soumnibot | 96fd7c250adc0d18735369694be34422d7652c87db7e77cba97d0d670103b35a

Analysis

max time kernel
149s
max time network
157s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96fd7c250adc0d18735369694be34422d7652c87db7e77cba97d0d670103b35a.apk
Size

2.6MB
MD5

7015a22a8f0518c8ba93e23e6411cd00
SHA1

189b4163a711b8fffab6e8c76ec0183357d066c9
SHA256

96fd7c250adc0d18735369694be34422d7652c87db7e77cba97d0d670103b35a
SHA512

0896cfb1ccf3082cc2e6b833829a1b8549df79b19425e32f47e19d7a9caab35132a6caf350c16b9c405c9c7f86359652e61473b3789e1ec56561e2f7cec97d70
SSDEEP

24576:/4m51+WtE0Lb/JhAlY9w931pcdOOUdo7Pxhu9RcvxrvF1hKh4WCLyD:gJWu0J6FPUvFOCLu

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sdvo.ewfcsdiv.sdekvws/app_sdvo.ewfcsdiv.sdekvws.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4467	sdvo.ewfcsdiv.sdekvws

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	sdvo.ewfcsdiv.sdekvws

sdvo.ewfcsdiv.sdekvws
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4467

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/sdvo.ewfcsdiv.sdekvws/app_sdvo.ewfcsdiv.sdekvws.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
3d19208e2ecaa9d8d51b7b5e70e75325

SHA1
db57571bd22af018824d9db4bd62eeddf494e58c

SHA256
3249b51466985527bc8e221448fa2608a217888ea8b077d349a7df78033cc380

SHA512
156ba8a0649e7edbe3233bffe5f3c055aa9d649633330056743715ce62aadb80106cb60de4936b14704b2c0f0d636e5205ce6a76302ab69e977d4acfcf1fe32a

Download Submit