Analysis
-
max time kernel
56s -
max time network
67s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
12/08/2024, 16:23 UTC
Behavioral task
behavioral1
Sample
fa82ebade3c00934194f75f93f9086bd.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
fa82ebade3c00934194f75f93f9086bd.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
fa82ebade3c00934194f75f93f9086bd.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
fa82ebade3c00934194f75f93f9086bd.apk
-
Size
5.4MB
-
MD5
fa82ebade3c00934194f75f93f9086bd
-
SHA1
44e10c86744e8062e994509a8da26efb26d70cea
-
SHA256
12916e7243ac4d13afb5ec33f8bd3ec400a85da5329d02d0c3b70b53fb273d9d
-
SHA512
c00696db817f45939df8810307f75c645e8ef25a65795ac175a58d0f70dbd13c953622c43e7239768fe343c0743621c7b451c064f0741fd8b9ece1717b3ca346
-
SSDEEP
98304:kud41M2lX7EsrjiEQq9qgtdICtrS2FaYppQfMba2KcpetQobs37eV7b/X8dbeG:ko41M2lqEtJzIyS2jQUDgTsgb/E
Malware Config
Signatures
-
AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.example.manibroic
Processes
Network
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.204.72
-
Remote address:1.1.1.1:53Requestpointwinoffer.co.inIN AResponse
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.200.14
-
Remote address:1.1.1.1:53Requestg.tenor.comIN AResponseg.tenor.comIN CNAMEtenor.googleapis.comtenor.googleapis.comIN A216.58.212.202tenor.googleapis.comIN A142.250.179.234tenor.googleapis.comIN A142.250.187.202tenor.googleapis.comIN A142.250.200.42tenor.googleapis.comIN A216.58.212.234tenor.googleapis.comIN A142.250.180.10tenor.googleapis.comIN A142.250.178.10tenor.googleapis.comIN A142.250.200.10tenor.googleapis.comIN A172.217.169.10tenor.googleapis.comIN A172.217.169.74tenor.googleapis.comIN A216.58.213.10tenor.googleapis.comIN A216.58.204.74tenor.googleapis.comIN A172.217.169.42tenor.googleapis.comIN A172.217.16.234tenor.googleapis.comIN A142.250.187.234tenor.googleapis.comIN A216.58.201.106
-
1.3kB 5.9kB 9 9
-
857 B 40 B 1 1
-
2.8kB 7.0kB 10 15
-
430 B 40 B 2 1
-
8.3kB 9.6kB 25 37
-
1.7kB 8.0kB 11 14
-
3.3kB 10
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
216.58.204.72
-
65 B 118 B 1 1
DNS Request
pointwinoffer.co.in
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.200.14
-
57 B 344 B 1 1
DNS Request
g.tenor.com
DNS Response
216.58.212.202142.250.179.234142.250.187.202142.250.200.42216.58.212.234142.250.180.10142.250.178.10142.250.200.10172.217.169.10172.217.169.74216.58.213.10216.58.204.74172.217.169.42172.217.16.234142.250.187.234216.58.201.106