soumnibot | 9fcc3e1b081443d078b86e55b2efe23a5d3d4277e36334216f2f7eb92c3dada0[.]bin

General

Target

9fcc3e1b081443d078b86e55b2efe23a5d3d4277e36334216f2f7eb92c3dada0.bin
Size

2.6MB
MD5

b84cf63ea461c97048c85b2fc6b7e49a
SHA1

66c146e7b833d7b564de1fe5410e75e5ab23ef8a
SHA256

9fcc3e1b081443d078b86e55b2efe23a5d3d4277e36334216f2f7eb92c3dada0
SHA512

f0a8013b8df44f87496a3eea24b9a99583f7dedbf82bcff627cca59282c4af6b612d275096d17c4d94b4a8b6be1ae498532600bcdd882ee563dfcbec0a7f6f45
SSDEEP

24576:St4m51+WtE0dLPYfK8auztf28P6MjFd5TPa4PkCRWI2yrlpBsj4y+QQOQ3A7O6Nw:zJWu0aTP6CNa9v/gRC5Y

Score

10^/10

soumnibot

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
sample	family_soumnibot

Soumnibot family
soumnibot
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Requests dangerous framework permissions 12 IoCs

description	ioc
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS

Files

9fcc3e1b081443d078b86e55b2efe23a5d3d4277e36334216f2f7eb92c3dada0.bin
.apk android arch:arm64

sgrdrfl.epgordsf.wsakfc

sgrdrfl.epgordsf.wsakfc.wefreg.erwgler.ssfskdekvgrfd

Activities

sgrdrfl.epgordsf.wsakfc.wefreg.erwgler.ssfskdekvgrfd

android.intent.action.MAIN

Permissions

android.permission.ACCESS_WIFI_STATE
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_PHONE_STATE
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.GET_ACCOUNTS
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK

Receivers

sgrdrfl.epgordsf.wsakfc.AAkeepaliveZZ.receiver.AABootCompletedReceiverZZ

android.intent.action.PHONE_STATE
android.intent.action.BOOT_COMPLETED

Services

Android Permissions

9fcc3e1b081443d078b86e55b2efe23a5d3d4277e36334216f2f7eb92c3dada0.bin

Permissions

android.permission.ACCESS_WIFI_STATE

android.permission.READ_CONTACTS

android.permission.WRITE_CONTACTS

android.permission.READ_SMS

android.permission.SEND_SMS

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.READ_PHONE_STATE

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.WAKE_LOCK

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_NETWORK_STATE

android.permission.READ_PHONE_STATE

android.permission.READ_EXTERNAL_STORAGE

android.permission.INTERNET

android.permission.GET_ACCOUNTS

android.permission.FOREGROUND_SERVICE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK

Sharing

General

Malware Config

Signatures

Files

sgrdrfl.epgordsf.wsakfc

sgrdrfl.epgordsf.wsakfc.wefreg.erwgler.ssfskdekvgrfd

Activities

sgrdrfl.epgordsf.wsakfc.wefreg.erwgler.ssfskdekvgrfd

Permissions

Receivers

sgrdrfl.epgordsf.wsakfc.AAkeepaliveZZ.receiver.AABootCompletedReceiverZZ

Services

Android Permissions

9fcc3e1b081443d078b86e55b2efe23a5d3d4277e36334216f2f7eb92c3dada0.bin