axbanker

General

Target

21478550451.zip
Size

26.6MB
Sample

250221-g5vm2avmgt
MD5

d74c9ad8d581ed45d277c25869da5d9b
SHA1

67b50f320970c4877b16bab61b1d39d80c763e08
SHA256

16a1157a52d06932ce0f7af9c8725ed8a549aa2ed28edf04650c076608b6bb29
SHA512

fb7f585187ab76665e1ba80725a4e383d6d9083924bedf42a8105b88cb861737e26473277128e80c9de37558d5a04a76d911c0fffdb5a60824146135ba9cbed9
SSDEEP

786432:MYOKQ5AwStB7XME9oIyFZrNZ5P1M0phfyPG:LOKQGtBSZd2u

Score

10^/10

Malware Config

Extracted

Family

axbanker

C2

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Targets

- Target
  
  afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc
- Size
  
  27.5MB
- MD5
  
  beee1ed2dedb77f45a83dca3ef9e6626
- SHA1
  
  6f684f2f6a9baa335f18bf3c2caf150b71e95e32
- SHA256
  
  afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc
- SHA512
  
  86f03d4f2c6f766ec93d12b0f62b4eaa100e9d708cbf804a22bd71263b1cde747bbc35ae2cec40caf5c396790ce7d9dae4eb5e4c5140db92968c9cea3228111b
- SSDEEP
  
  786432:AydtjvnZqH5j9MHlw5JT5Ifjhrk9e/PaIlAE2qSp7D:xvcHO8p5EhOevZ2BZD
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  aa-bb-cc.apk
- Size
  
  25.2MB
- MD5
  
  eb3221bc83d0e78a6839c9c81e738812
- SHA1
  
  264b0fad92be4fadb1731ed750b06db744da343e
- SHA256
  
  d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
- SHA512
  
  6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
- SSDEEP
  
  786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN
Score

10^/10

axbanker banker defense_evasion infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Declares services with permission to bind to the system
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests dangerous framework permissions
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral4 behavioral5
- Target
  
  origin.apk
- Size
  
  11.3MB
- MD5
  
  596d77b3f736d77e31b622180d4c701f
- SHA1
  
  4c61f2273734cb7a080fe4f089440068da49d080
- SHA256
  
  8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418
- SHA512
  
  35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe
- SSDEEP
  
  196608:z0DintMBhkRaD35nD//fi9uLKpicmIOhgYWWmDzFk5kr+lMrLAY8zYccBoB1Vqmt:jtMBK8D35T/UppicaJiFgPMr0zP1V3t
Score

6^/10

defense_evasion persistence
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral6 behavioral7