soumnibot | bd1890adf40b4f70412647a1161a3205e7dba9a97ee044e50954a57c516b5b9a

Analysis

max time kernel
149s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd1890adf40b4f70412647a1161a3205e7dba9a97ee044e50954a57c516b5b9a.apk
Size

2.6MB
MD5

1c07209715317bd5443c745abf97b352
SHA1

e6c1beb5efc199fe6c1393c9b3a040d97be510de
SHA256

bd1890adf40b4f70412647a1161a3205e7dba9a97ee044e50954a57c516b5b9a
SHA512

161509ce403d90f1e31ca08755d142ed2aa1e6d66ff3a7e6125d371d3e6b0745e534b539209e3939b1a339d99dfbf4dcb39056223ed9c1dc4dd934bf8a2f47e7
SSDEEP

24576:sr4m51+WtE0+gDdgm8xrroKlyAkbrIGhWUlEcsQVfCFRa:9JWu0ddgm8xx2dWcEcJCFY

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/redkg.weogfivre.wefo/app_redkg.weogfivre.wefo.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4469	redkg.weogfivre.wefo

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	redkg.weogfivre.wefo

redkg.weogfivre.wefo
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4469

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/redkg.weogfivre.wefo/app_redkg.weogfivre.wefo.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
76e278b1eaef9af6f0f3213b4929a410

SHA1
1eefd46911b1c942faad63a4dd06733e1653f732

SHA256
2b28c9f7297ec972878364d7748414b0da54a31f42c004655c29eeefd47259b4

SHA512
d7f5a042e22429c064498bef6b5211a851f3a16612973b852dc9731520f9246ccc3ff64865fd6d09649b1730df14b6dd4742ec11a9ab59f0415de504bc023f13

Download Submit