soumnibot | f61f84b2d322ecd2294d9e0d776e27e00a638bec67306d6e4ee904845831bbe2

Analysis

max time kernel
2s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/03/2025, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f61f84b2d322ecd2294d9e0d776e27e00a638bec67306d6e4ee904845831bbe2.apk
Size

3.2MB
MD5

0a39c46df9de99372fb87bfe7bd70abd
SHA1

fd97850e6f6292122510d638dff11ff898c428f8
SHA256

f61f84b2d322ecd2294d9e0d776e27e00a638bec67306d6e4ee904845831bbe2
SHA512

c505c4dbef81a7b55b053b5a1e140c8cf16abeb5f90e49217763076c613c81f1184663cb2a5b65ffe8d1fea76730979853fdcf939f9e3d3dc46d57d9e90d7bea
SSDEEP

49152:F3yGxd+x9jxf5p2ScMVzrcUbqF4xyR/OZesLN7mm2QWg17HP2Zr9KRQn:F3t/+x9jpP6MVzWYyRse8KwHP2Zr9Zn

Score

10^/10

soumnibot banker evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/memory/4609-0.dex	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/ejection.effect.formulas/[email protected]	4609	ejection.effect.formulas
/data/user/0/ejection.effect.formulas/[email protected]!classes2.dex	4609	ejection.effect.formulas
/data/user/0/ejection.effect.formulas/[email protected]!classes3.dex	4609	ejection.effect.formulas
/data/user/0/ejection.effect.formulas/[email protected]	4609	ejection.effect.formulas
/data/user/0/ejection.effect.formulas/[email protected]	4609	ejection.effect.formulas
/data/user/0/ejection.effect.formulas/[email protected]	4609	ejection.effect.formulas

ejection.effect.formulas
1⤵
- Loads dropped Dex/Jar
PID:4609

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ejection.effect.formulas/.jiagu/libjiaguv2.so

Filesize
277KB

MD5
94884d288d94d53381f179b97d91b160

SHA1
1c274cdb2388e27af3f1281d29234872d13e7414

SHA256
a84e99701323e03c0f7f902c3470c3ca449bf21b5dd3511bafdc475d8aac45a8

SHA512
43ba85965ca30448515a0326fe55b4d76ae9f46d66d14308386003ebf275dd8683c1456c221b31f0ad0aebab3ada5cfa8e9455ec4073973d43483a38256c122a

Download Submit
/data/user/0/ejection.effect.formulas/[email protected]

Filesize
718KB

MD5
e174dc992f43a402824a9a41eaef250e

SHA1
e714341a57c9569e24419f52a19fb83b362e3257

SHA256
3c853bd8eac8edeeb4463834b6866c2a22fcedd0f5034ee567e5f7c532473c6e

SHA512
9a88e361e72389108be765a0162e3b96b3a81a9ce840e9b3934b17724c20887eea2bf423ac61cc6354a7093027df010cebf0ffa4758ebd2c986effb7e0ba10cd

Download Submit
/data/user/0/ejection.effect.formulas/[email protected]!classes2.dex

Filesize
746KB

MD5
aa0279f3729652944638d7eb1775b49d

SHA1
40c3f940b7663afa310d7f822854f830ba938eaf

SHA256
a836611e4b559aa9cf1111ab379f480eb7a794b3f53ad33f2dc4239c5711dbce

SHA512
24d21b22032d5db280fc0783fee27eba2346c0ae0b009809231ac82d9ffe62c22fd145905b6d0685ca7284dc76f6adbfa173f1dadfdeebbecc2356219005aa55

Download Submit
/data/user/0/ejection.effect.formulas/[email protected]!classes3.dex

Filesize
689KB

MD5
f9a0b9cfafe6e6edbbcaa01e05a09b39

SHA1
82fc791073860257a48708f7cfaeede66b2996f9

SHA256
540a4c3eba1128ba447ebef4d1ef8234c433ed1e42c7a3cc170d80fd04e8a4b1

SHA512
8b847ccd918f05ac7695e078ae3508e90f64389eebc0e71d598c07a24e9de6bd90869d49f608bcbc5a0c0999755ea0b69f64df5e91fa72cf95fa71ff1eca9214

Download Submit
/data/user/0/ejection.effect.formulas/oat/x86_64/[email protected]

Filesize
936B

MD5
a057feb7b2b51e0e3b6b30171e55dcdf

SHA1
ab769307cba5681282ae4d2ef0a1aff27798777b

SHA256
1d1abff4614ae2713d15a7244033bb019c335a568605a4c48180fa98afd46bb4

SHA512
bae2fcc10838500fe4f7c429b915759d123bacd6fefbe5fdc2725296d5287996dfce5c7b7b0b8cdadc590dc5fe951d85a164a87c04549d487d25bc23bd4621c6

Download Submit