Analysis Overview
SHA256
d7fbc1e2c1eeaf98bfeb664d115dc82b7415ccbf1805902da7f0ef31cd8cb2d4
Threat Level: Known bad
The file bc940641035dd13d692a1926753cf8ca.apk was found to be: Known bad.
Malicious Activity Summary
Axbanker family
AxBanker
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-29 09:15
Signatures
Axbanker family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-29 09:15
Reported
2024-11-29 09:18
Platform
android-x86-arm-20240624-en
Max time kernel
134s
Max time network
145s
Command Line
Signatures
AxBanker
Axbanker family
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.rewards.iciciapp
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | iciciapp.co | udp |
| US | 69.49.233.36:443 | iciciapp.co | tcp |
| US | 69.49.233.36:443 | iciciapp.co | tcp |
| US | 69.49.233.36:443 | iciciapp.co | tcp |
Files
/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840139
| MD5 | 498e68fb53f0acfbd79a4a78a8b9a481 |
| SHA1 | df7ee53a2374334dec9e8f6f2398437891e021d7 |
| SHA256 | 2b7103debaabf0f736d1ef3acb4b1a04f697c2cb690ec1b8e4c4591d5a2b2a55 |
| SHA512 | 2959547adf3376c8556c76e263fe5b77add9e3a71006cc5e80cbb6325d1baec2db70d3c11f366f124eae3127907c7ee90027d143b0d72e23e4e961fd8e4f5001 |
/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840140
| MD5 | e9cd4a74f8b418af12ef283ef6cbdea1 |
| SHA1 | ba2b661b744540b9ea2d9353f1cd8cf6f51f5b6e |
| SHA256 | 87ceb8b00e8b22495803a212fb7eb065216193ce40254989c6863ba227007df8 |
| SHA512 | cc224755ea59c9668b7b28e5284d9a491c5d37ea51475a692dad6eea9d6699687ff83d2bf4bfca2a48d035af29eca3bbde9439fae768ede38a1184b2b8898e1c |
/data/data/com.rewards.iciciapp/cache/volley/-525012681658743973
| MD5 | c37ad771683d01c89c8b8d4010aad315 |
| SHA1 | 36114d04cbea11b5e7ba1068f63e7d2ab0694994 |
| SHA256 | d381e9f0d61e479783bc06fdec32d1d8d20be73dd8c697dae25cbd7e940e6596 |
| SHA512 | d466829f5d193ae298c0669e52a87e6a884ab9b26c62d4f1c9a9754062fdd034a4a7051b7ba83698045050326cd79e191b12790a59165ca18535b580dd73cc26 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-29 09:15
Reported
2024-11-29 09:18
Platform
android-x64-20240624-en
Max time kernel
122s
Max time network
157s
Command Line
Signatures
AxBanker
Axbanker family
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.rewards.iciciapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | iciciapp.co | udp |
| US | 69.49.233.36:443 | iciciapp.co | tcp |
| US | 69.49.233.36:443 | iciciapp.co | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
Files
/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840139
| MD5 | 36f7295c7965384af4b7491641d816ab |
| SHA1 | 1c540d150962510ad89f88a143bc25015728b1fa |
| SHA256 | e2ecaadf5f750603f65a53a345a732041b6912fb0db7ebae195e72fe2b128eba |
| SHA512 | 0b23b0a44bfd9c570d8d48e92e8fc1c5fa4b360aec2b995ecef27e443fc1f5d9c7c2d336a42ac985c82eca8853d4af4695f7b2e8ccdd5c2d82e262959a529e8b |
/data/data/com.rewards.iciciapp/cache/volley/-4335737051594840140
| MD5 | 49300a65d22b4f07b4756eecf6f2c718 |
| SHA1 | acbee26752d846e01b8d5a5ed3acbf5f3fee99c4 |
| SHA256 | 09bcd75c75e7fc8049d20d89d2e33704032bd20826564fe63d7e289a25cd99dc |
| SHA512 | 656b3aec2d8fd1554233e878de65ea2a19e982af1e9cc5c959cb1a01540fe1095462e7d578d4a752ebd084b9dd4ed41f29c20aaecb114e19443dc6edaf25de4b |