axbanker | df7de9341847eac57176548d04e0b447b13ed74e6ba8202f50435d28f759df66[.]bin

General

Target

df7de9341847eac57176548d04e0b447b13ed74e6ba8202f50435d28f759df66.bin
Size

4.9MB
MD5

a73175a85e3b823689f6abd9964b1141
SHA1

86df72d71212e996d10a0e7f9b2407debc5af64d
SHA256

df7de9341847eac57176548d04e0b447b13ed74e6ba8202f50435d28f759df66
SHA512

3489a85078f7efca6237a0a6dfaf7188dc7e9fbb4eaf40b02a081ec74bdb94706f27651aed94cc9dd863e18bed09b2cd5d1b264e4cb44ce319d2fd8959cdcfd4
SSDEEP

98304:PXc1FDygGMTn53Vt7/btb3fQhzhYe1MZ0clzAf7i0rcANeuunuW:U17GSn53D7j10fMZn0nNeuunx

Score

10^/10

axbanker

Malware Config

Extracted

Family

axbanker

C2

https://cardsbenefitapp.com/api/user/step1

Signatures

Axbanker family
axbanker

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an instant app to create foreground services.	android.permission.INSTANT_APP_FOREGROUND_SERVICE

Files

df7de9341847eac57176548d04e0b447b13ed74e6ba8202f50435d28f759df66.bin
.apk android

com.supercell.clashofclans

com.supercell.clashofclans.SplashActivity

Activities

com.supercell.clashofclans.SplashActivity

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INSTANT_APP_FOREGROUND_SERVICE
android.permission.FOREGROUND_SERVICE
android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
com.supercell.clashofclans.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Receivers

com.supercell.clashofclans.MyReceiver

com.example.autostart.ACTION_IMPLICIT_BROADCAST
com.example.autostart.ACTION_EXPLICIT_BROADCAST
android.provider.Telephony.SMS_RECEIVED

Services

Android Permissions

df7de9341847eac57176548d04e0b447b13ed74e6ba8202f50435d28f759df66.bin

Permissions

android.permission.RECEIVE_SMS

android.permission.SEND_SMS

android.permission.READ_SMS

android.permission.INTERNET

android.permission.ACCESS_WIFI_STATE

android.permission.ACCESS_NETWORK_STATE

android.permission.INSTANT_APP_FOREGROUND_SERVICE

android.permission.FOREGROUND_SERVICE

android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.CHANGE_WIFI_STATE

com.supercell.clashofclans.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

Sharing

General

Malware Config

Extracted

Signatures

Files

com.supercell.clashofclans

com.supercell.clashofclans.SplashActivity

Activities

com.supercell.clashofclans.SplashActivity

Permissions

Receivers

com.supercell.clashofclans.MyReceiver

Services

Android Permissions

df7de9341847eac57176548d04e0b447b13ed74e6ba8202f50435d28f759df66.bin