soumnibot | 2dab95e12fbbbce24ed923fe8679802f244e93e2a07a8e8d07f9ecee327ee4db

Analysis

max time kernel
149s
max time network
146s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
11-02-2025 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dab95e12fbbbce24ed923fe8679802f244e93e2a07a8e8d07f9ecee327ee4db.apk
Size

3.9MB
MD5

b625bfcf0f79d1e4082d9bdb3d9e998c
SHA1

f2bdeade0b3e5e1c0b718bdab9f1ee864285117e
SHA256

2dab95e12fbbbce24ed923fe8679802f244e93e2a07a8e8d07f9ecee327ee4db
SHA512

75a7b46dbf0a4cdb3fd2373aedb22fd94db42e51065a376cd0e6c95d8d461b51c62496a831886f8d8217370647803d831995dbfa5218bc3a33e9adcc49526d12
SSDEEP

49152:/venUUP/H30EpETC4vRbHmRTlklvRwWca16yxqssz/N6fOkE1wgQhRuoY3kFlj07:/ve5kzTvKxWAbqOrwgQHnx0SHQ3dA7eX

Score

10^/10

soumnibot banker defense_evasion discovery evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/first.app.package/app_dex/classes.dex	4319	first.app.package

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	first.app.package

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	first.app.package

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	first.app.package

first.app.package
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4319

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/first.app.package/app_dex/classes.dex

Filesize
4.5MB

MD5
dd062060331af950971c9e1c4a7d96df

SHA1
73378ee8084f84a063d09475ad95a696e41efcde

SHA256
d0649eec72956d9bc27c6a9f4dfa343986eee3c41f7fc7037677147dde2e2bb3

SHA512
189f675bca56d6b8ad8d8f0e3af4057b148fdfda983fc9caab0f52a3729c346a7ae86e491875a3c2371b6f3f4e0261c51dfaee6b5caba13253943c1bd0919f16

Download Submit
/data/data/first.app.package/cache/image_manager_disk_cache/56420aaa66db46851d831354f7758e84e216f278f7db3433e8922de2e30ac680.0.tmp

Filesize
78KB

MD5
7de4f8956818f600ee7db36203f218a5

SHA1
287249420f0254ccc6eeb018d0cefc8aea8b3be6

SHA256
e07abd2864c1b86e6917fcb0d3e06d845aa2704fd47aa83d3b0e33971c58a432

SHA512
621d56373fc225d9e612eb6e610bc74ffa27b486e031ad4d65a27475ba86e5051b972b7003602dee6d103d63a268136e6026b3b14fe7055900a730cfc613b1ef

Download Submit
/data/data/first.app.package/cache/image_manager_disk_cache/journal

Filesize
179B

MD5
6f6caedb2228bc6884c46af4d748226d

SHA1
5eea3a4300ec886d585347625f0bac32145c5e5a

SHA256
162d0b0a694e10e313bdf5f802d7c11a3d3bc7780722b707ed2965a0955a8514

SHA512
eaa47debb3497bc5ac574d890a049552c8812c873a779b1290450b18744df8ef13922ae4a37147f2c858a29f4476e7bd9070c00d3d177358466e8db10b2c5352

Download Submit
/data/data/first.app.package/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/first.app.package/files/PersistedInstallation2219394843134434617tmp

Filesize
568B

MD5
71d952e913be50830a201f4ca139ae83

SHA1
36d15d5d22b5e90f7ed62c62290dcb5558d9773e

SHA256
be246bb4471164ae753f91e45566c25531249b8ee8831d4717de73b09eb7872e

SHA512
a37122f81271d3f6e72f3c41f6a97bc86fc82b3decd0229fa93ba9502fffa347f790867ec8cb9304e8f1db3f711adca0cce911375469862e32104a573a1aa674

Download Submit
/data/data/first.app.package/files/PersistedInstallation7279447568494991951tmp

Filesize
90B

MD5
0c9b89746b34823cc15611e44ba0bcf7

SHA1
7031b6170cbbce61d3dd1c506f1958896a9d51a0

SHA256
b272ab4badbb765fd9cdc0617b9bcec2efe40b1c0114cab0c06dfe7f612faa71

SHA512
7e99aab908294f1dee50f1a35c4d994f58ea45447c02580d2008019864668ceab019fe8259ce82e2bfc8c4eddc3bd951cf4ca82898f2ddec014ff57e9ff74397

Download Submit
/data/data/first.app.package/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/first.app.package/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a5c78c9908b0a20b6020b7a2c9b03af0

SHA1
35e4dd61c820b89549a619efdf38b282483a4104

SHA256
72629b62adc0ddea32b75d94a53b79ccd05edd017ec8cecf2b3dc997f120022a

SHA512
e1db78b1689d6c1df61824bd777d425fe36f978c233f92cb7bc91844a7d279073417de8f2877b8b9fa8adb601342aa0e13dae6524a474c14c78c7bec97c45ad3

Download Submit
/data/data/first.app.package/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/first.app.package/no_backup/androidx.work.workdb-wal

Filesize
112KB

MD5
9447a85eb792e19c24f22f27685a212f

SHA1
04da4ddd343b4fd883dc07e6fb760e8280bf639a

SHA256
0ba447a8065443170c8982912d6e025cb56ae8ad0e7e674c9c8260f8b919647b

SHA512
c8c1273c3db63e02919e3a57479ed1436f01b671a58f68ae3e7ab4b3b3f2642b14cbd07086dc68bb034148c516796be270a966fc2c48a1ec612f219ebee53965

Download Submit
/data/data/first.app.package/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e03009c7ce357da4598704337ead0b11

SHA1
96d10c3ef9fb28195b177f15eba763d8778ab92d

SHA256
1074fcee4676eb886acd3d5f7730d7cc8ab2917a67c360cd03dccbeeaaff123e

SHA512
ec6e6d88210110197b5dad10b4675826d3abffbe5d6e03ec13afa3337d88f9b0e05aa302e44d8c62f067d00fd827cd1497e87bd1a33326d40b94190fe9695bfb

Download Submit