Wed, 17 Jul 2024 20:43:45 GMT
    etag: "2dbb5f4"
    content-type: application/x-chrome-extension
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: 8174ea38-4bae-4866-bec3-9ea492099fe7
    content-length: 79410
    date: Mon, 27 Jan 2025 17:58:57 GMT
    age: 14962
    last-modified: Tue, 14 Jan 2025 19:52:59 GMT
    etag: "3c4cf26"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    content-length: 154528
    x-request-id: c32f1ab5-7c3c-427f-8fc4-253016f71419
    date: Mon, 27 Jan 2025 10:24:32 GMT
    age: 42229
    last-modified: Sat, 18 Jan 2025 13:09:12 GMT
    etag: "3c8b3ed"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-length: 40169
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: ad2a2f0d-6561-4a53-a5f6-aa77efa014b0
    date: Mon, 27 Jan 2025 17:07:18 GMT
    age: 18065
    last-modified: Wed, 19 Oct 2022 19:15:32 GMT
    etag: "fd2c06"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-length: 548527
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: e275b13c-647f-4bb3-b226-ae113c9e007b
    date: Sun, 26 Jan 2025 23:21:22 GMT
    age: 82023
    last-modified: Mon, 24 Oct 2022 19:58:40 GMT
    etag: "fe056b"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    content-length: 139943
    x-request-id: bfd0a964-cf25-41f3-b508-c13747f9f477
    date: Mon, 27 Jan 2025 11:12:33 GMT
    age: 39354
    last-modified: Sat, 13 Jul 2024 00:09:35 GMT
    etag: "2d6b66f"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-length: 3719
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: 92b3179f-4e0a-40be-bea5-7f63eade8f5d
    date: Mon, 27 Jan 2025 22:07:19 GMT
    age: 71
    last-modified: Tue, 01 Nov 2022 18:45:20 GMT
    etag: "ffae43"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    content-length: 37324
    x-request-id: f602bcf7-4229-4c84-a21a-81422a974222
    date: Mon, 27 Jan 2025 08:11:12 GMT
    age: 50241
    last-modified: Wed, 08 Jan 2025 20:25:07 GMT
    etag: "3bedd4a"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    x-request-id: 455e94e9-69b8-4f5c-bd52-79dc5d169df8
    content-length: 7326
    date: Mon, 27 Jan 2025 04:43:10 GMT
    age: 62727
    last-modified: Fri, 08 Nov 2024 05:55:28 GMT
    etag: "37333d9"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
  • flag-us
    DNS
    Remote address:
    34.104.35.123:80
    Response
    HTTP/1.1 200 OK
    accept-ranges: bytes
    content-disposition: attachment
    content-security-policy: default-src 'none'
    server: Google-Edge-Cache
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-xss-protection: 0
    content-length: 5407
    x-request-id: c06b72f3-3207-4c67-98e4-431eb69c33ae
    date: Mon, 27 Jan 2025 09:17:31 GMT
    age: 46269
    last-modified: Tue, 18 Dec 2018 18:18:08 GMT
    etag: "309324"
    content-type: application/octet-stream
    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
    cache-control: public,max-age=86400
    coprocessor-response: download-server
  • 142.250.187.196:443
    www.google.com
    tls
    1.1kB
     4.6kB
     10
    7
  • 216.58.212.238:443
    tls, https
    785 B
     40 B
     3
    1
  • 216.58.212.238:443
    android.apis.google.com
    tls
    2.5kB
     6.7kB
     17
    14
  • 216.239.36.155:443
    rcs-acs-tmo-us.jibe.google.com
    tls
    1.5kB
     6.8kB
     11
    12
  • 172.64.41.3:443
    tls, https
    409 B
     40 B
     3
    1
  • 172.64.41.3:443
    tls
    2.7kB
     5.8kB
     24
    17
  • 142.250.200.3:443
    update.googleapis.com
    tls
    5.0kB
     10.7kB
     21
    18
  • 34.104.35.123:80
    http
    63.5kB
     2.2MB
     1032
    1441

