soumnibot | 6e6393dd8232207c08c34ce63352be9fb21153fcf918b204c745403b6ff33764

Analysis

max time kernel
149s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e6393dd8232207c08c34ce63352be9fb21153fcf918b204c745403b6ff33764.apk
Size

2.6MB
MD5

035165aee89c1ec2dbd090ec8d28152a
SHA1

7eec3eedb39e4e41b250b841f81e68510e00bac6
SHA256

6e6393dd8232207c08c34ce63352be9fb21153fcf918b204c745403b6ff33764
SHA512

8fa76d73d84d6dd06bbebeea7d581f0fe4e2413a71ec1f87173a20db95c114a32078a0e30cd210b89daf91a6b03aab958223c600bb0e2436d423cd6222d01fea
SSDEEP

24576:I4m51+WtE0OH8/4YtSjcGjsqr51btTQBWT6UaviDD5vCp6x:vJWu0OgSIGVrf6Wu5viZvCpm

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/regbrt.wepgborefd.blfgb/app_regbrt.wepgborefd.blfgb.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4432	regbrt.wepgborefd.blfgb

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	regbrt.wepgborefd.blfgb

regbrt.wepgborefd.blfgb
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4432

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/regbrt.wepgborefd.blfgb/app_regbrt.wepgborefd.blfgb.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
8e75ca3cbb8005788fd5605873d581ac

SHA1
98fe555335303adf48a1203d73400613f595e78b

SHA256
54c87d28587b1a972872b27722d11a0c9457859bd6dc3e309d5cc778e4b00b87

SHA512
b18bda8d45d1feb3b392088df560a3acd8182c3c90ff9db8223d94c6765f405d8f0318e4a98b7035a359b0aef9db17a42a7c98e22f835ad500eeb34b1f63082d

Download Submit