axbanker | b35e77a5710aca0db9ca9b65f6eac1d55f73a04a199169579ea6c07140d8f628 | Triage

Sharing

General

Target

65215e95c71e4ec51df7485f14cb310d.apk
Size

6.1MB
Sample

250115-yfwx8strer
MD5

65215e95c71e4ec51df7485f14cb310d
SHA1

5c2ff1c1167a22d95ccfd4a6262169e1344ba98a
SHA256

b35e77a5710aca0db9ca9b65f6eac1d55f73a04a199169579ea6c07140d8f628
SHA512

25b2d9e65d9735ab15f12da8cf88192169bfbf52acb0dcfaef8c3aac5bb28bfe37707fd37256a0d35494e0d54adb9c5b8a04b902f88201adc427d838fb1bb307
SSDEEP

98304:uytyq4p6RpXXVN8ej8jwKxrSsslpasAQJ2k0mLsrUt46pYe1PPzjjaoV53Esrs1:ttG636UKlTslksAQ8EL5lPz6oVs

Score

10^/10

axbanker android banker discovery infostealer persistence

Malware Config

Extracted

Family

axbanker

C2

https://newax-d7dc6-default-rtdb.firebaseio.com

https://theicicirwd.co.in/api/user/step2

Targets

- Target
  
  65215e95c71e4ec51df7485f14cb310d.apk
- Size
  
  6.1MB
- MD5
  
  65215e95c71e4ec51df7485f14cb310d
- SHA1
  
  5c2ff1c1167a22d95ccfd4a6262169e1344ba98a
- SHA256
  
  b35e77a5710aca0db9ca9b65f6eac1d55f73a04a199169579ea6c07140d8f628
- SHA512
  
  25b2d9e65d9735ab15f12da8cf88192169bfbf52acb0dcfaef8c3aac5bb28bfe37707fd37256a0d35494e0d54adb9c5b8a04b902f88201adc427d838fb1bb307
- SSDEEP
  
  98304:uytyq4p6RpXXVN8ej8jwKxrSsslpasAQJ2k0mLsrUt46pYe1PPzjjaoV53Esrs1:ttG636UKlTslksAQ8EL5lPz6oVs
Score

10^/10

axbanker banker discovery infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

axbankerbankerdiscoveryinfostealerpersistence

behavioral2