axbanker | da78aa845bc87543786ba89f6fb707e0c7ea433cef161b0cb53f039ce9909565

Analysis

max time kernel
8s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/08/2024, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e39d98a97b9ffdda3251148ce6aabdd.apk
Size

15.0MB
MD5

7e39d98a97b9ffdda3251148ce6aabdd
SHA1

76964b9f2ec5018ce5ab268608235bd4cbd79873
SHA256

da78aa845bc87543786ba89f6fb707e0c7ea433cef161b0cb53f039ce9909565
SHA512

a522b75f871cf7a32526e66a5f932fda9d0e489aa2e293948a32278d517e896f2101e2edae89b5224db9c860ff4ced5bccdb051c10dbb6ae648f9280fd00c457
SSDEEP

393216:ziT2xVikSMGYOpmD98dLKKtborzTN5sPI:mKxU6Op1ZEzb

Score

10^/10

axbanker banker infostealer persistence

Malware Config

Extracted

Family

axbanker

https://newax-d7dc6-default-rtdb.firebaseio.com

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an instant app to create foreground services.	android.permission.INSTANT_APP_FOREGROUND_SERVICE

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.playrix.donow

com.playrix.donow
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.playrix.donow/files/profileInstalled

Filesize
24B

MD5
ad0828693e8753c55dbcf28888cd78ff

SHA1
903d4fcb1a99ec2f2c8dc7d228cb6cbc45118ff2

SHA256
dce4fe00772a4c12e63951b3bdefb94122b742cfcfdbb937367294a308ca95b6

SHA512
bc187811f0e1ac660617a0574986d374e4e8c5955417ca4780a2b9332e4b32d2f97e1cee2bc0f66127a3a4623d4e78ea682210ebfed813d90aaa795201ec100d

Download Submit
/data/data/com.playrix.donow/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
7ee5978a9aa8bc6d827c2d3346e24c7d

SHA1
09bc9f5df39eb890ca96e239b47e6d55d92a9c97

SHA256
83c97ed7ab2ec074af3e087bd3fd19cc4339cf93cd5ab2dbbdcd5ab57f07e5fd

SHA512
c5870624fa3146a61813e15bfbf7ec39714f57b7e35da1e24b3caaba4bc5c92a04d68d57e121a6d010c72016e1e6cdb3b3ec256d2dab5917a1e2c5987834aae0

Download Submit
/data/data/com.playrix.donow/origin.apk

Filesize
14.8MB

MD5
e5142d7c118a806b5a42bbc624f490fb

SHA1
5bbe9a1737062f2bee84c838bce8948addcd9641

SHA256
1b0a086993708469bd00801c6ec2669d6dcb8b2098f539759514712ceb6be230

SHA512
c0e607abda9f1e02e480cc60945077a16211c9e831176dd7d9ad0a2df995ac54b18929b78a3e8013d75089cba3ebdf529c2d91a7e248ed7c7c95ff72adb8dc06

Download Submit
/data/misc/profiles/cur/0/com.playrix.donow/primary.prof

Filesize
2KB

MD5
9539eefa6573c0887cce14862efe166a

SHA1
186736407ba688eb172c9baf656f6bcf2e0acadb

SHA256
71163417995c6dddfc8b6c267caf5351507ad85514e4c218d02c05adedf0d74d

SHA512
1afa128fc8d35eacdcf0b9ee24458dde82c1ea4a12e4e6999ca4fd2278dfc230e863783b92de1708eb8725b45276e15390e824a6a8b6fafc2a1275943ae8c60c

Download Submit