soumnibot | 95e22f086037fe1ce1379c7b1b009daca8513dd43b78704a20b2dbc7ff2d08ba

Analysis

max time kernel
148s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95e22f086037fe1ce1379c7b1b009daca8513dd43b78704a20b2dbc7ff2d08ba.apk
Size

2.6MB
MD5

42f694fe0dbfdca6fda98db4eac5fbcd
SHA1

d8212615a08707b38055e20822386cd2a45426b7
SHA256

95e22f086037fe1ce1379c7b1b009daca8513dd43b78704a20b2dbc7ff2d08ba
SHA512

0588da1b1a4ee1359019f8654b2814ca5a4a11e5e20fbe2eb613b9d855f7ce2f72dfb43a910379a0d7d14c93f71d1b17454bdaefce2db7cd93dec8b20e37300e
SSDEEP

24576:jjl4m51+WtE0ticNv0jkkwxXajC2mXcvUaBBkMiApUSyHljgmeFyU9YOfnT6xU0q:OJWu0iBFB0gY6C3H4

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/rekgvk.wepgovre.lfdreb/app_rekgvk.wepgovre.lfdreb.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4447	rekgvk.wepgovre.lfdreb

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	rekgvk.wepgovre.lfdreb

rekgvk.wepgovre.lfdreb
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4447

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rekgvk.wepgovre.lfdreb/app_rekgvk.wepgovre.lfdreb.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
7f3160f5f22785e452b17b06ab1d882f

SHA1
2cbff92d9948c80c6783623656ff66bcc13e34e9

SHA256
63a3cb1ba27850bf077e39088341261f2116d90bdd792e37cf98eb1c6cfc1b34

SHA512
7971c148c4711d651fdf4b5b784be64c0eb35da7fbcae0c20e425dec18e2f4ef3a8bea3b4b40b3ee7b09af6f99d88892dc918741ec3b87162984b2ada93a1556

Download Submit