axbanker | 4400ba385c37b8c0ec3c63463794c2a335fe8823a0a43a910ae6400337371217 | Triage

Submit
Reports

Overview

overview

Static

static

7

BIGBOSS.exe

windows7-x64

9

BIGBOSS.exe

windows10-2004-x64

Sharing

General

Target

BIGBOSS.exe
Size

36.6MB
Sample

250118-v761qsyqhs
MD5

19773de3aada9bebac1c8a284059e0a5
SHA1

482dcb8326ab158a0b054516cede9d80119dca7b
SHA256

4400ba385c37b8c0ec3c63463794c2a335fe8823a0a43a910ae6400337371217
SHA512

829ee42d011ca1064a272fc626540b5ddf115d1e59e8e107b185def9ced215b96ce3018c7ff4a8a6c30893e313c64e1df58e7771e1d2f868fcfa61c7ecd56346
SSDEEP

786432:w5iyxGxoo4kxSjEN0CgFjaj2G8NkzJD4pSbN+WYbO7fqffK:w01xoLvCgxayG8NkzJDaSbN+WY8qffK

Score

10^/10

axbanker banker discovery evasion infostealer persistence privilege_escalation themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

BIGBOSS.exe

Resource

win7-20240903-en

discovery evasion themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

BIGBOSS.exe

Resource

win10v2004-20241007-en

axbanker banker discovery evasion infostealer persistence privilege_escalation themida trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  BIGBOSS.exe
- Size
  
  36.6MB
- MD5
  
  19773de3aada9bebac1c8a284059e0a5
- SHA1
  
  482dcb8326ab158a0b054516cede9d80119dca7b
- SHA256
  
  4400ba385c37b8c0ec3c63463794c2a335fe8823a0a43a910ae6400337371217
- SHA512
  
  829ee42d011ca1064a272fc626540b5ddf115d1e59e8e107b185def9ced215b96ce3018c7ff4a8a6c30893e313c64e1df58e7771e1d2f868fcfa61c7ecd56346
- SSDEEP
  
  786432:w5iyxGxoo4kxSjEN0CgFjaj2G8NkzJD4pSbN+WYbO7fqffK:w01xoLvCgxayG8NkzJDaSbN+WY8qffK
Score

10^/10

discovery evasion themida trojan axbanker banker infostealer persistence privilege_escalation
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

behavioral2

axbankerbankerdiscoveryevasioninfostealerpersistenceprivilege_escalationthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.