soumnibot | c95bfdf32b2232f236c246212f1588bbfa98cc3da4f1764586b7593ac7b98b4d

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
03/04/2025, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c95bfdf32b2232f236c246212f1588bbfa98cc3da4f1764586b7593ac7b98b4d.apk
Size

2.6MB
MD5

108e51664fae751b4b545dc08bf3d03f
SHA1

e6c16f71832878d01c5235ff72b92d48dd514208
SHA256

c95bfdf32b2232f236c246212f1588bbfa98cc3da4f1764586b7593ac7b98b4d
SHA512

e0d4cac1d15cad2f5d2ded6768a681491fbcaad5a513622425a053ac050db3c148a0464f7a61656f580be86a8483fa293fd275dc80a6d4421a0566b835fe2962
SSDEEP

24576:Qi4m51+WtE0POFeyWZDI6lQpwl799wOtrBHxuce41MiJjV9CWOFO:QhJWu0WIlVe41MmrCW+O

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/redfgbl.wepgoer.ewlsgd/app_redfgbl.wepgoer.ewlsgd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4643	redfgbl.wepgoer.ewlsgd
/data/user/0/redfgbl.wepgoer.ewlsgd/app_redfgbl.wepgoer.ewlsgd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4643	redfgbl.wepgoer.ewlsgd

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	redfgbl.wepgoer.ewlsgd

redfgbl.wepgoer.ewlsgd
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4643

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/redfgbl.wepgoer.ewlsgd/app_redfgbl.wepgoer.ewlsgd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
0a1e4ed69bcb9e8cac192460ea2a713b

SHA1
702f6dda8bdb1fb9d7b379c0763ba6beac3c2833

SHA256
d19535560b0d1852faed7ade8fbff98d6196fae863b0927f6c71aa92199139c6

SHA512
52bbc93856707ab83136481c6c1549b32fcfe09f4c836e8dca02c078dbbac090fa08e9087a9fe39f1920b607a9ea5cf8caa076439195fba0d5d6acef10921e97

Download Submit