Malware Analysis Report

2025-01-19 05:48

Sample ID 241129-k73m7ssnaj
Target bc940641035dd13d692a1926753cf8ca.apk
SHA256 d7fbc1e2c1eeaf98bfeb664d115dc82b7415ccbf1805902da7f0ef31cd8cb2d4
Tags
axbanker banker discovery infostealer persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d7fbc1e2c1eeaf98bfeb664d115dc82b7415ccbf1805902da7f0ef31cd8cb2d4

Threat Level: Known bad

The file bc940641035dd13d692a1926753cf8ca.apk was found to be: Known bad.

Malicious Activity Summary

axbanker banker discovery infostealer persistence

Axbanker family

AxBanker

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 09:15

Signatures

Axbanker family

axbanker

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 09:15

Reported

2024-11-29 09:18

Platform

android-x86-arm-20240624-en

Max time kernel

134s

Max time network

145s

Command Line

com.rewards.iciciapp

Signatures

AxBanker

banker infostealer axbanker

Axbanker family

axbanker

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.rewards.iciciapp

Network

Country Destination Domain Proto
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.178.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 iciciapp.co udp
US 69.49.233.36:443 iciciapp.co tcp
US 69.49.233.36:443 iciciapp.co tcp
US 69.49.233.36:443 iciciapp.co tcp

Files

/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840139

MD5 498e68fb53f0acfbd79a4a78a8b9a481
SHA1 df7ee53a2374334dec9e8f6f2398437891e021d7
SHA256 2b7103debaabf0f736d1ef3acb4b1a04f697c2cb690ec1b8e4c4591d5a2b2a55
SHA512 2959547adf3376c8556c76e263fe5b77add9e3a71006cc5e80cbb6325d1baec2db70d3c11f366f124eae3127907c7ee90027d143b0d72e23e4e961fd8e4f5001

/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840140

MD5 e9cd4a74f8b418af12ef283ef6cbdea1
SHA1 ba2b661b744540b9ea2d9353f1cd8cf6f51f5b6e
SHA256 87ceb8b00e8b22495803a212fb7eb065216193ce40254989c6863ba227007df8
SHA512 cc224755ea59c9668b7b28e5284d9a491c5d37ea51475a692dad6eea9d6699687ff83d2bf4bfca2a48d035af29eca3bbde9439fae768ede38a1184b2b8898e1c

/data/data/com.rewards.iciciapp/cache/volley/-525012681658743973

MD5 c37ad771683d01c89c8b8d4010aad315
SHA1 36114d04cbea11b5e7ba1068f63e7d2ab0694994
SHA256 d381e9f0d61e479783bc06fdec32d1d8d20be73dd8c697dae25cbd7e940e6596
SHA512 d466829f5d193ae298c0669e52a87e6a884ab9b26c62d4f1c9a9754062fdd034a4a7051b7ba83698045050326cd79e191b12790a59165ca18535b580dd73cc26

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-29 09:15

Reported

2024-11-29 09:18

Platform

android-x64-20240624-en

Max time kernel

122s

Max time network

157s

Command Line

com.rewards.iciciapp

Signatures

AxBanker

banker infostealer axbanker

Axbanker family

axbanker

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.rewards.iciciapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
US 1.1.1.1:53 iciciapp.co udp
US 69.49.233.36:443 iciciapp.co tcp
US 69.49.233.36:443 iciciapp.co tcp
US 1.1.1.1:53 g.tenor.com udp

Files

/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840139

MD5 36f7295c7965384af4b7491641d816ab
SHA1 1c540d150962510ad89f88a143bc25015728b1fa
SHA256 e2ecaadf5f750603f65a53a345a732041b6912fb0db7ebae195e72fe2b128eba
SHA512 0b23b0a44bfd9c570d8d48e92e8fc1c5fa4b360aec2b995ecef27e443fc1f5d9c7c2d336a42ac985c82eca8853d4af4695f7b2e8ccdd5c2d82e262959a529e8b

/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840140

MD5 49300a65d22b4f07b4756eecf6f2c718
SHA1 acbee26752d846e01b8d5a5ed3acbf5f3fee99c4
SHA256 09bcd75c75e7fc8049d20d89d2e33704032bd20826564fe63d7e289a25cd99dc
SHA512 656b3aec2d8fd1554233e878de65ea2a19e982af1e9cc5c959cb1a01540fe1095462e7d578d4a752ebd084b9dd4ed41f29c20aaecb114e19443dc6edaf25de4b