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 142.250.187.196:443
    www.google.com
    tls
    6.3kB
     22.7kB
     45
    47
  • 172.217.169.68:443
    tls, https
    327 B
     40 B
     2
    1
  • 172.217.169.68:443
    www.google.com
    tls
    1.9kB
     7.1kB
     17
    14
  • 142.250.187.227:443
    tls, https
    154 B
     40 B
     1
    1
  • 142.250.187.196:443
    https
    268 B
     70 B
     3
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 142.250.187.196:443
    https
    3.1kB
     6.0kB
     7
    5
  • 142.250.187.196:443
    https
    2.8kB
     6.0kB
     4
    5
  • 216.58.212.238:443
    https
    4.3kB
     7.0kB
     10
    11
  • 1.1.1.1:53
    rcs-acs-tmo-us.jibe.google.com
    dns
    76 B
     92 B
     1
    1

    DNS Request

    rcs-acs-tmo-us.jibe.google.com

    DNS Response

    216.239.36.155

  • 1.1.1.1:53
    remoteprovisioning.googleapis.com
    dns
    79 B
     319 B
     1
    1

    DNS Request

    remoteprovisioning.googleapis.com

    DNS Response

    142.250.178.10
    216.58.201.106
    172.217.169.10
    216.58.212.202
    216.58.212.234
    142.250.187.202
    172.217.16.234
    172.217.169.74
    142.250.200.42
    142.250.179.234
    216.58.213.10
    142.250.180.10
    142.250.200.10
    142.250.187.234
    216.58.204.74

  • 172.64.41.3:443
    https
    1.8kB
     4.2kB
     7
    9
  • 142.250.200.3:443
    https
    24.6kB
     15.1kB
     61
    71

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/t2wvu.c47w3.dsuxe/.jiagu/libjiaguv1.so
    Filesize

    226KB

    MD5

    3cea48f4b87b0886a7c83a83fe2313c7

    SHA1

    7a015ce49c07706e464a4a2efcf4a58b7dc7a7fd

    SHA256

    3aac284d37ea5d171ef595c104d333abe24db4a481abf9cc9ca50e5dd81e2f69

    SHA512

    444e07c53a008c456f2ce3cdef70a3891d86e8022227f3262fc755da8f8f4e94a18b7d2b6f7505a50ee5a839e3bee37288cb96cf21bfe6707e22893f716b1877

    Download Submit

  • /data/data/t2wvu.c47w3.dsuxe/oat/x86_64/Anonymous-DexFile@2821482402.vdex
    Filesize

    61KB

    MD5

    0e091a41b1a9e3862d1414133d31aede

    SHA1

    fec9d5c54993cacb6a426ae5094459ae591b7001

    SHA256

    97d524adb0d8aaea0fa9781e99d674e6af5cdfc200541aee28fadf7eb1a1fb35

    SHA512

    9d092f0252a2ed5162b44ed1fe77260c68fa49c33b7997afcdbda4dfbcd66892baf7096894de171c303420384aa1ffcc064c01cea9510fa22cb19139d55e9a77

    Download Submit

  • /data/user/0/t2wvu.c47w3.dsuxe/Anonymous-DexFile@2821482402.jar
    Filesize

    2.2MB

    MD5

    8c5f41d3e9b3176832345357e88067ce

    SHA1

    def4f7ff519c260aaba55edfa99dc36b29d7cc5b

    SHA256

    7d390359b9a296b24796d375c8381551a372dafc1aca630577364400f2b97efb

    SHA512

    e12c8060cee2bfe7e57209f6663a214b9adeda974672832f6b22b2fb9bc773d1667599e5ccddf3d723e01b97d850d29ccb9fbb1b676dd3543304bc020ae00a65

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.