soumnibot | 957e3355a08179547307484398f35d2a6f5be8cabb4c21be8049ebeda2924ebb | Triage

Sharing

General

Target

957e3355a08179547307484398f35d2a6f5be8cabb4c21be8049ebeda2924ebb.bin
Size

1.4MB
Sample

250403-12vcmsvwgz
MD5

0e4f45648c8e0bf0f4d6c831d1826f62
SHA1

615594a8c11375852acee87d2dcb6a048cb3cb46
SHA256

957e3355a08179547307484398f35d2a6f5be8cabb4c21be8049ebeda2924ebb
SHA512

4a0d40cb9584bf66e508fe5e11748589e37b59197fec85b8908d98ae17428440b7cbeb3737f8a8c68434c072aafc1eedee83e5bfa06c837dfaf93fe5e4670d3c
SSDEEP

24576:5+4m51+WtE0P6+5knAK0sRcPSQwJD7LheotBTxwJj:XJWu0ivniBc7Lh7LTqJj

Score

10^/10

soumnibot android banker defense_evasion evasion infostealer trojan

Malware Config

Targets

- Target
  
  957e3355a08179547307484398f35d2a6f5be8cabb4c21be8049ebeda2924ebb.bin
- Size
  
  1.4MB
- MD5
  
  0e4f45648c8e0bf0f4d6c831d1826f62
- SHA1
  
  615594a8c11375852acee87d2dcb6a048cb3cb46
- SHA256
  
  957e3355a08179547307484398f35d2a6f5be8cabb4c21be8049ebeda2924ebb
- SHA512
  
  4a0d40cb9584bf66e508fe5e11748589e37b59197fec85b8908d98ae17428440b7cbeb3737f8a8c68434c072aafc1eedee83e5bfa06c837dfaf93fe5e4670d3c
- SSDEEP
  
  24576:5+4m51+WtE0P6+5knAK0sRcPSQwJD7LheotBTxwJj:XJWu0ivniBc7Lh7LTqJj
Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdefense_evasionevasioninfostealertrojan