axbanker | 378faad6d14e731622c399580bf91c1b7fab9495ef0cede3b1e9cc82fe3bb5c4 | Triage

Analysis

max time kernel
3224432s
max time network
137s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
11/11/2023, 20:59

Sharing

Report Analysis Logs

General

Target

k.apk
Size

11.5MB
MD5

b99cf5306061f789e9af0537f1ae9864
SHA1

db873fa32ac4931842cb6527d2ff6f26245af56b
SHA256

378faad6d14e731622c399580bf91c1b7fab9495ef0cede3b1e9cc82fe3bb5c4
SHA512

c6a8f43113a8be148fcaf46329cc9d77488f420cf97a1e9a6f0d86c3f6a63f3140f38d957a5c25e46cd0ba69df531f0127a07dacd4892071469fb5e22514842b
SSDEEP

196608:zRynd0gb66s0BbzgroSUrcSA7R03yJi9y9ohuna6wz5Z07dz6YhT13A:Ny2gua+/UrcSAVJAy0un2YdzxhT13A

Score

10^/10

axbanker banker infostealer

Malware Config

Extracted

Family

axbanker

C2

https://addreward.in/api/user/sms

https://addreward.in/api/user/step2

https://newax-d7dc6-default-rtdb.firebaseio.com

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS

com.play.googleprotected
1⤵
PID:4246

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.play.googleprotected/files/hook.apk

Filesize
7.5MB

MD5
1b5b4f58439ad53f2490d788143e4513

SHA1
ee68632819d10b2b7d3429dd70ce2e1d8b63c853

SHA256
e72e1a04462cca65fb2964896a11a50dbab592e40c669ccef6a0d792c9044415

SHA512
6b4b6e6884031a25e1c63567080dc6abb473a136ffd4f5d3c4585f7a727f321ca8855fb6ddda41e8663bd5a5624d8937e15992d0a69053c1de94c74cffc877b1

Download Submit