soumnibot | f9edfeb888b82088bd627dbb30d79b5b0d2e2d91b8b80df2e8e68fd1f44ecf3d

Analysis

max time kernel
149s
max time network
155s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9edfeb888b82088bd627dbb30d79b5b0d2e2d91b8b80df2e8e68fd1f44ecf3d.apk
Size

2.6MB
MD5

0f25ab915a7e39ead12d2d8881b98086
SHA1

d916f34d43f32d101cbc82f3e86878a5c53fe9b6
SHA256

f9edfeb888b82088bd627dbb30d79b5b0d2e2d91b8b80df2e8e68fd1f44ecf3d
SHA512

c91d997596990f75b4ff6bbff0e42c0dea2a6b0d8956717c508375842b6312e17fbdb3759b292e2e99023efcfc56f440dc30c9c3c9942b00c56a34ac167f3568
SSDEEP

24576:m1b4m51+WtE0mbzIemQZ088sJcA470ieA45RqTbpOjPprmpT83Dyqdn0Ab3Xbi9E:m6JWu0tQZL0Hs4pPGwCw6

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/reger.ewgpero.ewflv/app_reger.ewgpero.ewflv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4520	reger.ewgpero.ewflv

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	reger.ewgpero.ewflv

reger.ewgpero.ewflv
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4520

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/reger.ewgpero.ewflv/app_reger.ewgpero.ewflv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
d9135e675a5fb14499b32d3a15ae0aec

SHA1
b58191c952a6b16bb16a0dba9a6e0a66e182fc22

SHA256
b912d66fe523f13ca49d343c867d06c410ea90c9bf110732252689eeead9702a

SHA512
14cdb5fa9bd521319bc0027ccdea73178b53613774cc83da0af762c1a06e8c6a88cfaa4b88649945c2619c43f4888a11661b37ec7835a840dc5011f05cc837a1

Download Submit