soumnibot | ed5c85ae82e887b27848a4cdd05d1679d8b0e3e1be4e784e46b71ff098986807

Analysis

max time kernel
3s
max time network
156s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
03-02-2025 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed5c85ae82e887b27848a4cdd05d1679d8b0e3e1be4e784e46b71ff098986807.apk
Size

3.0MB
MD5

1a1063d4076caef5df8d95eaf110afb8
SHA1

7584fcae11cd5c8e9863b92c54fa52aa9914256e
SHA256

ed5c85ae82e887b27848a4cdd05d1679d8b0e3e1be4e784e46b71ff098986807
SHA512

ffc7e6f1c6061bf68c68304ed8dac388e3fce5afe00be99f9f3ad2754021a040f0edd9dd3a317317fd119356bfd169fa6ce4086972c9b564070ab6b12b13b68e
SSDEEP

49152:LzwD+sNdJIYb5StjIjyGKQsL3TMBzU53esLN301jgRsP2ZrMT33:LtidtiEjyd9L3AOe8+JP2ZrMz3

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4658-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/massed.church.symbols/[email protected]	4658	massed.church.symbols
/data/user/0/massed.church.symbols/[email protected]	4658	massed.church.symbols

massed.church.symbols
1⤵
- Loads dropped Dex/Jar
PID:4658

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/massed.church.symbols/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
5e204ef07df65032c7c4ce6de4962e35

SHA1
16dfabde15ea7b30564bda5155bffa8cdb7d7bbf

SHA256
8ee0cf93b8b9ed6a53cf545211a7bf73dddcb0bdec2288fa97b5a94ec7359414

SHA512
53518af00b16f4885b88618e9a1c3f5fb4f9e95e6f55a3b13b142a0e18ee4b4b53f001d99a82b0db6e1020406e197d93d404798937a1b34b0a4b20331772507d

Download Submit
/data/user/0/massed.church.symbols/[email protected]

Filesize
1.9MB

MD5
197e9264fc655f2d1aaf7711d2babdcc

SHA1
9152ebed9f0ce9c479091337e1691c8aa0f31e24

SHA256
f6420341c7be9f654b0fbbf2f9b49a417b81a231249616939ec4b72d0d60778a

SHA512
d9f5e1676c2c0bcf5a34857bbd23b37b20a3fd0d77ef128486e645a0b521515df9ad749d0f9b286426a44619ad15bf6e0d826c9bd5f3f1f25ec7adfecad3fb60

Download Submit
/data/user/0/massed.church.symbols/oat/x86_64/[email protected]

Filesize
405B

MD5
5b7283c4e9de10d1a9ee32ec9ecbad9f

SHA1
84b25629c0c69ca1b34e6bb4a3afa7f8876886c0

SHA256
73bc807a1c9b2a070cc02e3df20799d0cc85520211bf448c6d130357df04168f

SHA512
353589507fad9dfb3265566aea6314aa871cca96bbbde35624dd634d94a3ccf3c0ece5b7d9a51d1a51d8031e33d6f7059a89262ea6fcb14cccc2b69caf28d73f

Download Submit