axbanker | Mi Claro_6[.]3[.]apk

General

Target

Mi Claro_6.3.apk
Size

25.6MB
MD5

7f57038559a8efaf1b1ee49d7cd7f3da
SHA1

f319e1297e5353fb374a11ded4470609f3d0a356
SHA256

539704e94b7c35db615c77221edfd1922a354caff36afa4c843ea29e1741d072
SHA512

71ec2afc3d31f2947b751cfc9e06b9468dc39fa73abdaa8e710bc9ff3a53a7cb25a257db6e3a02d03475c756173d9f2199e592a7b4c4ac879df6473bb83e526f
SSDEEP

196608:kEbFmmbWHwgF7DbhwwRG3eQ/+ElmHJXLvHF347Q4dwPmwDZbcFqZNYUmEwLCO:5bWQgB1G3esQXLvHG75wFFcFqMLCO

Score

10^/10

axbanker

Malware Config

Extracted

Family

axbanker

C2

https://claroclub-app-firebase-c7c4b-default-rtdb.firebaseio.com

https://claroclub-app-firebase-c7c4b.firebaseio.com

Signatures

Axbanker family
axbanker

Requests dangerous framework permissions 9 IoCs

description	ioc
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Files

Mi Claro_6.3.apk
.apk android

com.claro.pe.miclaro

com.everis.miclaro.view.activity.SplashScreenActivity

Activities

com.everis.miclaro.view.activity.VerificarEmailActivity

android.intent.action.VIEW
android.intent.action.MAIN

com.everis.miclaro.view.activity.MainActivity

android.intent.action.VIEW
android.intent.action.MAIN

com.everis.miclaro.view.activity.SplashScreenActivity

android.intent.action.VIEW
android.intent.action.MAIN

com.facebook.CustomTabActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CALL_PHONE
android.permission.RECEIVE_SMS
android.permission.READ_SMS
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.sonyericsson.home.permission.BROADCAST_BADGE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
android.permission.READ_PHONE_STATE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.HIGH_SAMPLING_RATE_SENSORS
android.permission.POST_NOTIFICATIONS
android.permission.CAMERA
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.READ_EXTERNAL_STORAGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE
android.permission.WRITE_EXTERNAL_STORAGE
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.gms.permission.AD_ID
com.claro.pe.miclaro.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.REORDER_TASKS
android.permission.FOREGROUND_SERVICE

Receivers

com.qualtrics.digital.QualtricsNotificationManager

android.intent.action.MAIN

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

Services

com.everis.miclaro.firebase.MessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Android Permissions

Mi Claro_6.3.apk

Permissions

android.permission.INTERNET

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CALL_PHONE

android.permission.RECEIVE_SMS

android.permission.READ_SMS

com.sec.android.provider.badge.permission.READ

com.sec.android.provider.badge.permission.WRITE

com.sonyericsson.home.permission.BROADCAST_BADGE

com.htc.launcher.permission.READ_SETTINGS

com.htc.launcher.permission.UPDATE_SHORTCUT

android.permission.READ_PHONE_STATE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.HIGH_SAMPLING_RATE_SENSORS

android.permission.POST_NOTIFICATIONS

android.permission.CAMERA

android.permission.VIBRATE

android.permission.WAKE_LOCK

android.permission.READ_PRIVILEGED_PHONE_STATE

android.permission.READ_EXTERNAL_STORAGE

com.sonymobile.home.permission.PROVIDER_INSERT_BADGE

com.anddoes.launcher.permission.UPDATE_COUNT

com.majeur.launcher.permission.UPDATE_BADGE

com.huawei.android.launcher.permission.CHANGE_BADGE

com.huawei.android.launcher.permission.READ_SETTINGS

com.huawei.android.launcher.permission.WRITE_SETTINGS

android.permission.READ_APP_BADGE

com.oppo.launcher.permission.READ_SETTINGS

com.oppo.launcher.permission.WRITE_SETTINGS

me.everything.badger.permission.BADGE_COUNT_READ

me.everything.badger.permission.BADGE_COUNT_WRITE

android.permission.WRITE_EXTERNAL_STORAGE

com.google.android.c2dm.permission.RECEIVE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

com.google.android.gms.permission.AD_ID

com.claro.pe.miclaro.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

android.permission.REORDER_TASKS

android.permission.FOREGROUND_SERVICE

Sharing

General

Malware Config

Extracted

Signatures

Files

com.claro.pe.miclaro

com.everis.miclaro.view.activity.SplashScreenActivity

Activities

com.everis.miclaro.view.activity.VerificarEmailActivity

com.everis.miclaro.view.activity.MainActivity

com.everis.miclaro.view.activity.SplashScreenActivity

com.facebook.CustomTabActivity

Permissions

Receivers

com.qualtrics.digital.QualtricsNotificationManager

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

Services

com.everis.miclaro.firebase.MessagingService

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

Mi Claro_6.3.apk