soumnibot | 412e23459f733b4bb0e5a173624457c632e04397e364ea5a503e71e93526efe7

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
03/04/2025, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

412e23459f733b4bb0e5a173624457c632e04397e364ea5a503e71e93526efe7.apk
Size

2.6MB
MD5

11a00096901c5ed14f17a7fe9ba557ec
SHA1

69e2536f36d1a93ee60d2abec3302c27a07f9d9d
SHA256

412e23459f733b4bb0e5a173624457c632e04397e364ea5a503e71e93526efe7
SHA512

15c93c2aab90fed667140e346a1d6fc701ea4b44c1f32297d9af02786d927c6845058c283d412bc065ce830b635f1b3ce7769f3c861411afba9f2de89d705a07
SSDEEP

24576:sr4m51+WtE0+gDdgm8xrroKlyAkbrIGhWUlEcsQVfCdLZ:9JWu0ddgm8xx2dWcEcJCdt

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/redkg.weogfivre.wefo/app_redkg.weogfivre.wefo.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4813	redkg.weogfivre.wefo
/data/user/0/redkg.weogfivre.wefo/app_redkg.weogfivre.wefo.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4813	redkg.weogfivre.wefo

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	redkg.weogfivre.wefo

redkg.weogfivre.wefo
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4813

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/redkg.weogfivre.wefo/app_redkg.weogfivre.wefo.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
76e278b1eaef9af6f0f3213b4929a410

SHA1
1eefd46911b1c942faad63a4dd06733e1653f732

SHA256
2b28c9f7297ec972878364d7748414b0da54a31f42c004655c29eeefd47259b4

SHA512
d7f5a042e22429c064498bef6b5211a851f3a16612973b852dc9731520f9246ccc3ff64865fd6d09649b1730df14b6dd4742ec11a9ab59f0415de504bc023f13

Download Submit