soumnibot | 4104f308c20a0f344a4659d25c808a9105a572893098c098f0199343f4f37bb3 | Triage

Sharing

General

Target

4104f308c20a0f344a4659d25c808a9105a572893098c098f0199343f4f37bb3.bin
Size

2.6MB
Sample

250328-13znrasvas
MD5

ccf1288271c0f4eac8ba0778ced06a29
SHA1

aded11e7ae1e69eb3d7a87bd8aff35e2e4c70747
SHA256

4104f308c20a0f344a4659d25c808a9105a572893098c098f0199343f4f37bb3
SHA512

09ba6de064ba81b10a391f1e65921737adb7f436bea988fac42e4b0f2ea970ebecd05fa92e0d093377412c7f10d9ce03f5227755a4471636c97e0060b7d5a5b3
SSDEEP

24576:2L4m51+WtE03dISnIZEse+3p1YOutX3xc+PJQR4/S2jHqULC8qCXbv9xcZPBQ9kr:7JWu0Geecn2AtUxTC5i

Score

10^/10

soumnibot android banker defense_evasion evasion infostealer trojan

Malware Config

Targets

- Target
  
  4104f308c20a0f344a4659d25c808a9105a572893098c098f0199343f4f37bb3.bin
- Size
  
  2.6MB
- MD5
  
  ccf1288271c0f4eac8ba0778ced06a29
- SHA1
  
  aded11e7ae1e69eb3d7a87bd8aff35e2e4c70747
- SHA256
  
  4104f308c20a0f344a4659d25c808a9105a572893098c098f0199343f4f37bb3
- SHA512
  
  09ba6de064ba81b10a391f1e65921737adb7f436bea988fac42e4b0f2ea970ebecd05fa92e0d093377412c7f10d9ce03f5227755a4471636c97e0060b7d5a5b3
- SSDEEP
  
  24576:2L4m51+WtE03dISnIZEse+3p1YOutX3xc+PJQR4/S2jHqULC8qCXbv9xcZPBQ9kr:7JWu0Geecn2AtUxTC5i
Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdefense_evasionevasioninfostealertrojan