soumnibot | 1289995a5ce4623b288106e6a98448bc7859bd452ddfd33703399362db18659f

Analysis

max time kernel
149s
max time network
150s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
03/04/2025, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1289995a5ce4623b288106e6a98448bc7859bd452ddfd33703399362db18659f.apk
Size

2.6MB
MD5

246f4002ebdc7f3eac3044799af301d5
SHA1

46bd2208878fc72016e7155f872fea7b74a030ed
SHA256

1289995a5ce4623b288106e6a98448bc7859bd452ddfd33703399362db18659f
SHA512

29ad303e4bd9e30c65df3695ab864ed8958cffab5570d196a5443b47062f8c1986398e110a17a3edd980139b39f9c2e6509761bbf0c8f639650daf19f5bff9b6
SSDEEP

24576:d4m51+WtE0Tmv8iZ32NNl4jo29SD/mzONPJrpjhDpvVq5rKKPqXbl9FpGPg69nf6:+JWu0To2NI9SDjPHj3ONCkm

Score

10^/10

soumnibot banker defense_evasion evasion infostealer trojan

Malware Config

Signatures

Android SoumniBot payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_soumnibot

SoumniBot
SoumniBot is an Android banking trojan first seen in April 2024.
trojan infostealer banker soumnibot
Soumnibot family
soumnibot

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/rgvk.ewpfver.welfdv/app_rgvk.ewpfver.welfdv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs	4465	rgvk.ewpfver.welfdv

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	rgvk.ewpfver.welfdv

rgvk.ewpfver.welfdv
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4465

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rgvk.ewpfver.welfdv/app_rgvk.ewpfver.welfdv.AAbaseZZ.AABaseApplicationZZ/newobfs/0.pobfs

Filesize
1.8MB

MD5
7ee51b48af5a90d9a9d4cfdda66a7dd6

SHA1
fc0b1eb14d57713c0317d92c5ec04b44411776a1

SHA256
3c1d79f373a3084cd39e386072391733fb1d62f8caba95bd2cbc1b3f052e5e8b

SHA512
fa5627ab9e269bc05c28948fef87081eb94fc7d67074f7a1c304ac035a2ee5423866b5b96d10d86505c94a36ed867fb8785691a4cd8f9dc93119a1cdd000bd22

Download Submit