soumnibot | df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d

Analysis

max time kernel
5s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
27-01-2025 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d.apk
Size

2.0MB
MD5

99541d889d9cc004b371fb8a439c202a
SHA1

304697ad11daf080a895688251b55041b5773c60
SHA256

df80a998f1329db41d5c99c2bcab513ec90ab0ca6e48b9272b74d3ce8e928a0d
SHA512

46c931a8b24c4a92658811888138248dd1b6f9fbeeb378c250b7ec53b54abce2cce0e86b7da9e8fbd9d76b94c673598c69df0d001f03d54868427889029b09c8
SSDEEP

24576:BZdaLQntXiFUEkJatcrbnkE4aLLP25FqitOEJQ0z4m51+WtE09eUtiiKNGMGogSH:hIESFR6cIHP25zMQMJWu09eYi9/gSqU

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4303-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/t2wvu.c47w3.dsuxe/[email protected]	4303	t2wvu.c47w3.dsuxe
/data/user/0/t2wvu.c47w3.dsuxe/[email protected]	4303	t2wvu.c47w3.dsuxe

t2wvu.c47w3.dsuxe
1⤵
- Loads dropped Dex/Jar
PID:4303

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/t2wvu.c47w3.dsuxe/.jiagu/libjiaguv1.so

Filesize
226KB

MD5
3cea48f4b87b0886a7c83a83fe2313c7

SHA1
7a015ce49c07706e464a4a2efcf4a58b7dc7a7fd

SHA256
3aac284d37ea5d171ef595c104d333abe24db4a481abf9cc9ca50e5dd81e2f69

SHA512
444e07c53a008c456f2ce3cdef70a3891d86e8022227f3262fc755da8f8f4e94a18b7d2b6f7505a50ee5a839e3bee37288cb96cf21bfe6707e22893f716b1877

Download Submit
/data/data/t2wvu.c47w3.dsuxe/oat/x86_64/[email protected]

Filesize
61KB

MD5
0e091a41b1a9e3862d1414133d31aede

SHA1
fec9d5c54993cacb6a426ae5094459ae591b7001

SHA256
97d524adb0d8aaea0fa9781e99d674e6af5cdfc200541aee28fadf7eb1a1fb35

SHA512
9d092f0252a2ed5162b44ed1fe77260c68fa49c33b7997afcdbda4dfbcd66892baf7096894de171c303420384aa1ffcc064c01cea9510fa22cb19139d55e9a77

Download Submit
/data/user/0/t2wvu.c47w3.dsuxe/[email protected]

Filesize
2.2MB

MD5
8c5f41d3e9b3176832345357e88067ce

SHA1
def4f7ff519c260aaba55edfa99dc36b29d7cc5b

SHA256
7d390359b9a296b24796d375c8381551a372dafc1aca630577364400f2b97efb

SHA512
e12c8060cee2bfe7e57209f6663a214b9adeda974672832f6b22b2fb9bc773d1667599e5ccddf3d723e01b97d850d29ccb9fbb1b676dd3543304bc020ae00a65

Download Submit