soumnibot | 116e89a276ed2ea060146a0b737c90666d4a64a71cc4369bcc427ee5d86c39e8

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
03/04/2025, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

116e89a276ed2ea060146a0b737c90666d4a64a71cc4369bcc427ee5d86c39e8.apk
Size

4.5MB
MD5

04fd1eea3da308190c90db6605e27f41
SHA1

a2d3244120aab2a12247d3930679ea45db16f80e
SHA256

116e89a276ed2ea060146a0b737c90666d4a64a71cc4369bcc427ee5d86c39e8
SHA512

c8e40b4b3a3c1a02c55de62f167a2c5e3b5197f3daf403158356ad6cb41510348b7e20777f3de110746ffcbe4b15aa2632f4d5f898467a0c05948d6a63a3a8d8
SSDEEP

49152:0JWu0kCiSbSjQC3G3FbERkk8EWo8Q3mXX:0c6S+QZERkktiX

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 2 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot
behavioral1/files/fstream-4.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/rekvgre.wepfcoewd.rvldes/app_rekvgre.wepfcoewd.rvldes.AAbaseZZ.AABaseApplicationZZ/newobfs/1.pobfs	4729	rekvgre.wepfcoewd.rvldes
/data/user/0/rekvgre.wepfcoewd.rvldes/app_rekvgre.wepfcoewd.rvldes.AAbaseZZ.AABaseApplicationZZ/newobfs/1.pobfs	4729	rekvgre.wepfcoewd.rvldes

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	rekvgre.wepfcoewd.rvldes

rekvgre.wepfcoewd.rvldes
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4729

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rekvgre.wepfcoewd.rvldes/app_rekvgre.wepfcoewd.rvldes.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
9722de19868c4cd42ae277a7630a139e

SHA1
feef47d0634a406a178f504951bf719b7f325028

SHA256
38dc7b97b7efddadc5ded086383b92e8ca10fc6cd27adf50250d7060f1ccb0b7

SHA512
95d0a9ed2105195eb054571cb67762f6247639667ae9533d5f33f5f94b87b9ba776a21096082eeabeb91946109701bac9dab8c271a4baba2ca83c2e41ec64d32

Download Submit
/data/user/0/rekvgre.wepfcoewd.rvldes/app_rekvgre.wepfcoewd.rvldes.AAbaseZZ.AABaseApplicationZZ/newobfs/1.pobfs

Filesize
1.8MB

MD5
56d704e5b6d06f64194f58d7d551af98

SHA1
9eea5661eb411cd786e8f603bb12ad64925ea38f

SHA256
81f47fce2642304aa761a5ea1cb044a85380b9302401890312c477545c635a4f

SHA512
7e6e5fd6cb43b65712e0764191af7a7cc39e10eea47ac2951dbe39444e71c40f1fa4189afc85abaa43e1c5bd13cd6943bc48217172834e0d07d345683f7fe9cf

Download Submit