soumnibot | b4d6bfb654289c56c9d176685a2e49c9f179858f7920e6509cd3bfe4ba1e63cf

Analysis

max time kernel
149s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4d6bfb654289c56c9d176685a2e49c9f179858f7920e6509cd3bfe4ba1e63cf.apk
Size

2.6MB
MD5

019e2a0df3d02b23110df38d7cdda5e4
SHA1

77938ffedeb96e43b9639f8b98ed456807b05c0b
SHA256

b4d6bfb654289c56c9d176685a2e49c9f179858f7920e6509cd3bfe4ba1e63cf
SHA512

34923a91a6e4ba0694a29e6ddcdc0323cc8669598e4884f1504e2749abe76356fe4b6dfee9a8531bf08a574b1c8bb37ee62c585f33c02ccc5696b72cbeeb7be7
SSDEEP

24576:Qi4m51+WtE0POFeyWZDI6lQpwl799wOtrBHxuce41MiJjV9CItOo:QhJWu0WIlVe41MmrCIH

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/redfgbl.wepgoer.ewlsgd/app_redfgbl.wepgoer.ewlsgd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4513	redfgbl.wepgoer.ewlsgd

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	redfgbl.wepgoer.ewlsgd

redfgbl.wepgoer.ewlsgd
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4513

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/redfgbl.wepgoer.ewlsgd/app_redfgbl.wepgoer.ewlsgd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
0a1e4ed69bcb9e8cac192460ea2a713b

SHA1
702f6dda8bdb1fb9d7b379c0763ba6beac3c2833

SHA256
d19535560b0d1852faed7ade8fbff98d6196fae863b0927f6c71aa92199139c6

SHA512
52bbc93856707ab83136481c6c1549b32fcfe09f4c836e8dca02c078dbbac090fa08e9087a9fe39f1920b607a9ea5cf8caa076439195fba0d5d6acef10921e97

Download Submit