axbanker | 16a1157a52d06932ce0f7af9c8725ed8a549aa2ed28edf04650c076608b6bb29

Analysis

max time kernel
85s
max time network
89s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
21/02/2025, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4778

com.disprzs.hdfclife:my_process
1⤵
PID:4895

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
52b5bab6e26bf36d7759df5b74430215

SHA1
db07f7526f6551b15cc1749805416481cf833182

SHA256
781ddee27b29f53321fd0a61e7c296d72c15c5157a1ec4b7b36c8bf47e3f6637

SHA512
ff3231f7ef5e3386137a5b69d456f3534754dfc59478a10039b382ecb44f4e3c87dd9ac582d34aa854e1ab621d277dafdf592711db7baeb0d613d29819ac0650

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
88b745ee0bd7626a1c8fcde98434fad5

SHA1
673a40629ea46356b755ba0eac89077e39d07240

SHA256
d6f7df718176ea430e95129ff80d99d047ec7a5b51b21fd64b96d6c4126694a7

SHA512
55464f657c83127fb989f2cda76446456a7858992fe11d1f8c526b12eab7a6a8e903c301227b670a2b587ed80d9ae510cae433dad4c85a64490617f444081063

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
842f2785a219c0199decc803ae5bfb1d

SHA1
6bc9fdecb936db883636d3bf660fb83803d1b675

SHA256
b8273397f57773063f3bc36e99f47f083a68d4dae0cd66b22c8aadd380c7067a

SHA512
0e62169a46eb79661f97da7a947348bf38510ddc0e7768638b4843ba6855eabee7f055e9e6cb727d8f20eb77dcf795d43209b0d8f2baf0dfffa9dc7ae5dac175

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c1692c1053909700b3d7dc830708b934

SHA1
96e50f4527c0748f8dad65d0b1b00fbc0f98cdab

SHA256
e3f3f1b35a72685b789ee2e1cffd9409273d9dc2bcf01724ed24b5da5c96d558

SHA512
7fc5ff871fcb19c7ce8a0969bf59ec29b28e7c79245033fbb3fab59560bf39aee9abce1a6285f6113e803a6581db8c4392d046da51da8d46fe2bd8d77796cb2c

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
69c941a47739350865e6e413019a953f

SHA1
993e27987031de9f50c2967516706a879825806f

SHA256
1990e82d4e9b9a8b843872e45c3e255520e0767c7918ae1501102e866221cfa3

SHA512
4ff0a7473c762f08dacdc829dfa76c97e6df6a3f5dc55069e9775c17162722bfa2aa36bc5678f29cc6d40a9928fc77dee5230e98e53d4bcd3832c471347656e8

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ff61392c01f9256c42b6b3e4bfc616d1

SHA1
91112bc0be9ea58ff6e6d1f740902ce79b9412a3

SHA256
25d6379f06ab51862ea7c4cc72d41404091cdfeba6bbdc7f4ac36ea729953398

SHA512
e252fbf76fa6c527937dd0f5cf190b499772f4feb8003f18652fe86633feff0c019752a9b7082269c66d8135fec01bd39b7cb63ad5dc9384c01cf959f173e11c

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c846926f8893b86a5f18b30c2eb70880

SHA1
a7976427973f4d2504206be6fe17a22e323e3675

SHA256
8fad6433b727fb6ad64029229219634f4cd56b5e0d7bb99c83139be3638aee74

SHA512
5d37ef998cb0e68cf480e61aed8671d08742bddb98ca48c6816b1c754f67716c168a3a71e7634ce84beae6076551e0294322baea6ed5e4eace2a07eac2a524af

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7c0e82862cf52f0cae27779300b06228

SHA1
6e5b062cc5808fb2ab1eae0d84655701132c39b8

SHA256
703a31aef4111e9d323a734e258e0a9162301d1b6fe105cf347a2186c0392e55

SHA512
e027a5c236a8adac0aeff438cd7e34ca3bf4e7d7e59039a774daef417367e89de9c4d6204c8cd4f6560bca874b4503680bd0e3807d440eb86bafe6aaefb037db

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f2e4f8488bf3e6e4e30bc66be0c2c7f6

SHA1
c456f9eed6326f27404bd8f54ec195637e79c720

SHA256
16843e7d25725683830575cc41e2770445d6a2769ef6bc329a574c5ba7dcf558

SHA512
69fa51ef71e137ad775e0b7377f37027e2a0bb9a5e99bb7368555a2347a6d44606f1e0c623ff4b7beebe032ee8c085b0500879e65b5bbbdfa1994c1591420ec0

