soumnibot | 25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

25b46ac294...7a.apk

android-13-x64

Sharing

General

Target

25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a.bin
Size

4.6MB
Sample

250327-13316syxdz
MD5

bd542418210e8661c4b33e93d8f2d222
SHA1

fdad8d7601dcdb2064ffd2a92d7ea1b85a1ed544
SHA256

25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a
SHA512

e726c91daa9b814360e0e1df2f9a2548a0b199d499892431de6a0ba01c78cb509ca8f93d433b276746c9a572d45d2c8a35a620efaf4bb9eee45280f283455330
SSDEEP

24576:kBP4m51+WtE02qQ/kiKl08btTMbYtSi9IwiWlsOCCcabUZXlujJg4CgpTVxoK1Tn:rJWu02cswaJabUZXl6CgxbDsBFt4Aohh

Score

10^/10

soumnibot android banker defense_evasion evasion infostealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a.apk

Resource

android-33-x64-arm64-20240910-en

soumnibot banker defense_evasion evasion infostealer trojan

android-13-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a.bin
- Size
  
  4.6MB
- MD5
  
  bd542418210e8661c4b33e93d8f2d222
- SHA1
  
  fdad8d7601dcdb2064ffd2a92d7ea1b85a1ed544
- SHA256
  
  25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a
- SHA512
  
  e726c91daa9b814360e0e1df2f9a2548a0b199d499892431de6a0ba01c78cb509ca8f93d433b276746c9a572d45d2c8a35a620efaf4bb9eee45280f283455330
- SSDEEP
  
  24576:kBP4m51+WtE02qQ/kiKl08btTMbYtSi9IwiWlsOCCcabUZXlujJg4CgpTVxoK1Tn:rJWu02cswaJabUZXl6CgxbDsBFt4Aohh
Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdefense_evasionevasioninfostealertrojan

© 2018-2025

Terms | Privacy