soumnibot | 2ad81b398c82f099000202b00008c22324b2a068fba552d04e355f06ae7d5863

Analysis

max time kernel
149s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ad81b398c82f099000202b00008c22324b2a068fba552d04e355f06ae7d5863.apk
Size

2.6MB
MD5

7b5374be5a90d70be04b9d362e79f90a
SHA1

6792e51ee7d5767fe5345b0663a3ce46ffaf7a34
SHA256

2ad81b398c82f099000202b00008c22324b2a068fba552d04e355f06ae7d5863
SHA512

e754624a4d3630121d5a41216319b3e54250c7af0c569e490c638af7dc11e3068abd519b4c4fe8673fccc3ba6c597c1f6b80612d26ac41698de2783ea05986c3
SSDEEP

24576:jm4m51+WtE0MywGXVTG4ePt+qd3MqsHpUPEQRxZDs8YqNFhIlnXbJ9iNUPRq9xfc:BJWu0EfSqsJuw/8tC53

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/trhpoew.welfkerg.reghefw/app_trhpoew.welfkerg.reghefw.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4512	trhpoew.welfkerg.reghefw

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	trhpoew.welfkerg.reghefw

trhpoew.welfkerg.reghefw
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4512

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/trhpoew.welfkerg.reghefw/app_trhpoew.welfkerg.reghefw.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
633f228be8b7fb71b58027a0800e7b92

SHA1
91b016b85c4fe89f3e841ee75f0fb7dda48e00c6

SHA256
337c4259856c39c8a4555f61f2abacb06c7d1acf2f1bb311a78daab204ddf2f7

SHA512
b349917650dd546d7f62d608b7f0cc3ed4a0d91b1f97512834616a81d4afe70fa8d2d74d2de50d4a6582b97f815d97b4d941c8e1f4feaaffab10833451c535a4

Download Submit