Malware Analysis Report

2025-01-19 05:48

Sample ID 241211-k8bk4s1kdj
Target d8661409d7cbc3c89bb6bab53f818fc5.apk
SHA256 4345c978e38502461e187a45ed9b27e202adcdc58b4321bd6e878b8a70d136f5
Tags
axbanker
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4345c978e38502461e187a45ed9b27e202adcdc58b4321bd6e878b8a70d136f5

Threat Level: Known bad

The file d8661409d7cbc3c89bb6bab53f818fc5.apk was found to be: Known bad.

Malicious Activity Summary

axbanker

Axbanker family

Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-12-11 09:15

Signatures

Axbanker family

axbanker

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 09:15

Reported

2024-12-11 09:18

Platform

android-x86-arm-20240624-en

Max time kernel

47s

Max time network

142s

Command Line

com.example.shineinterview

Signatures

N/A

Processes

com.example.shineinterview

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof

MD5 7c1eb4af3f79e9ffeb273fcb0ed8206f
SHA1 c7227d3c1602954cf9a0b322c67dae9e2c3d86bd
SHA256 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d
SHA512 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c

/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 8b7c777fcbea40166d10afa3d005e14a
SHA1 731e24c56dfbea02a9729dd0bf0edaa2b89087c1
SHA256 f0765ef7bd716b9f03c7f5cfeeea071c018ffe031a8236a68bb7cde8e171b270
SHA512 5ef0399cd7e8141fa7a29c6f92a73d98ab69271adfb15e709ac94f4367aff966dee0383ce94dcff78af0a5fa5c98ea871745aca0f83978885987bb45d3dbbb97

/data/data/com.example.shineinterview/files/profileInstalled

MD5 5990398ab583b980180df7f4ed078945
SHA1 ad27d715f7b247e74c507ee89d16cd905945f4f1
SHA256 60c74a1510a37643a35a1c6b72493b4784cbda1b75bce1dcb33ce8d450d8628b
SHA512 2123f4a3b0c7a8ee2a023125214814fdbc941ddfb3bbd80f7326c91043add117032277949d1367bfd49c3c57303ab0a3490523a94f63ec592c923ef7a615dd0d

/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof

MD5 898cb82e137925449b87f15dcc13fb4b
SHA1 ad85478b0e4e0351268c5be76d10403239d0b171
SHA256 9c18294655ffa07214483be6d0308241ddd7b0140ec0a9545a2a846fcbc0600b
SHA512 83addea06008c8101d23ede3b03e6a5213e28ea517f006e09c4d138f6790053d461d75b2315e6c0a142fa4d8b59e404561031f0a9e484c99df96dd0bb56d8bc0

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 09:15

Reported

2024-12-11 09:18

Platform

android-x64-20240910-en

Max time kernel

45s

Max time network

152s

Command Line

com.example.shineinterview

Signatures

N/A

Processes

com.example.shineinterview

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof

MD5 7c1eb4af3f79e9ffeb273fcb0ed8206f
SHA1 c7227d3c1602954cf9a0b322c67dae9e2c3d86bd
SHA256 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d
SHA512 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c

/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 041d32c47abfc620b688c56774b6e559
SHA1 7570f84be48e6d09b85ebb37accbf2236dd48e4c
SHA256 c41d22f3f026f0504d3a88c3f06e0dc9ba7e4b1b9e521788701f3810badcc5ff
SHA512 ac418a9bd16b7b3ca336106a95dac75235e53dbdf966c55f566b59e30592c67fd6518e3c7c92c4d04a7831fe0750a4fc4a63670c6f55082e6b2e4a365a61a241

/data/data/com.example.shineinterview/files/profileInstalled

MD5 105ddff89fa99ebc74e7b2f8ce496cfb
SHA1 1537b06606e8941980cfa934545f1afecebd2a9d
SHA256 69d8c89cc600b6df5d9551bfd9dfe5e0e43b3637957d5d03283a9a206260edcc
SHA512 a879d169b0bb7d0bf62817e5e69b23b45976b2eb8a04eabead5d5fc6644f5e4eaab85e077cedd3d6e7cdb3e7f45209b025dca5799d1a0dc4241f24f07f9c5521

/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof

MD5 6367002d756b5fe63e0a3c95310e6de0
SHA1 01da28a2413e4a257d1037ace746d45e3a661bde
SHA256 ee99e418e2d2ac3337331580187c47d22bcfd3834f02bc9389e6f21802812128
SHA512 2d25386b94f1778344988c6804f074f105fbdd3fa11c1b6e967b4d08c8bc58f21714bc27ab268d40e4fabd2b372c070c785dcd34dc7c19c69fa9f30e136a79bc

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-11 09:15

Reported

2024-12-11 09:18

Platform

android-x64-arm64-20240624-en

Max time kernel

7s

Max time network

134s

Command Line

com.example.shineinterview

Signatures

N/A

Processes

com.example.shineinterview

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/misc/profiles/cur/0/com.example.shineinterview/primary.prof

MD5 7c1eb4af3f79e9ffeb273fcb0ed8206f
SHA1 c7227d3c1602954cf9a0b322c67dae9e2c3d86bd
SHA256 37820ff872b0ac9a9a6d44cf6f8bb6ccef7345791ed5ad1e02ec45db1f8b4e9d
SHA512 943a5e08723e2c95723f4fde17c67cb1be21ea03e401cadb8576f451646071407e549b19ac607c8c809ab171db1c139a5f77f7c3494fb2917c26120eeb93543c

/data/data/com.example.shineinterview/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 30548395a31cad96241a0703b0b0948b
SHA1 867f990ee3657cb0998c975e795709481e42b6e8
SHA256 074b80a6e10c3b022d6640a79aed20c671d73708003dc5e3ce10f9042b87ceec
SHA512 c50f25254ee3911be09985f1076c0f3e384ab01a74c180abc78e3aeb80e565413b33090484e3c8ad2f26573cd23da6865d56b0c9f742eb42958ad4c006e9e628