Analysis Overview
SHA256
d672cabf04369c152207eb3a2a588b28ed7a72b4634cc3807d689f1a6ef4a0a5
Threat Level: Known bad
The file d672cabf04369c152207eb3a2a588b28ed7a72b4634cc3807d689f1a6ef4a0a5.apk was found to be: Known bad.
Malicious Activity Summary
Axbanker family
Loads dropped Dex/Jar
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-07 03:29
Signatures
Axbanker family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to advertise to nearby Bluetooth devices. | android.permission.BLUETOOTH_ADVERTISE | N/A | N/A |
| Required to be able to discover and pair nearby Bluetooth devices. | android.permission.BLUETOOTH_SCAN | N/A | N/A |
| Required to be able to connect to paired Bluetooth devices. | android.permission.BLUETOOTH_CONNECT | N/A | N/A |
| Required to be able to advertise to nearby Bluetooth devices. | android.permission.BLUETOOTH_ADVERTISE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-07 03:28
Reported
2024-12-07 03:32
Platform
android-x86-arm-20240624-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.olserapratama.pos.staging
which su
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.olserapratama.pos.staging/files/device-id
| MD5 | 38f81e2310cbea94de5a95ad022697cc |
| SHA1 | 7f60e4b4695c486bf1852e1bd548332362a80f7a |
| SHA256 | 102a87f893297ab300385cc63decb2f49e35df17824d9b46ac7b49d770c89220 |
| SHA512 | 0e3d9373bb04e7d025e417ebbef80d7ce882b5f4b97cd734bcf43c3907079797825314a22b7664ce24479698325612d4ef4bcd5b4b993e0eae6ec59c955313d6 |
/data/data/com.olserapratama.pos.staging/files/internal-device-id
| MD5 | fe4fc73fdcbcf783a43821b60cff2f5e |
| SHA1 | 7f754c5dd2c444a0e064e9f1f4b574f178f13837 |
| SHA256 | baa70ce2ef927b1042f81f50a28e2af899828ba615dcdc95cd723232a7a2e578 |
| SHA512 | 226cdf6ec0eda906042b9b6a6640132acac5dd34e0d0381fe0491f33a1750b2afcb3c3d668f23ff0cf256f3df0e5846bd2b70127b7ddaeef8bf1e662313689b8 |
/data/data/com.olserapratama.pos.staging/cache/last-run-info
| MD5 | 94e10e850bf39b9d0a6fef9969739ad4 |
| SHA1 | 5a9424345b6455d1b84ed73ecdde7eeab7f83ac9 |
| SHA256 | da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d |
| SHA512 | 8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-07 03:28
Reported
2024-12-07 03:32
Platform
android-x64-arm64-20240624-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Processes
com.olserapratama.pos.staging
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp |
Files
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | bdf3529e80318eb14e53a5bf3720c10d |
| SHA1 | 25c9ace4b1af6e80ebb2572345972c56505969ba |
| SHA256 | bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b |
| SHA512 | 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b |
/data/data/com.olserapratama.pos.staging/files/device-id
| MD5 | 7b8a2db46f005d4321f19ca96a2b3577 |
| SHA1 | 3eeb2305f9b4231966962c06fa2bf3dbb9e05d9d |
| SHA256 | cbe7689c361e737e87873124fbaf8c5d9c967cc75fea8ffa8b06caf46272756e |
| SHA512 | 226ee98cb695151120daf1b0ba5d73da33f2c0cb0cbb6b5a4df6ea319ee758b51f8b9f1fbef1c1ae0e16e99a1e47a8ef50988b2d40a1520195e962270827a7a0 |
/data/data/com.olserapratama.pos.staging/files/internal-device-id
| MD5 | 69c01963a750d3e68cbce50a5157aab9 |
| SHA1 | 01d8cb0e998335b69b5e309392a15c70b9d856dc |
| SHA256 | 14bf4e7dad6c334e3dea709b54897fc2bc3e8e048601b5de535a608c3fa04b6b |
| SHA512 | 401179d96f0ed74fffdcd7db042a5cc9bf30f796ec32196d990be30fc58892cd145bc7c3d0d84ba91f3d13fb5edee2b023dfc00285e1d9f406bb8924b0af5ab7 |
/data/data/com.olserapratama.pos.staging/cache/last-run-info
| MD5 | 94e10e850bf39b9d0a6fef9969739ad4 |
| SHA1 | 5a9424345b6455d1b84ed73ecdde7eeab7f83ac9 |
| SHA256 | da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d |
| SHA512 | 8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0 |