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7fb4ab11093fc2a14a75720bff62cbfd

SHA1
439c9289e5ee56010233c25e5369b5f39a491276

SHA256
af73ae38522582594f2efd1ccaa10a5da4bc1a357d8dd1a0f76ada383f90be72

SHA512
b953d4503b025f644465cd3543b22237428dba2433e4a69a6a478eb3fbbd5d888ea6a989c183ad2a9397c4ecc5fc91100cb7eb6ebe38cdeadd74f9d2a7c224bd

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b87fe264cd87b5d33a850c51a2fb391c

SHA1
55b70dbfece1a36aad17f2acb0423121aca72a2a

SHA256
7004df8e5c5c2853fcb239554372da7fbb2c49796cb4578efcdaf5c25564dcfa

SHA512
455ad02681032c9cd361f4a344073c1c875adc1bae3ef2afaed2f7915b1a8436063c34fbc3dc554b011cfaedab9818ac0f87e8c16d5e4feb7462283e757e5834

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
aac390031019ba517464a4cbbbc6d0e1

SHA1
5f50113a93c1ced5c1738a44957bd06b8061eda4

SHA256
1b5c99ed2fa550ff420ca27268b6f7fe6de5ae560e9cba522c6f5a10e9fc7bbc

SHA512
e4cfb63c1338c951415cfe8ec5b34b49da305f8835a35b967aed3d6185b8d889f10b2cf16674b5014a26cf1c11a81f49b91c23f9dca46ad3ab1ff7298bb1fc23

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation6274715154115973360tmp

Filesize
569B

MD5
9f38cc1a3da01308695cc27e13c6874b

SHA1
b7043dc4e0c987e4d263b2e9779e63fdc2616ed5

SHA256
304c007d313971bffc29e44cc4826eed4726497aa0e38643c49cc9bcf898c860

SHA512
763bcf5e4aeb208ad0e8585a100714c685af0ad226c344b96f2acd18c9d34d70d8cbf3b57cde68269c0c62d33067f091e12904427e0fdf8fde58b931484acb42

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation7621361667906199693tmp

Filesize
90B

MD5
871a200c78a062047ab53818422ad0e2

SHA1
658c6323498624ecd453a1163fa910bdfc5b6ede

SHA256
37695464da31beed60fd1b4db98ab18846dc4fe79b656ce579067a2444373d3a

SHA512
e6594f726448d2d0a567c2e01fd91718b83cc3533eaa885f0027b9208697e0cd8c1e655a94e457b8f12c890758bbe0c4ab4ea100bfadc33663fac05398470ff2

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
3f1373349e00bf5b1462ab81b9a44650

SHA1
575fe0b2add7d26787fe71375984d4e35e672763

SHA256
09e5e66f85ff441f9e572b01ef69f5b3606d218c954cfe9fccb515f60af04fd8

SHA512
e95c0f7f5b23c2cd93c90ae03bd813ef9daf1f717a4a6eb09c40e225d2d4c22bcdf1ea740aaab1075b3d5ecf628d080f430ef3c6c6ae9a71936e98e8b56792a8

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
069956587be509747ac46f44184fd7a4

SHA1
411f1597da93d0ea479c4d136f0722ae9499a92f

SHA256
9f602ab756c5c45684dc08533cb3a40c2c3d78224d25eb377a231b0694aaf9ed

SHA512
2190613d8e520a49665b91ffe2151345ef137d458f19a219e9b427d83a6724b1231a0bcae05a20f4a8da801a2b9651df2dae783f0c2bee58412ddde3a1c2cef5

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
45230fdd4c5e73f7e555a4ffc53a05bc

SHA1
ffa88bbb9dc6ce443236a396594e618a3fb68822

SHA256
3b8fffefe5b3dee0a914053059013cbe64902953c598f60819e05e3963c2c6e5

SHA512
ff290811865fa9d5e2ca935a548b40ef2ae59e06b669d133fae9ded3312a060bcf769f7eb1497b4f0dc38fed1407b2531609a64735b10863df31f7921501973f

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a707b9cb39a429b97d5b2dc3195311f1

SHA1
abc5809d248ab86108d0346a76e1ae519bea998f

SHA256
61217b665ce14ae239ae1a2e74e7f4bb0f827e1beb699850071e6ffcd3651d93

SHA512
91219516760ade35f4d7880a2489dd1490b2c0981c39897f7d6d952bb4e50826f3bd149fd1597b5e7cda4521cbb39e1e4315685ed3d9e39b4b786e2a5300ba2a

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads