axbanker | ap[.]apk

General

Target

ap.apk
Size

9.4MB
MD5

aaf7ad9e94e3d6a974011088bdaa5129
SHA1

7235adcbaab01d1ed8f188fc30ddd7292859863e
SHA256

e1a006f8758618539d5d414262da6559f5896389786026c851bde4a8e4d8c618
SHA512

a9cec017579b2365fcaef18a41defedf21d9dc67ac64d0dd9fac67269f58214361d3cc591c62797a365c71576644cd9e698ccc90364f94481c0ed46f35de59a7
SSDEEP

196608:gF6agaCPa7sUtW5mawKKGeHUp1IhQru6UDmO1YNuGVZ0Oa9t:gSaCwsUtCQ7i1eWiDmOin4Oa9t

Score

10^/10

axbanker

Malware Config

Extracted

Family

axbanker

C2

https://dchdn.in/api/user/sms

https://dchdn.in/api/user/step1

Signatures

Axbanker family
axbanker

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an instant app to create foreground services.	android.permission.INSTANT_APP_FOREGROUND_SERVICE

Files

ap.apk
.apk android

com.offer.rewardshs

com.offer.rewards.SplashActivity

Activities

com.offer.rewards.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.INSTANT_APP_FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
com.offer.rewardshs.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

com.offer.rewards.MyReceiver

com.example.autostart.ACTION_IMPLICIT_BROADCAST
com.example.autostart.ACTION_EXPLICIT_BROADCAST
android.provider.Telephony.SMS_RECEIVED

Services
hook.apk
.apk android

com.offer.rewardshs

com.offer.rewards.SplashActivity

Activities

com.offer.rewards.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.INSTANT_APP_FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
com.offer.rewardshs.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

com.offer.rewards.MyReceiver

com.example.autostart.ACTION_IMPLICIT_BROADCAST
com.example.autostart.ACTION_EXPLICIT_BROADCAST
android.provider.Telephony.SMS_RECEIVED

Services

Android Permissions

ap.apk

Permissions

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.READ_SMS

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

android.permission.INSTANT_APP_FOREGROUND_SERVICE

android.permission.FOREGROUND_SERVICE

android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

com.offer.rewardshs.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Sharing

General

Malware Config

Extracted

Signatures

Files

com.offer.rewardshs

com.offer.rewards.SplashActivity

Activities

com.offer.rewards.SplashActivity

Permissions

Receivers

com.offer.rewards.MyReceiver

Services

com.offer.rewardshs

com.offer.rewards.SplashActivity

Activities

com.offer.rewards.SplashActivity

Permissions

Receivers

com.offer.rewards.MyReceiver

Services

Android Permissions

ap.apk