Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    03/04/2025, 22:09

General

  • Target

    c95bfdf32b2232f236c246212f1588bbfa98cc3da4f1764586b7593ac7b98b4d.apk

  • Size

    2.6MB

  • MD5

    108e51664fae751b4b545dc08bf3d03f

  • SHA1

    e6c16f71832878d01c5235ff72b92d48dd514208

  • SHA256

    c95bfdf32b2232f236c246212f1588bbfa98cc3da4f1764586b7593ac7b98b4d

  • SHA512

    e0d4cac1d15cad2f5d2ded6768a681491fbcaad5a513622425a053ac050db3c148a0464f7a61656f580be86a8483fa293fd275dc80a6d4421a0566b835fe2962

  • SSDEEP

    24576:Qi4m51+WtE0POFeyWZDI6lQpwl799wOtrBHxuce41MiJjV9CWOFO:QhJWu0WIlVe41MmrCW+O

Malware Config

Signatures

  • Android SoumniBot payload 1 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

  • Soumnibot family
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • redfgbl.wepgoer.ewlsgd
    1⤵
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4643

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/redfgbl.wepgoer.ewlsgd/app_redfgbl.wepgoer.ewlsgd.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

    Filesize

    1.8MB

    MD5

    0a1e4ed69bcb9e8cac192460ea2a713b

    SHA1

    702f6dda8bdb1fb9d7b379c0763ba6beac3c2833

    SHA256

    d19535560b0d1852faed7ade8fbff98d6196fae863b0927f6c71aa92199139c6

    SHA512

    52bbc93856707ab83136481c6c1549b32fcfe09f4c836e8dca02c078dbbac090fa08e9087a9fe39f1920b607a9ea5cf8caa076439195fba0d5d6acef10921e97