General

  • Target

    75f9e79ad9adcab54fde3db718099a03.apk

  • Size

    10.9MB

  • MD5

    75f9e79ad9adcab54fde3db718099a03

  • SHA1

    fd41c28817cb4ca396bb44b7011f2f608ce21674

  • SHA256

    3ca99c5ad6972692c48572125143958b57f164d9400b55901c335e4d5d49b416

  • SHA512

    af7b853804c86c5a3f6c2015e2a4b19ebfd2350c0b808c951bbc7eba75613bc37998865c22bee0235972acb791fe96b3bbd0a30567ad46765119feb95348ac43

  • SSDEEP

    196608:Oi2xv74XNwGA6vUSy5gd7hzSjGobetLIEerA5nEVlIveYS43yLoyIcNA:OiGGnHvd7NSjqt8EerABilIvemn3f

Score
10/10

Malware Config

Extracted

Family

axbanker

C2

https://iciciapp.site/index.php/api/user/step3

https://newax-d7dc6-default-rtdb.firebaseio.com

Signatures

  • Axbanker family
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 4 IoCs

Files

  • 75f9e79ad9adcab54fde3db718099a03.apk
    .apk android

    com.nekki.vectors

    com.nekki.vectors.MainActivity


  • app.apk
    .apk android arch:arm64 arch:arm arch:x86 arch:x64

    com.nekki.vector

    com.nekki.vector.SplashActivity


Android Permissions

75f9e79ad9adcab54fde3db718099a03.apk

Permissions

android.permission.FOREGROUND_SERVICE

android.permission.INTERNET

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.GET_TASKS

android.permission.QUERY_ALL_PACKAGES

com.nekki.vectors.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION