Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    03/04/2025, 22:05

General

  • Target

    e3550ca2582b25b317c0986a52fcc62aaa5d9276de29f2fd3ffc4271f574fe36.apk

  • Size

    2.6MB

  • MD5

    58f6382594c17138dfce9dfc4d0f0bea

  • SHA1

    9cfe23681990c1946bfaae57cc5114c32b33c766

  • SHA256

    e3550ca2582b25b317c0986a52fcc62aaa5d9276de29f2fd3ffc4271f574fe36

  • SHA512

    fec75f9571a90d4e7b034ab3fde48079a9c4242793cde85af6ee9cf5c2eb608494f0f1ca090986a6ad8f9dde330f841a4915506acd9f451b95be83f27906072f

  • SSDEEP

    24576:ytr4m51+WtE03b8tud2JdFUji7CXQqWKxiHTPbQnCr0k:tJWu0gtuYhUjiMWOiHbEnCrv

Malware Config

Signatures

  • Android SoumniBot payload 1 IoCs
  • SoumniBot

    SoumniBot is an Android banking trojan first seen in April 2024.

  • Soumnibot family
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • sdgvkfdr.sepdwgvo.edrgv
    1⤵
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4791

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/sdgvkfdr.sepdwgvo.edrgv/app_sdgvkfdr.sepdwgvo.edrgv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

    Filesize

    1.8MB

    MD5

    beea5ce066c3353c7e40cec793699808

    SHA1

    242b22aa349cb43b4429d09ecdb4b3c3a34fce03

    SHA256

    42c58d349473fa97a5b3a415a1b53e153313b0cbf1c7adf96bf96182878446cc

    SHA512

    2e7706c64d5a0b3a3487987c9fba986483079f3a8726c551e3cd93c8d3ce79c09b1977442589440a844fb1e82033f31641bbf6c313ab3920cdf47c8ca2edbe13