soumnibot | 0f7f74948cb0fc3a5f61983eddc8b3503316e5b3c2c6720df2cbf122daf13e64 | Triage

Sharing

General

Target

0f7f74948cb0fc3a5f61983eddc8b3503316e5b3c2c6720df2cbf122daf13e64.bin
Size

2.6MB
Sample

250403-1zy8tavwbw
MD5

54d3aea9796a01bb54fd2123d8112946
SHA1

634e9d437014ab3a87c9cba2e983c12b2afcf1d5
SHA256

0f7f74948cb0fc3a5f61983eddc8b3503316e5b3c2c6720df2cbf122daf13e64
SHA512

7cd35611faa4a2b9610d458363b8c535c68caa39a5b97c9a9dcf2ff86d082cf534c04be1045bd26f0e4460df16bcd9afb49884e088219c84b5f33821447bc702
SSDEEP

24576:d4m51+WtE0Tmv8iZ32NNl4jo29SD/mzONPJrpjhDpvVq5rKKPqXbl9FpGPg69nfN:+JWu0To2NI9SDjPHj3ONCq7

Score

10^/10

soumnibot android banker defense_evasion evasion infostealer trojan

Malware Config

Targets

- Target
  
  0f7f74948cb0fc3a5f61983eddc8b3503316e5b3c2c6720df2cbf122daf13e64.bin
- Size
  
  2.6MB
- MD5
  
  54d3aea9796a01bb54fd2123d8112946
- SHA1
  
  634e9d437014ab3a87c9cba2e983c12b2afcf1d5
- SHA256
  
  0f7f74948cb0fc3a5f61983eddc8b3503316e5b3c2c6720df2cbf122daf13e64
- SHA512
  
  7cd35611faa4a2b9610d458363b8c535c68caa39a5b97c9a9dcf2ff86d082cf534c04be1045bd26f0e4460df16bcd9afb49884e088219c84b5f33821447bc702
- SSDEEP
  
  24576:d4m51+WtE0Tmv8iZ32NNl4jo29SD/mzONPJrpjhDpvVq5rKKPqXbl9FpGPg69nfN:+JWu0To2NI9SDjPHj3ONCq7
Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan
- Android SoumniBot payload
- SoumniBot
  SoumniBot is an Android banking trojan first seen in April 2024.
  trojan infostealer banker soumnibot
- Soumnibot family
  soumnibot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

soumnibotbankerdefense_evasionevasioninfostealertrojan