soumnibot | 25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a

Analysis

max time kernel
149s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a.apk
Size

4.6MB
MD5

bd542418210e8661c4b33e93d8f2d222
SHA1

fdad8d7601dcdb2064ffd2a92d7ea1b85a1ed544
SHA256

25b46ac2947491d6df6af106e65d28e2e999e38acf6e0b5b13c7cafbfda4147a
SHA512

e726c91daa9b814360e0e1df2f9a2548a0b199d499892431de6a0ba01c78cb509ca8f93d433b276746c9a572d45d2c8a35a620efaf4bb9eee45280f283455330
SSDEEP

24576:kBP4m51+WtE02qQ/kiKl08btTMbYtSi9IwiWlsOCCcabUZXlujJg4CgpTVxoK1Tn:rJWu02cswaJabUZXl6CgxbDsBFt4Aohh

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 2 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot
behavioral1/files/fstream-4.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/drfgbdrf.wepgfoe.rfeg/app_drfgbdrf.wepgfoe.rfeg.AAbaseZZ.AABaseApplicationZZ/newobfs/1.pobfs	4490	drfgbdrf.wepgfoe.rfeg

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	drfgbdrf.wepgfoe.rfeg

drfgbdrf.wepgfoe.rfeg
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4490

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/drfgbdrf.wepgfoe.rfeg/app_drfgbdrf.wepgfoe.rfeg.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
6cb8e2556168f48636faf688a3150fd3

SHA1
3da227553d703f8dad1dedd1628814851cbcf62f

SHA256
ad5e48e75ffcc701147fc13166b553b38445dfa61649fcae652ee88672ff9725

SHA512
1677ac6be2cbfc04eacebd73e8dd511540e871829221dee7357a5d5437cf47259ee8e9fc54ec486fcb114b837770e0b0410d2b6717387cdd99ba1b5138a60b4b

Download Submit
/data/user/0/drfgbdrf.wepgfoe.rfeg/app_drfgbdrf.wepgfoe.rfeg.AAbaseZZ.AABaseApplicationZZ/newobfs/1.pobfs

Filesize
1.8MB

MD5
42e37e8592c869b99c0d716969ab897c

SHA1
fc4631ebd1a04437ab909c2b8b1d6990fe5cf0da

SHA256
859608c88605d20ad6863e59fbb98271a3c561de9db7b980e86aeae217d12447

SHA512
b66bfd7bf796eb0f1d3eb4d2ccf193342421ca9b8a0002e8d6dc059e7d9ae403453669c12d47d1ee512673612b4ef95c7b8bd5f1ae20ba2a3be1011d3d51f368

Download Submit