soumnibot | 34bac84af1e3e8fbb878b10aaff53b5222d5fa89a0c7e8e1248c1d357a68cc6c | Triage

Sharing

General

Target

34bac84af1e3e8fbb878b10aaff53b5222d5fa89a0c7e8e1248c1d357a68cc6c.bin
Size

2.6MB
Sample

250328-13wl4atpz4
MD5

9a37898745812328541414fe804542b5
SHA1

2bcdf78aa322d5379f3c61fd386f102eb4b4ed14
SHA256

34bac84af1e3e8fbb878b10aaff53b5222d5fa89a0c7e8e1248c1d357a68cc6c
SHA512

24e0dd0db99b5745680afa4fa9f835208c86c17e7af9ffc299d41ff06e7ae60306569e1668e2764c68c8ac797579d6685638b3cbd1974a7f9fc792d8a90ddfe7
SSDEEP

24576:ns4m51+WtE0j05HisjAYVBdeVpn0lWnsz0/volF8XWP+QUZBE+KQqluHYckXbu9G:7JWu0CpjpKIFgLtxxqwOCAu4

Score

10^/10

soumnibot android banker defense_evasion evasion infostealer trojan

Malware Config

Targets

- Target
  
  34bac84af1e3e8fbb878b10aaff53b5222d5fa89a0c7e8e1248c1d357a68cc6c.bin
- Size
  
  2.6MB
- MD5
  
  9a37898745812328541414fe804542b5
- SHA1
  
  2bcdf78aa322d5379f3c61fd386f102eb4b4ed14
- SHA256
  
  34bac84af1e3e8fbb878b10aaff53b5222d5fa89a0c7e8e1248c1d357a68cc6c
- SHA512
  
  24e0dd0db99b5745680afa4fa9f835208c86c17e7af9ffc299d41ff06e7ae60306569e1668e2764c68c8ac797579d6685638b3cbd1974a7f9fc792d8a90ddfe7
- SSDEEP
  
  24576:ns4m51+WtE0j05HisjAYVBdeVpn0lWnsz0/volF8XWP+QUZBE+KQqluHYckXbu9G:7JWu0CpjpKIFgLtxxqwOCAu4
Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdefense_evasionevasioninfostealertrojan