soumnibot | 1c38aab04f9a90b1948648c1a9882ee97d8335d7238e1a379d45023fff8c3a94

Analysis

max time kernel
148s
max time network
157s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c38aab04f9a90b1948648c1a9882ee97d8335d7238e1a379d45023fff8c3a94.apk
Size

2.6MB
MD5

bb2396418a8bbc7f0a498b6ab1b51c80
SHA1

5ecdd10e6b127aee65e5b4e2938fa77fe40403bd
SHA256

1c38aab04f9a90b1948648c1a9882ee97d8335d7238e1a379d45023fff8c3a94
SHA512

2bb6e89f31ed24f332b6d5e7723ea2695bf44053a3c4f968b184e221a227bed54788d3aac0f37ee6ecf444cbd0424c2ddf2108db9006aa80bc7d486baee3fa46
SSDEEP

24576:NoAB4m51+WtE0vc2tAsuVwnwANMOl21G8yxmGnPATC2Mk:yAaJWu0YVaadyaC2F

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/erwgo.wefpvsodews.cvdesv/app_erwgo.wefpvsodews.cvdesv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4480	erwgo.wefpvsodews.cvdesv

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	erwgo.wefpvsodews.cvdesv

erwgo.wefpvsodews.cvdesv
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4480

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/erwgo.wefpvsodews.cvdesv/app_erwgo.wefpvsodews.cvdesv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
4b0927f8864dd36524fb989cca8be877

SHA1
99ee4b6cca1e5d337febb4e6c5ea464c55fa37c5

SHA256
33e6992f7e031673ffc848e9eb68148a7170f87583ca08deeab16c242fd45dd3

SHA512
a0f1bd12bf90939e243798e6ae29fce848a83c426426e3de283a6858af7cb8d92270bab2cd78eb65ac7d85ec71d94a942f0c0b2b60ff7cd4998062b924584272

Download Submit