soumnibot | e7e3f421e97b0d2495e6c8cd0f976ebe98f59bbc5a95252356308317c14591f3

Analysis

max time kernel
148s
max time network
156s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7e3f421e97b0d2495e6c8cd0f976ebe98f59bbc5a95252356308317c14591f3.apk
Size

2.6MB
MD5

1a7565deef17e40399b7139f1d78056b
SHA1

2538c6bf476201a7232d399772edddcd229043fa
SHA256

e7e3f421e97b0d2495e6c8cd0f976ebe98f59bbc5a95252356308317c14591f3
SHA512

15d292993827822903f67acf3b0a281163b6c3268813f9e13bd2c3b976ea00e1323151b736a3ef4703f61b3bacb5bddc775c0d6d073cafab32243e5f9bc5c4f7
SSDEEP

24576:Fe4m51+WtE0x/ZJmUxZiZ1ffWlJBb8TRAqniPKi/rDgCj5Ep9N2nDl5vzOymBVRJ:fJWu0fZpT9mTkebCvU

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/srjegvj.wepgfore.grlef/app_srjegvj.wepgfore.grlef.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4486	srjegvj.wepgfore.grlef

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	srjegvj.wepgfore.grlef

srjegvj.wepgfore.grlef
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4486

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/srjegvj.wepgfore.grlef/app_srjegvj.wepgfore.grlef.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
668ba0c47f55e381d33863b745197677

SHA1
2fdc6da4b6aa232d010bde1f166f8a98e7c31240

SHA256
20a5e3ea746d2f9ba27aaaf9166b5a0a9bf51e7e72653cb2f864c4cf21c2a6bc

SHA512
aa726283a1b2c78ccbfbb107cbac9d1be4fd82642714467eb6aca16874df3f47d3e875c8e5af651e839fd4c9200739f34084fa6adad67e9c6bb5a5a7dacac28f

Download Submit