axbanker | 78986663305100a5a4c3ec972d337303cb7162deea3a19b367c6dcbc9d88d5ad | Triage

Analysis

max time kernel
3891751s
max time network
133s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
19/11/2023, 14:21

Sharing

Report Analysis Logs

General

Target

app1.apk
Size

10.0MB
MD5

aa9123b81701d3df7af7a626fc6ce8af
SHA1

25c7b39411cc4294a07d740344f0c6df3b7a6ddf
SHA256

78986663305100a5a4c3ec972d337303cb7162deea3a19b367c6dcbc9d88d5ad
SHA512

cd42c6332a60d767610fc0ddf5faec327dfff8b271faba38b489f93fa9dc6422485b5408397a6c828dc7ea361fbc9f91a15fa0f9debe7110c0962bad695592b8
SSDEEP

196608:YlvpyVOLMeA/jvUr5ElRoBqpc51Aw9hEgTP:mpyaMeYzcOMegTP

Score

10^/10

axbanker banker infostealer

Malware Config

Extracted

Family

axbanker

C2

https://icicistore.in/api/user/step2

https://newax-d7dc6-default-rtdb.firebaseio.com

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS

com.lulu.lulubox
1⤵
PID:4234

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lulu.lulubox/files/hook.apk

Filesize
6.5MB

MD5
1e16cd978767b23eebc897523347f6a1

SHA1
633a5e024c63177cda8d02f3fecfb88f46e9c3cf

SHA256
f239e3e5455b958fd4ab94bfd1102192686b3683d08d02ca92b899a9fb0aa500

SHA512
5e4f4b1af9d854b00672035271b014e727e0c2109dcf72a9215676de779cd8008f036004445de7712cf32763270264e70a7b493ef8c94dec6118bc0bea4b1b1e

Download Submit