Malware Analysis Report

2025-01-19 05:48

Sample ID 241221-pw91cszlbz
Target DBSApp.apk
SHA256 79a2b59f30988b49319e56b27d3e46aacff8d44743f2b7e02d5fa0177cd539fe
Tags
axbanker discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

79a2b59f30988b49319e56b27d3e46aacff8d44743f2b7e02d5fa0177cd539fe

Threat Level: Known bad

The file DBSApp.apk was found to be: Known bad.

Malicious Activity Summary

axbanker discovery

Axbanker family

Requests dangerous framework permissions

Queries information about active data network

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-21 12:42

Signatures

Axbanker family

axbanker

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-21 12:41

Reported

2024-12-21 12:45

Platform

android-x86-arm-20240624-en

Max time kernel

50s

Max time network

137s

Command Line

com.dbs.retailagent

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.dbs.retailagent

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 retailerapp.oximall.com udp
IN 34.131.245.110:443 retailerapp.oximall.com tcp

Files

N/A