axbanker | 16a1157a52d06932ce0f7af9c8725ed8a549aa2ed28edf04650c076608b6bb29

Analysis

max time kernel
88s
max time network
92s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/02/2025, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4308

com.disprzs.hdfclife:my_process
1⤵
PID:4379

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2a11c3d3dddf287a849061a4df9d8a40

SHA1
9e441705089812882350ec1148fd4b5aa2358272

SHA256
9f9232e27cb23306b9fe03667b737b745ed885653d4bea8d15a543bb09e5e8d0

SHA512
8ad56ebf85e0898b9410c5d182804da90f440f778b4add759bbfd4cca0fdb6604ee160add518d4a31fc80a6aca9ff942cfcc1b1f3b500ca8b52bc2a29831b93b

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
45a702569238dc38f55004ab549ce775

SHA1
2c88bdef4926308bbc6518e249674cb3d5058172

SHA256
13b182b4eeed80c26329f989ce98d0767990b91610662f3f03b5d1a9b95d4855

SHA512
7b135507c74ba1a1d6ce789bfc982e55dd0a40ebaf4598564d29e7c4c53cd0f3afa5d9388179dc844932304f750b71bf5981240b4f50278753be1ad9b2302c01

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e07e48323aa78db496eee48fc29d6f9c

SHA1
b3f7dc3692be78f1b5b90b70b74404312b68bc6c

SHA256
1491d7656cbc57ca62c80412d16dbce583cb7e1d1a86d7e6593ee87d391238e2

SHA512
84bd7a2e842f571408204a98532f5a03ec402a4bac7a65bf2165bd449e83415ff29cd2f6eca91ad915ba4ec49b9976f79bfeba1dceed4347c33a3308caba2448

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a32c1896957baa75052c920e4db35ddd

SHA1
1dac74d30bb80fe735b2b8f35e84d770e240f5ff

SHA256
ba44fc262f6006b3c1286ce5d2f4d36ececb049bf5291bf2b0068051da1dd4af

SHA512
ee8bb0888f7817554cca5de50c64e0a89ee9a985ad5abcc433d79cdebf41cc54b6ff8a19b25c8370217e16f93fac35fc9b1dbb73ab1e2eaf2408894996c8f916

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2e77dcd05acdceec366d93275dad30c0

SHA1
fd29150b74de0601589856de9ee17308efcccf98

SHA256
953910f1400f96563ca455fb89060ece3f0d4423ed3d1c2b2960463df3b5566c

SHA512
da742e8589de919ef58ff99ad179fa79a00c1e922fb46382cf3989f14741df0f28969c72c81964cf22f915033ba468ffdf5dc3ac678215a8785433241dbb6436

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7b51fc2f22d6a06805e6af8bb5addb3

SHA1
a4b5b1308f0a1fbd043d9899ae64696c4fe0554c

SHA256
2b40988076e4d3c2c558c378fc7d46b275f7b6fe31110c6c8c9579873d57366f

SHA512
3ea9105df1b7cd8ab396a085ae0f5a4560f9e4ef3fbb70d3c8ba84192d5abdf40c957a66ac59411cb10fcfc852715718c9961da385a5da379acc1fbcb618486d

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
381a6254c25461536e24b062a8eece1b

SHA1
1300a06175012861b33f14f5f8bffdc736d372cc

SHA256
cb3c94c9ca38ea76bdacfbd9a6bc08f7e73959c8357ba20b81b9c4d29d810cad

SHA512
f13810aba7811614cda44cedea5190b235ee22b019c2b5f0092535fb1e643ee1e22f9f702980985595379b648b1e7e1b4e7ac79695bbf4997efcee11217dd5b7

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d03be7f2d4a77376bb08c0c186e05f4a

SHA1
1870687b4cb2d48fc50f9be5614e587b685ad06c

SHA256
b6b72d5db593cce9d7334b234e65f17fdce366f865866123f95f276d379302d4

SHA512
8ed020686f230eedf28b82dbd1359d1e434e1e371e31fe78abb67a3e98ebd1c3aaabcdd955f54107714bcf9a3cfed9cf93eba1fa8b720f8c446b5ec827b5861e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b39289a01876c44c253f00f6105ec468

SHA1
b492287b5c69d0c36d9de1e48551218ae435b72e

SHA256
f1c6f95f5fadd53ee2614d7c6269fb2064ec14d0faba6dbc57e1e4a4f9cb56da

SHA512
635197a6520f2144b801d7bac681c681dbcadf19d694beba4ab8a0d56bfc2c74fda043cee4d42f1674a19bddd87f57b31614629cba876057f24d47c55d44d82b

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f0bb90b9fd4bba0711b1ba695d311b97

SHA1
28c2c9bd9c76cfe9cc838c50f9b17e7c90be280f

SHA256
09e20ed8ae36432f20cc3e459d2bd6fcb58b64a1b5a69a1e3096f35daceea611

SHA512
7e8e0c86829396334c3ceed763b5ee149dc26ab7915dffc658e015731c181943162fcfc9d5336b65a663d722093a4a50f2dc9fdad9de04ee98c58049db64192e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
928a73f10f568de20d4552286470f48f

