axbanker | c2d8b753a7c194f0dfb9cc963a1ad41b22c4cb9ca5e80bb776eb05b3543dbdbe | Triage

Sharing

General

Target

GMRummy.apk
Size

55.1MB
Sample

240319-s9vpdafg48
MD5

9857f7d15ec172b3d1d5c28ddd3507b7
SHA1

61a629ec667baf85e364228eb0a1ea6c0030a94b
SHA256

c2d8b753a7c194f0dfb9cc963a1ad41b22c4cb9ca5e80bb776eb05b3543dbdbe
SHA512

6a40fd46f42d3978288ec46787c1cd241b36f713fe6ca9ea161e02bf9155d9fa1264a935e86def69fe611dd39df961410336f23af8ce493e2cd9d37bbc0ed705
SSDEEP

1572864:LLSQYyGSrN2JtqvakA5GJHyIYs28ZVleRHTuzCaL4:L+yGnjeXHyIW+V4T

Score

10^/10

axbanker android evasion

Malware Config

Extracted

Family

axbanker

C2

https://mega-gridlogic-rummy-default-rtdb.firebaseio.com

Targets

- Target
  
  GMRummy.apk
- Size
  
  55.1MB
- MD5
  
  9857f7d15ec172b3d1d5c28ddd3507b7
- SHA1
  
  61a629ec667baf85e364228eb0a1ea6c0030a94b
- SHA256
  
  c2d8b753a7c194f0dfb9cc963a1ad41b22c4cb9ca5e80bb776eb05b3543dbdbe
- SHA512
  
  6a40fd46f42d3978288ec46787c1cd241b36f713fe6ca9ea161e02bf9155d9fa1264a935e86def69fe611dd39df961410336f23af8ce493e2cd9d37bbc0ed705
- SSDEEP
  
  1572864:LLSQYyGSrN2JtqvakA5GJHyIYs28ZVleRHTuzCaL4:L+yGnjeXHyIW+V4T
Score

7^/10

evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Acquires the wake lock
- Checks the presence of a debugger
  evasion
- Listens for changes in the sensor environment (might be used to detect emulation)
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3