soumnibot | 51161f3eb2753376f950e1d14817772c205cfc4642105360fd552be8ee49a655

Analysis

max time kernel
149s
max time network
152s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51161f3eb2753376f950e1d14817772c205cfc4642105360fd552be8ee49a655.apk
Size

2.6MB
MD5

5aab4317038fa3e7fc448af337ef0b55
SHA1

8c3e9efdccf03e61a78154233994e71250beb4d5
SHA256

51161f3eb2753376f950e1d14817772c205cfc4642105360fd552be8ee49a655
SHA512

9eda81134eeffa2920ff29c11a616c3567bf9c358cf9e8e42708632bbbc1c3da7d493ed351e782f1bf8f3d0e4259a6d67f8c1e76cf0277f4412cd55309f0818c
SSDEEP

24576:ytr4m51+WtE03b8tud2JdFUji7CXQqWKxiHTPbQnCPqPfY:tJWu0gtuYhUjiMWOiHbEnCPb

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sdgvkfdr.sepdwgvo.edrgv/app_sdgvkfdr.sepdwgvo.edrgv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4505	sdgvkfdr.sepdwgvo.edrgv

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	sdgvkfdr.sepdwgvo.edrgv

sdgvkfdr.sepdwgvo.edrgv
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4505

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/sdgvkfdr.sepdwgvo.edrgv/app_sdgvkfdr.sepdwgvo.edrgv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
beea5ce066c3353c7e40cec793699808

SHA1
242b22aa349cb43b4429d09ecdb4b3c3a34fce03

SHA256
42c58d349473fa97a5b3a415a1b53e153313b0cbf1c7adf96bf96182878446cc

SHA512
2e7706c64d5a0b3a3487987c9fba986483079f3a8726c551e3cd93c8d3ce79c09b1977442589440a844fb1e82033f31641bbf6c313ab3920cdf47c8ca2edbe13

Download Submit