soumnibot | ab0cd87d0acee5b27da33a73d2c96083ed000ea9abe6881bee22508afc7845c6

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
06-02-2025 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab0cd87d0acee5b27da33a73d2c96083ed000ea9abe6881bee22508afc7845c6.apk
Size

4.0MB
MD5

b1a56c7e9c513870bf2b1f66518a5250
SHA1

3a13375cafa69ca11dc9ac2373757c201215033b
SHA256

ab0cd87d0acee5b27da33a73d2c96083ed000ea9abe6881bee22508afc7845c6
SHA512

56edb0db622726673dd4f84a605b94d4eac0123cec8b5d0d405ba2d57c9eaec1587430bb58a724804b8dfc885aa0409d32c4d070b62351b8f3d0945421e3ddec
SSDEEP

98304:8a/xR9ayBdsLxiVmYoq7TFj0bcDUVl2XAbIgJ1a6dDC:NYyB52q710X+XAImDC

Score

10^/10

soumnibot banker defense_evasion discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/template.blog.low/app_dex/classes.dex	4787	template.blog.low
/data/user/0/template.blog.low/app_dex/classes.dex	4787	template.blog.low

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	template.blog.low

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	template.blog.low

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	template.blog.low

template.blog.low
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4787

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/template.blog.low/app_dex/classes.dex

Filesize
4.6MB

MD5
875653a74a85213de90f1c9b67576852

SHA1
3fdea7741d2dd063b85c4316ebc814e212ace7c5

SHA256
925cb8fb22cd5c434b4d586e95918e51d0bafb8cf04072eab92c997fd4a08a4b

SHA512
4650938fc1b7c2e9ba19d2fea34f40ec01e99d22335cb2d03e4e081e2716ae9e060e65f2fd93bcdb3a959f2ec133efc89601d5f0abfef787f32e3eaa6152efaf

Download Submit
/data/data/template.blog.low/cache/image_manager_disk_cache/56420aaa66db46851d831354f7758e84e216f278f7db3433e8922de2e30ac680.0.tmp

Filesize
78KB

MD5
7de4f8956818f600ee7db36203f218a5

SHA1
287249420f0254ccc6eeb018d0cefc8aea8b3be6

SHA256
e07abd2864c1b86e6917fcb0d3e06d845aa2704fd47aa83d3b0e33971c58a432

SHA512
621d56373fc225d9e612eb6e610bc74ffa27b486e031ad4d65a27475ba86e5051b972b7003602dee6d103d63a268136e6026b3b14fe7055900a730cfc613b1ef

Download Submit
/data/data/template.blog.low/cache/image_manager_disk_cache/journal

Filesize
179B

MD5
6f6caedb2228bc6884c46af4d748226d

SHA1
5eea3a4300ec886d585347625f0bac32145c5e5a

SHA256
162d0b0a694e10e313bdf5f802d7c11a3d3bc7780722b707ed2965a0955a8514

SHA512
eaa47debb3497bc5ac574d890a049552c8812c873a779b1290450b18744df8ef13922ae4a37147f2c858a29f4476e7bd9070c00d3d177358466e8db10b2c5352

Download Submit
/data/data/template.blog.low/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/template.blog.low/files/PersistedInstallation4386630594233909018tmp

Filesize
567B

MD5
81386409b95256a141357d23925f8f50

SHA1
2756bc23a16c43ce37fcf88072e6f1a0ed302c7a

SHA256
a5b4cdb8055d5aa409503c99a00a3c1cdd810367ee6ca334ca43d3b059a2af3f

SHA512
09e4b2db6f8e39450a97da979e65fba641f347dbef6032eecba1544990430910823be5156db1fc7f07f0613bd7fecb3170740cf42afe63e86a2fc2edc3c9dc44

Download Submit
/data/data/template.blog.low/files/PersistedInstallation5792345974669397777tmp

Filesize
90B

MD5
9b23e8c261c9915f4088e2476dad0a12

SHA1
6ff99962a15b2b59bd025585760ae778e0a5031b

SHA256
f1f8a70e460e104692b8e17f14f987148a6fa477c23e0a32e5c699a9b16d62b0

SHA512
e3a92e65bd12fa0bd061c4e215869a36e053a093e1b73bd82a23ac8eb79e948f594d8a0a1a24ba67d3e73bb25f823b7c185d1e71b36b2ab43a59123373e8a376

Download Submit
/data/data/template.blog.low/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/template.blog.low/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
94a200535a23ef88f991d296fde7f238

SHA1
1154e90e9d28e2db127e8da9c1744a8629e07227

SHA256
9810d3519007a4a6b0ccd21bde634c446a60322d5f0590dc8ff23ae9028450fb

SHA512
372e2398e6965701d8639f125c32c30219a70c304716568c93e98573074b47980d91cdf07854ac76bc9a0552632c19cbca5091dee256e5100a4a6592785e3fb8

Download Submit
/data/data/template.blog.low/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/template.blog.low/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
49eac665cbf12f76641c75c8a6c933d9

SHA1
29fac0c74676c9a4392851148a3ae4428e918ef0

SHA256
6b8ccfd273483cc8dd8aa82fc5720d23853628c55e1a8ed3d5b927ac57e8c208

SHA512
54b0f0a76730d36af9477d6f016096095910cd4f8d223e1b5aae17485229689f0b4c2b4a63761f0ab51c88cec7fe4c24b516edc7e75c9998da5ce508df2e7ed8

Download Submit
/data/data/template.blog.low/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
bd56af11a3f9c15a079e93a5fdc2c6b3

SHA1
8c646128056ce05df83f612e7a938e7f0c2f2ab0

SHA256
0d8ca2cadc845a04f8841ea04a2358fdc8f229ba7f20b4c5115ea883e19dba35

SHA512
f1e1716aea1d1af45d5a791c5c20944d2811f8600e9f175d767936a508fecfcb4aaf75f96e11581be0ebf962b7f9a273dd8e04c0f2007710399d614cf4a88017

Download Submit