soumnibot | d688de72107049017ff8d65f750877d442780814a644b07678447253e654a368

Analysis

max time kernel
2s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/03/2025, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d688de72107049017ff8d65f750877d442780814a644b07678447253e654a368.apk
Size

3.0MB
MD5

5ef4efedef2dde96db6a4ffa0474b396
SHA1

5a7207911f6b19f46b2b7b2e6e0476e1195be686
SHA256

d688de72107049017ff8d65f750877d442780814a644b07678447253e654a368
SHA512

e7f077c0f2d9b36c216a0aaa278ba6ffb756a454eca55a172356109af8ac7d0ea2a67935fd63958fb9fecd37c31e8d5645515ccab85fe95f298714c63bade189
SSDEEP

49152:AdwB+sXbQ/fZhlJ02ge3rDOGpesLNc2HSsqg1wHP2Zr9KIz:AxMbQHZhz02gCrle8C3HP2Zr99

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4865-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/hills.opinion.groans/[email protected]	4865	hills.opinion.groans
/data/user/0/hills.opinion.groans/[email protected]	4865	hills.opinion.groans

hills.opinion.groans
1⤵
- Loads dropped Dex/Jar
PID:4865

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/hills.opinion.groans/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
5e204ef07df65032c7c4ce6de4962e35

SHA1
16dfabde15ea7b30564bda5155bffa8cdb7d7bbf

SHA256
8ee0cf93b8b9ed6a53cf545211a7bf73dddcb0bdec2288fa97b5a94ec7359414

SHA512
53518af00b16f4885b88618e9a1c3f5fb4f9e95e6f55a3b13b142a0e18ee4b4b53f001d99a82b0db6e1020406e197d93d404798937a1b34b0a4b20331772507d

Download Submit
/data/user/0/hills.opinion.groans/[email protected]

Filesize
1.8MB

MD5
f28a496ac8513e80aa037ff98094ff37

SHA1
bd9bc0e038d52cb01b22a4cff4e08849cb58e523

SHA256
eca36ca8c597c65d223a22d82c889c82da6efb43c1adf7e3f8bb43bd196bfc7b

SHA512
93c63d1a2eb57dd019efafda5296ec750d2d48002f2a9e363c6d4b4ba4944cfa4319e6670e5fdd0b68097fd94f96a175cd2528bca3cb6df5f82237fc5c2f9726

Download Submit
/data/user/0/hills.opinion.groans/oat/x86_64/[email protected]

Filesize
402B

MD5
38e9c1dec71654077d3c6dfe3643abba

SHA1
3daf5350d04eb45fe6c2a859a4a4e5d666049cde

SHA256
b5ec7fe3603ec37d7d65a10f2422d5ce6785feb98b5ca5b62a4515282cc0f5d6

SHA512
4b02ad4587a8a98bbf582da55a3b6b92050934f32e6912003477ec2697106ed2db3d739d4a821f67593d0798dbbc7eb459c6b9664d47ecddd84b4699f0cae6e9

Download Submit