axbanker | d7fbc1e2c1eeaf98bfeb664d115dc82b7415ccbf1805902da7f0ef31cd8cb2d4 | Triage

Sharing

General

Target

bc940641035dd13d692a1926753cf8ca.apk
Size

6.1MB
Sample

241118-nlxfvawcnm
MD5

bc940641035dd13d692a1926753cf8ca
SHA1

c3a5af64d0fbad4bae256daa3443a52821825bb3
SHA256

d7fbc1e2c1eeaf98bfeb664d115dc82b7415ccbf1805902da7f0ef31cd8cb2d4
SHA512

046433961bec16a098fca6d5af5ba820c43a50187753075e52aba2f1a1a5be5496a3afc53c26599eef7b642f160adf1bef19d6379f819434d734ec71b682d604
SSDEEP

98304:7ju9Cy3aaoVq59w+Gvls8uOz3QS5SdOw+dZABNKaoUP3EsrsKo:7ju9C8aN8nGPgSX/ZABJoUxo

Score

10^/10

axbanker android banker discovery infostealer persistence

Malware Config

Extracted

Family

axbanker

C2

https://iciciapp.co/api/user/step2

https://newax-d7dc6-default-rtdb.firebaseio.com

Targets

- Target
  
  bc940641035dd13d692a1926753cf8ca.apk
- Size
  
  6.1MB
- MD5
  
  bc940641035dd13d692a1926753cf8ca
- SHA1
  
  c3a5af64d0fbad4bae256daa3443a52821825bb3
- SHA256
  
  d7fbc1e2c1eeaf98bfeb664d115dc82b7415ccbf1805902da7f0ef31cd8cb2d4
- SHA512
  
  046433961bec16a098fca6d5af5ba820c43a50187753075e52aba2f1a1a5be5496a3afc53c26599eef7b642f160adf1bef19d6379f819434d734ec71b682d604
- SSDEEP
  
  98304:7ju9Cy3aaoVq59w+Gvls8uOz3QS5SdOw+dZABNKaoUP3EsrsKo:7ju9C8aN8nGPgSX/ZABJoUxo
Score

10^/10

axbanker banker discovery infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

axbankerbankerdiscoveryinfostealerpersistence

behavioral2