SHA1
7d1193f10a02611577aa34d6b9309b013b21ed73

SHA256
b7cc29e6d8b8e16bc035e915b650690a5d95cd4a762025aa83ab9fa2f5f8d4b0

SHA512
a209e27da055f0303b5be2fa6d9817f4485aadf3c167dd64c982b0f6f72f088bb093c9fdde957b70ca354487c9fcc0aaf997a5853659276a160ddc741b3b5250

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
24fbc705d13ab54288d6875d4b5d9352

SHA1
17b421f00302837dfd5a367cbea239bcb88c0570

SHA256
6f1643a09bc9f6ac3c5a6358dd757424e722e83e517783ca4dc1c1975709a6fa

SHA512
7da0c8b6f83aa98598d35fa2fe2ee00760feff24e5c38ed06ae358e3c63498cc5b812fac78158b360e67ca0a97c40ed8725c1845d25912a445b8b4f0650f939b

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
61d1e4e5fcba400cb26035182cfc9f6b

SHA1
d5b8eb33d48b2fe4f0ecccbd38e06b5510e5e9bb

SHA256
e872720e9bd6f0f20d81b88de789cd66930eac9b54de994ca43e302897f5180a

SHA512
0c271b1cc6f63705e092730a982b1dfc100df099d3bf6e9d495c02a47e5c46d11ad116dfd90ac6153eb61d58a7b4499ea2e10b062a24d91d9f4c53c31d4e3c94

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation5972182696100934180tmp

Filesize
90B

MD5
1f6ee4fe17745bf2e9db12df516403da

SHA1
af3571d546d630586d36bcc019554abc60b257eb

SHA256
3affc9572e44bacfe0f8be043fe7fd2a16c677458d9423cb515ce8c4336f46b1

SHA512
ed723fc1f637c9003bc1819b247ccae86d92d275902555cf74b7ff512c380005ddea483c98c00814931f500988108fdf4f9be4e3e9c222efbfa58dca8bb0d779

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation8384774292564002315tmp

Filesize
568B

MD5
fa78fd83ea1080606056257a283dfd73

SHA1
b5695946739fe652ccd901402eaa729bfe447aca

SHA256
6bfbd192cee86eae38e2c79c929ad1a6666230be4fbf17bb21be65481da71a71

SHA512
cb064a9bf1f0e94f01402b70b64a80640ad425ab9a20e30eb25fec8f35dc6be6cbad7a7167bf44ac9fab3211742f624daf13b631397e56ad43bda41693f3b8be

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
13dba65c78ae478126921455ffb47f62

SHA1
e2a866e295a579b3d70a71262ec191bb955a80a1

SHA256
0958702844c36380b7ebdd205adcba50ef8e7dd9d568b9c482a46f642befeb28

SHA512
607d288f35be96be2216877be34eb2d106fa9cd4a1410b22e0943b10e06fed34ecd6f91d9de55ed7cf9769003fe7feaa1754c2244bed6048f7242b3c7f9b0af0

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
09e974ea256812f33c3d0a9ceb9174bc

SHA1
85ed8511f12be2e249dfddf9d4ef7e2684146d18

SHA256
1b935e70366dc3a36cbab34472e9e1944c4acd654246aa7ad3827a6674144344

SHA512
ec9eb753c27fd24336315f21d0b58d38e753d7c89b8719213a29133aabc947ce18ce9c7e96c5eec71e100291d9d4efcbdbe20ac1d66c2511ca9f8a33cec67de5

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
09af7f874e4095a445447f19247cef57

SHA1
4b4de0df40f1e8cf7df0fead67f8fcb3333e3867

SHA256
b2b7fa1385e17d46861b16ada1a6a6487eac48d43ad8744508848359c2764a01

SHA512
9591f5d82c68db9e96e9b897760e0c720288a6298ecd90b6bd352305dd663c70b916538363395bf32c6f05957885807904cdb04c9c7b750044f52d2c9c4063b0

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
112e47139cdc07d375f9e68fe2c483d4

SHA1
1aff65e7adc351938921f0eb4d1d11452b801233

SHA256
807c5a23dc6a159a7b9c1ca6bb74fd83b4bdb9245c96ec2e090464e74ff1ad90

SHA512
7cd7b7df55a42ad71b76598388c9a07de9941a12fab34f388af84d3d5b476ef9768d49af1fd7bfc73ba0d19d45c585ed6c9cbf9609687fea8bd8048ed664ca26

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
84bb81a2ded101680fb4ccf742810315

SHA1
4eff95069d2e609a5a8afeda88fde6a5a869ee7c

SHA256
4d2aa4062e926ac0e6b3bf4268a754a501dac8956bab67823705c3fb88b7acb0

SHA512
3ebb41dde958574877059702caf4a1b9c5f09efdf00e4cec10b4df94bdbd51ffcd2833c59e32f30366e66e7d1cb2e240ef59c101c7c59a28fdd4a8368b8b0e83

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
4KB

MD5
25bde381e342ad4a3fa937e6e26210a9

SHA1
b530d7c58ad2bed305238c09e7647fb463d50ab2

SHA256
b756ee8b567e62a29b88517879e2d502ec1b490825e39bb58c56321d52b5d537

SHA512
6712f903db2b6a448a735fbc333cd19b3ce14d1ec942499c9a64e1294eb7f811357211a985126a10a6fad9d2e3e133cf28f4a328508c5de8a572a2922434846d

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads