soumnibot | e3550ca2582b25b317c0986a52fcc62aaa5d9276de29f2fd3ffc4271f574fe36

Analysis

max time kernel
149s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
03/04/2025, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3550ca2582b25b317c0986a52fcc62aaa5d9276de29f2fd3ffc4271f574fe36.apk
Size

2.6MB
MD5

58f6382594c17138dfce9dfc4d0f0bea
SHA1

9cfe23681990c1946bfaae57cc5114c32b33c766
SHA256

e3550ca2582b25b317c0986a52fcc62aaa5d9276de29f2fd3ffc4271f574fe36
SHA512

fec75f9571a90d4e7b034ab3fde48079a9c4242793cde85af6ee9cf5c2eb608494f0f1ca090986a6ad8f9dde330f841a4915506acd9f451b95be83f27906072f
SSDEEP

24576:ytr4m51+WtE03b8tud2JdFUji7CXQqWKxiHTPbQnCr0k:tJWu0gtuYhUjiMWOiHbEnCrv

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sdgvkfdr.sepdwgvo.edrgv/app_sdgvkfdr.sepdwgvo.edrgv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4791	sdgvkfdr.sepdwgvo.edrgv
/data/user/0/sdgvkfdr.sepdwgvo.edrgv/app_sdgvkfdr.sepdwgvo.edrgv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4791	sdgvkfdr.sepdwgvo.edrgv

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	sdgvkfdr.sepdwgvo.edrgv

sdgvkfdr.sepdwgvo.edrgv
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4791

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/sdgvkfdr.sepdwgvo.edrgv/app_sdgvkfdr.sepdwgvo.edrgv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
beea5ce066c3353c7e40cec793699808

SHA1
242b22aa349cb43b4429d09ecdb4b3c3a34fce03

SHA256
42c58d349473fa97a5b3a415a1b53e153313b0cbf1c7adf96bf96182878446cc

SHA512
2e7706c64d5a0b3a3487987c9fba986483079f3a8726c551e3cd93c8d3ce79c09b1977442589440a844fb1e82033f31641bbf6c313ab3920cdf47c8ca2edbe13

Download Submit