soumnibot | 13a24ae4d26c47e747a66effdfef6f6ec8782f94b303942b2eecf6d93c6e5a8b | Triage

Sharing

General

Target

13a24ae4d26c47e747a66effdfef6f6ec8782f94b303942b2eecf6d93c6e5a8b.bin
Size

2.6MB
Sample

250403-1zcptaxnt6
MD5

6bcc5cbe5a284b23357e09d2e7d78ff2
SHA1

fef5667a573c8b33719eb36ce24fbfb0f2cc630a
SHA256

13a24ae4d26c47e747a66effdfef6f6ec8782f94b303942b2eecf6d93c6e5a8b
SHA512

ed4226c0a19fabc5f4633fac6389175b72ca066ad7d29df28ffd2aeb03e4a934b31ad68e76c72c5510bc4c2e3898c0100ac07651328b71faebc9dffc9f96e122
SSDEEP

24576:aLB24m51+WtE05casQ8S+B2Wb2rv944tek8G2smMmiqNzOz2rcNNddSWRa1CVha:4JWu0Oe9YYcgNNddSvCVY

Score

10^/10

soumnibot android banker defense_evasion evasion infostealer trojan

Malware Config

Targets

- Target
  
  13a24ae4d26c47e747a66effdfef6f6ec8782f94b303942b2eecf6d93c6e5a8b.bin
- Size
  
  2.6MB
- MD5
  
  6bcc5cbe5a284b23357e09d2e7d78ff2
- SHA1
  
  fef5667a573c8b33719eb36ce24fbfb0f2cc630a
- SHA256
  
  13a24ae4d26c47e747a66effdfef6f6ec8782f94b303942b2eecf6d93c6e5a8b
- SHA512
  
  ed4226c0a19fabc5f4633fac6389175b72ca066ad7d29df28ffd2aeb03e4a934b31ad68e76c72c5510bc4c2e3898c0100ac07651328b71faebc9dffc9f96e122
- SSDEEP
  
  24576:aLB24m51+WtE05casQ8S+B2Wb2rv944tek8G2smMmiqNzOz2rcNNddSWRa1CVha:4JWu0Oe9YYcgNNddSvCVY
Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdefense_evasionevasioninfostealertrojan