axbanker | mpl-pro-v502[.]apk

Resubmissions

22/10/2024, 06:40

241022-hfkxzavarn 10

22/10/2024, 05:58

241022-gn77ssshlm 10

Sharing

Copy URL

Twitter E-mail

General

Target

mpl-pro-v502.apk
Size

121.1MB
MD5

6798f264a08db2916dab994afdbd31c5
SHA1

c8c2c80e7c2a1dd75352f4706cd582c9f54208ec
SHA256

8fc3a6b14a48d45143586e7d6cb3572e367d5e31b8916fa5e0b52b005fc6f230
SHA512

4ee39c32ae06df26f7f4a642f58b4e4a7f625d6cd40fd33c0c0d15b886e08fec5fe2f1c76ef078a0fadf891ea9995a62a17de28fa7b36304a58ede500ab344ab
SSDEEP

1572864:Sr8tNlwL818MYu2r0etXtaVN5+WuK+ipGAo7rQOhFoSwF9nuRRZ9fbcHuSEjgfSa:qgHwZMcrXtKN5eiG5UneRZVZDjgf5F

Score

10^/10

axbanker

Malware Config

Extracted

Family

axbanker

https://mpl-clevertap-default-rtdb.firebaseio.com

https://mpl-clevertap.firebaseio.com

Signatures

Axbanker family
axbanker

Requests dangerous framework permissions 18 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to read video files from external storage.	android.permission.READ_MEDIA_VIDEO
Allows applications to use exact alarm APIs.	android.permission.SCHEDULE_EXACT_ALARM

Files

mpl-pro-v502.apk
.apk android arch:arm

com.mpl.androidapp

com.mpl.androidapp.MPLSplashActivity

Activities

com.mpl.androidapp.MPLSplashActivity

com.mpl.androidapp.ADD_MONEY
android.intent.action.MAIN
android.intent.action.DOWNLOAD_COMPLETE
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.mpl.androidapp.react.MPLReactContainerActivity

com.mpl.androidapp.ADD_MONEY

com.facebook.CustomTabActivity

android.intent.action.VIEW
android.intent.action.VIEW

com.braintreepayments.api.BraintreeBrowserSwitchActivity

android.intent.action.VIEW

com.amazon.apay.hardened.activity.RedirectUriReceiverActivity

android.intent.action.VIEW

com.amazon.identity.auth.device.workflow.WorkflowActivity

android.intent.action.VIEW

in.juspay.hypersdk.core.CustomtabResult

android.intent.action.VIEW

org.npci.upi.security.pinactivitycomponent.GetCredential

org.npci.upi.security.pinactivitycomponent.GetCredential

Permissions

com.mpl.androidapp.permission.C2D_MESSAGE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
android.permission.WRITE_INTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.CAMERA
android.permission.READ_CONTACTS
android.permission.RECORD_AUDIO
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.READ_PHONE_STATE
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_BOOT_COMPLETED
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.BLUETOOTH
android.permission.REQUEST_DELETE_PACKAGES
android.permission.WRITE_CALENDAR
android.permission.READ_CALENDAR
android.permission.VIBRATE
android.permission.GET_PACKAGE_SIZE
android.permission.FLASHLIGHT
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_AUDIO
android.permission.PACKAGE_USAGE_STATS
android.permission.QUERY_ALL_PACKAGES
android.permission.POST_NOTIFICATIONS
android.permission.READ_MEDIA_VIDEO
android.permission.SCHEDULE_EXACT_ALARM
android.permission.USE_EXACT_ALARM
com.google.android.gms.permission.AD_ID
android.permission.ACCESS_ADSERVICES_ATTRIBUTION
android.permission.ACCESS_ADSERVICES_AD_ID
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.mpl.androidapp.permission.MIPUSH_RECEIVE
com.google.android.c2dm.permission.RECEIVE
com.android.vending.CHECK_LICENSE
com.mpl.androidapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA

Receivers

com.appsflyer.MultipleInstallBroadcastReceiver

com.android.vending.INSTALL_REFERRER

com.mpl.androidapp.updater.job.PowerConnectionReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

com.mpl.androidapp.MPLSMSBroadcastReceiver

com.google.android.gms.auth.api.phone.SMS_RETRIEVED

com.paynimo.android.payment.network.NetworkStateReceiver

android.net.conn.CONNECTIVITY_CHANGE
android.net.wifi.WIFI_STATE_CHANGED

com.smartlook.sdk.smartlook.core.referrer.ReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.clevertap.android.pushsdk.CTFirebaseMessagingReceiver

com.google.android.c2dm.intent.RECEIVE

com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver

com.google.android.c2dm.intent.RECEIVE

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.freshchat.consumer.sdk.receiver.FreshchatReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.LOCALE_CHANGED
android.intent.action.MY_PACKAGE_REPLACED

com.freshchat.consumer.sdk.receiver.FreshchatNetworkChangeReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services

com.appsflyer.FirebaseMessagingServiceListener

com.google.firebase.INSTANCE_ID_EVENT

com.mpl.androidapp.cleverTap.MFcmMessageListenerService

com.google.firebase.MESSAGING_EVENT

com.clevertap.android.sdk.pushnotification.CTNotificationIntentService

com.clevertap.PUSH_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

org.npci.upi.security.services.CLRemoteService

Android Permissions

mpl-pro-v502.apk

Permissions

com.mpl.androidapp.permission.C2D_MESSAGE

android.permission.ACCESS_WIFI_STATE

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.WAKE_LOCK

android.permission.WRITE_INTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.CAMERA

android.permission.READ_CONTACTS

android.permission.RECORD_AUDIO

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_COARSE_LOCATION

android.permission.DOWNLOAD_WITHOUT_NOTIFICATION

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.READ_PHONE_STATE

android.permission.FOREGROUND_SERVICE

android.permission.RECEIVE_BOOT_COMPLETED

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

android.permission.BLUETOOTH

android.permission.REQUEST_DELETE_PACKAGES

android.permission.WRITE_CALENDAR

android.permission.READ_CALENDAR

android.permission.VIBRATE

android.permission.GET_PACKAGE_SIZE

android.permission.FLASHLIGHT

android.permission.READ_MEDIA_IMAGES

android.permission.READ_MEDIA_AUDIO

android.permission.PACKAGE_USAGE_STATS

android.permission.QUERY_ALL_PACKAGES

android.permission.POST_NOTIFICATIONS

android.permission.READ_MEDIA_VIDEO

android.permission.SCHEDULE_EXACT_ALARM

android.permission.USE_EXACT_ALARM

com.google.android.gms.permission.AD_ID

android.permission.ACCESS_ADSERVICES_ATTRIBUTION

android.permission.ACCESS_ADSERVICES_AD_ID

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

com.mpl.androidapp.permission.MIPUSH_RECEIVE

com.google.android.c2dm.permission.RECEIVE

com.android.vending.CHECK_LICENSE

com.mpl.androidapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

com.mpl.androidapp

com.mpl.androidapp.MPLSplashActivity

Activities

com.mpl.androidapp.MPLSplashActivity

com.mpl.androidapp.react.MPLReactContainerActivity

com.facebook.CustomTabActivity

com.braintreepayments.api.BraintreeBrowserSwitchActivity

com.amazon.apay.hardened.activity.RedirectUriReceiverActivity

com.amazon.identity.auth.device.workflow.WorkflowActivity

in.juspay.hypersdk.core.CustomtabResult

org.npci.upi.security.pinactivitycomponent.GetCredential

Permissions

Receivers

com.appsflyer.MultipleInstallBroadcastReceiver

com.mpl.androidapp.updater.job.PowerConnectionReceiver

com.mpl.androidapp.MPLSMSBroadcastReceiver

com.paynimo.android.payment.network.NetworkStateReceiver

com.smartlook.sdk.smartlook.core.referrer.ReferrerReceiver

com.clevertap.android.pushsdk.CTFirebaseMessagingReceiver

com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.freshchat.consumer.sdk.receiver.FreshchatReceiver

com.freshchat.consumer.sdk.receiver.FreshchatNetworkChangeReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

androidx.profileinstaller.ProfileInstallReceiver

Services

com.appsflyer.FirebaseMessagingServiceListener

com.mpl.androidapp.cleverTap.MFcmMessageListenerService

com.clevertap.android.sdk.pushnotification.CTNotificationIntentService

com.google.firebase.messaging.FirebaseMessagingService

org.npci.upi.security.pinactivitycomponent.CLRemoteServiceImpl

Android Permissions

mpl-pro-v502.apk