axbanker | k[.]apk

General

Target

k.apk
Size

11.5MB
MD5

b99cf5306061f789e9af0537f1ae9864
SHA1

db873fa32ac4931842cb6527d2ff6f26245af56b
SHA256

378faad6d14e731622c399580bf91c1b7fab9495ef0cede3b1e9cc82fe3bb5c4
SHA512

c6a8f43113a8be148fcaf46329cc9d77488f420cf97a1e9a6f0d86c3f6a63f3140f38d957a5c25e46cd0ba69df531f0127a07dacd4892071469fb5e22514842b
SSDEEP

196608:zRynd0gb66s0BbzgroSUrcSA7R03yJi9y9ohuna6wz5Z07dz6YhT13A:Ny2gua+/UrcSAVJAy0un2YdzxhT13A

Score

10^/10

axbanker

Malware Config

Extracted

Family

axbanker

C2

https://addreward.in/api/user/sms

https://addreward.in/api/user/step2

https://newax-d7dc6-default-rtdb.firebaseio.com

Signatures

Axbanker family
axbanker

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS

Files

k.apk
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.play.googleprotected

com.play.googleprotect.SplashActivity

Activities

com.play.googleprotect.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INSTANT_APP_FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.SEND_SMS

Receivers

com.play.googleprotect.MyReceiver

com.example.autostart.ACTION_IMPLICIT_BROADCAST
com.example.autostart.ACTION_EXPLICIT_BROADCAST
android.provider.Telephony.SMS_RECEIVED

Services
hook.apk
.apk android arch:arm64 arch:x86 arch:x64 arch:arm

com.play.googleprotected

com.play.googleprotect.SplashActivity

Activities

com.play.googleprotect.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INSTANT_APP_FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.SEND_SMS

Receivers

com.play.googleprotect.MyReceiver

com.example.autostart.ACTION_IMPLICIT_BROADCAST
com.example.autostart.ACTION_EXPLICIT_BROADCAST
android.provider.Telephony.SMS_RECEIVED

Services

Android Permissions

k.apk

Permissions

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.READ_SMS

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.INSTANT_APP_FOREGROUND_SERVICE

android.permission.FOREGROUND_SERVICE

android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.SEND_SMS

Sharing

General

Malware Config

Extracted

Signatures

Files

com.play.googleprotected

com.play.googleprotect.SplashActivity

Activities

com.play.googleprotect.SplashActivity

Permissions

Receivers

com.play.googleprotect.MyReceiver

Services

com.play.googleprotected

com.play.googleprotect.SplashActivity

Activities

com.play.googleprotect.SplashActivity

Permissions

Receivers

com.play.googleprotect.MyReceiver

Services

Android Permissions

k.apk