axbanker | 1d556e4aa3bc2ed163350908bfeb608a65233ea373cf54b22726b39fecb3cb7d | Triage

Sharing

General

Target

4ef824a4d877bd5387489c4ef025df31.apk
Size

6.1MB
Sample

250117-qyknxs1jcp
MD5

4ef824a4d877bd5387489c4ef025df31
SHA1

56e6105a2e4abd42d91af68f1d71f7d62e6624be
SHA256

1d556e4aa3bc2ed163350908bfeb608a65233ea373cf54b22726b39fecb3cb7d
SHA512

09f1af7af9b3efc7bfca8ff77dbc6beca533808702b3d93dc6f51be9d75f53ee62a9f42b5691c57d297d26ee2062ffb2f1330b4346e012ea9313fee2b149fbd0
SSDEEP

98304:y55P4cIZYS/uxnwvHNh/FfwEXyXNzmZmOUErVUl3JzjjaoV53EsrsH:yDPFIyS/LH1fAymAS3Jz6oV+

Score

10^/10

axbanker android banker discovery infostealer persistence

Malware Config

Extracted

Family

axbanker

C2

https://icreardstt.co.in/api/user/step2

https://newax-d7dc6-default-rtdb.firebaseio.com

Targets

- Target
  
  4ef824a4d877bd5387489c4ef025df31.apk
- Size
  
  6.1MB
- MD5
  
  4ef824a4d877bd5387489c4ef025df31
- SHA1
  
  56e6105a2e4abd42d91af68f1d71f7d62e6624be
- SHA256
  
  1d556e4aa3bc2ed163350908bfeb608a65233ea373cf54b22726b39fecb3cb7d
- SHA512
  
  09f1af7af9b3efc7bfca8ff77dbc6beca533808702b3d93dc6f51be9d75f53ee62a9f42b5691c57d297d26ee2062ffb2f1330b4346e012ea9313fee2b149fbd0
- SSDEEP
  
  98304:y55P4cIZYS/uxnwvHNh/FfwEXyXNzmZmOUErVUl3JzjjaoV53EsrsH:yDPFIyS/LH1fAymAS3Jz6oV+
Score

10^/10

axbanker banker discovery infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

axbankerbankerdiscoveryinfostealerpersistence

behavioral2