soumnibot | 18da57a33d77b2c2f48563fdd3cb9395cf697489a5d59c58106625237642b6f7

Analysis

max time kernel
149s
max time network
161s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18da57a33d77b2c2f48563fdd3cb9395cf697489a5d59c58106625237642b6f7.apk
Size

2.6MB
MD5

136db3170521d0ace9e88a1ac03d662d
SHA1

995170d58bce51fadb5277ae9f6db803123bfea1
SHA256

18da57a33d77b2c2f48563fdd3cb9395cf697489a5d59c58106625237642b6f7
SHA512

4e3bd05da73ee3062ade2e174c1324adb5ef227ddd17ffbbf22b789b13c3e9cfe2a7fff441df4a3bed95ed5d363e9bb17ebb08c173f894b28271d1144909d6dd
SSDEEP

24576:lztsuy4m51+WtE0VCjP+GdPlKopoK7dduEjArPu9feO2P9PERIQrkEl5zz5HGHVb:pJWu0VCj+ksgrdduEkG3N9cK43

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/wegkk.wepfvger.ergfv/app_wegkk.wepfvger.ergfv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4511	wegkk.wepfvger.ergfv

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	wegkk.wepfvger.ergfv

wegkk.wepfvger.ergfv
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4511

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/wegkk.wepfvger.ergfv/app_wegkk.wepfvger.ergfv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
6b0abb491328617d89d71e21a08afe80

SHA1
0e4d594bd155be0eb4b651fa20c153fd0899a203

SHA256
5a7e346101caefb4f1ef449dc6f4b2fe86aa72f617a2db0300f2d45acc10407b

SHA512
b5a1d9dc8cb707dff641ac9904bc0a0fb548d07079161eb09a3abf085a84e2e5a1528875e60808ee31226ed6264d7848799731599c0bc3712cbd8ac871313589

Download Submit