axbanker | 13b41edd7ba60e84b571f5e01f953faa2523d99ac2e005770291ff4c5ab732aa | Triage

Sharing

General

Target

94be6305f3426fe98b8d5b4252a27da6.apk
Size

6.1MB
Sample

250109-l8j3xsxjb1
MD5

94be6305f3426fe98b8d5b4252a27da6
SHA1

d61bfaa7698fae46f0f24a14f1c88d0f0b7973f8
SHA256

13b41edd7ba60e84b571f5e01f953faa2523d99ac2e005770291ff4c5ab732aa
SHA512

23e16975fd188945d0c7d3ccee5762bb1641ad2baba4f95b77c684f1b666b5b30805beba01d35cd80e4c7553e28b656d430834f77bb8a57523082f399a23ee54
SSDEEP

98304:k3BxsSVQdxfm3jtr07bUtRSHd5t+K4UbIzjjaoV53EsrsS:kouUxfm3jp0KqtIz6oVD

Score

10^/10

axbanker android banker discovery infostealer persistence

Malware Config

Extracted

Family

axbanker

C2

https://icicirwd.com/api/user/step2

https://newax-d7dc6-default-rtdb.firebaseio.com

Targets

- Target
  
  94be6305f3426fe98b8d5b4252a27da6.apk
- Size
  
  6.1MB
- MD5
  
  94be6305f3426fe98b8d5b4252a27da6
- SHA1
  
  d61bfaa7698fae46f0f24a14f1c88d0f0b7973f8
- SHA256
  
  13b41edd7ba60e84b571f5e01f953faa2523d99ac2e005770291ff4c5ab732aa
- SHA512
  
  23e16975fd188945d0c7d3ccee5762bb1641ad2baba4f95b77c684f1b666b5b30805beba01d35cd80e4c7553e28b656d430834f77bb8a57523082f399a23ee54
- SSDEEP
  
  98304:k3BxsSVQdxfm3jtr07bUtRSHd5t+K4UbIzjjaoV53EsrsS:kouUxfm3jp0KqtIz6oVD
Score

10^/10

axbanker banker discovery infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

axbankerbankerdiscoveryinfostealerpersistence

behavioral2