axbanker | 16a1157a52d06932ce0f7af9c8725ed8a549aa2ed28edf04650c076608b6bb29

Analysis

max time kernel
149s
max time network
153s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/02/2025, 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4405

com.disprzs.hdfclife:my_process
1⤵
PID:4478

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ba36dd1be46cc28f1d99c18be7c025f8

SHA1
e688cff6a543a824cd2d54e10b1268c9d1d4800e

SHA256
3c49f4647b6bde188afc8d21f69f0a0d57fb7342aaee2801c656c367a8247279

SHA512
7b6e3294992fe104101acdd0473c5ce6fa3cc47502ea45b8b0325bf61ed1b00590cffc253ba9da6969d072a190c42d4f38e0bdcfa7fd7946680b1d50073e98b0

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
af7c5c65da4bdad78aa29ef44876a6e1

SHA1
8b0f8149d12bb5ec845b58af88fd08b3cbca598e

SHA256
453c4e24719a9e12eb22f513996872154b55e996d8d5ebf9391568f6d3e3dd38

SHA512
e0f0d7eb71332aad70fcef97b150ce6b9e52cfc7266ea3c9c56f0e7e74f2655e6a5789ffedf7cf8f44e892888f35f7fb3f10ff0f5c783bbe441221e083492422

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
50a76e220a181fcba6f80b3aa38170db

SHA1
93e4bfedd383e6665e23a0d26a56b308ba4f6444

SHA256
9614f199be5b5726e78a6b6d409112477f4f32e61dfea683ffca93427cfb0e8f

SHA512
f213c81f7e6c042c14ab8e574cff97a227aa14d7dd8beccbaed4e56cbafe1b7ec7b8e304972662daa96effa30d399739e6b4f9b698b579065a41536a35d9cf83

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
789b12ccbc3cdbe3448237811bfef47d

SHA1
81395f68ceb6299a0d8f774f6f5bd931c6e74e0c

SHA256
9a0c8169387dfbeb3f2c1beb039b82427c4d99ef698694a6f0950d4cc2e811a4

SHA512
b2ccfcb923f5a405ca2b1d0fd31d89b0bdae619f100d99930e92dd6bb1803f87e48577fc7597971ec1425f23d3f9dcc32f3da7b008ebdc3b799f991bb2eea14e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2e77dcd05acdceec366d93275dad30c0

SHA1
fd29150b74de0601589856de9ee17308efcccf98

SHA256
953910f1400f96563ca455fb89060ece3f0d4423ed3d1c2b2960463df3b5566c

SHA512
da742e8589de919ef58ff99ad179fa79a00c1e922fb46382cf3989f14741df0f28969c72c81964cf22f915033ba468ffdf5dc3ac678215a8785433241dbb6436

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bcfbab7d16a3528afa30d71227ef0a0c

SHA1
b98f864a9e01d5e95d94bb1142cce6cfe758af28

SHA256
f2613cd484214afc145600b9e28410560acec517da56d2a15feab4435bee39fe

SHA512
d62384c98b75f15d13558f9a73cf03b237df75d22a9fd1096d5fd9044e33feb506efd476d6fc761c9694d430163cecc5c95629a560d9989ee70263e992926cb8

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2d9ea0078ee76346d05b838f90d81ed8

SHA1
493aaa6505a49fe127e7fdb2386947ab459c096a

SHA256
41da78e49c19cb70d9b2b45fc5384f27bfd74f303b3c3157ee26d13cdd25eaf4

SHA512
896b7bd75c42e0acd65458d9511a34e2722703cb649fe8c1f09fdaa96ff791d8c2bbaa5722ed02811e8bf5530187b2fa807c7247f6cd49b033d619ea1ec5f424

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6c623df8337877e4b6319594bc72ec29

SHA1
77e5cc9b81e90c3e133ceec7991fd04109118be7

SHA256
cea7529fd1be6e215ada8c939749a8e8e9011ff65a2b34ec887cc2ef930492bf

SHA512
dff887ad7c76987809cee9ff91624bde6973f9742b7a4e3d5aeb713906e89d16b5554320c22a87fe4f0d00ea779539c043dc0f44dc8b6e27492fe7175abec50d

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
08b67189f350700fdc5b61b086c6a73b

SHA1
f0871af50901431664342ced27ff7235abe87039

SHA256
f3385c4dff1664ed07ddde77cd9365cac34ef762298857b158f2be717e1fbc36

SHA512
5980c7c2737ab04341d878d8d6959e1cbe90ec0d01d4e6a7b5cc5455aa5ba497738486ca149a06c3ac97527a2c0fe6ccc5321868948f796420413b8762030173

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
17038898c6d71897c40ccb0c0f3a2e2c

SHA1
750682f4807bc6b9a8a3317e26f721495a3ca926

SHA256
9ad8c643db0b3bbdec245363d54f682c8e820038a170e2a5ac557165c734e361

SHA512
f94257b8eaa65dc38152558e2484c708803f57d4ad5c806f53c6a9e78c8a0226f1fc0ad31f52758e097053a3559d0271fb06d4f521989a1c57535af804642419

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
01ea90186d9e0aba237d108fe06a6cff

SHA1
f4863f6d41a36f12ed4ce42a030a4983aa260a57

SHA256
2f9ebe4370da6337320023301335978619095a83d3357d2554a0da9bafd8f738

SHA512
998dd557362a3d94b9367c86726011f3e357a80b41e3ffe56f39f24ad3857637cc9b08c27438726eac1036023672073288afdd300289e272c83b24569132c529

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
37d91ae9ab427e5fdd05aa84ffaefded

SHA1
9c2cd787e6aafc0a155f2d3beab4a17f88ef9bf2

SHA256
51463da650988867a42cd7d310768e6bdde42b3bfadc234aea76db69256762f2

SHA512
0225d63a9c84f6f3992435d2641ed8565a0d7b3d12b58a084932c3e09ad96e349b0e90077b1a3b8bca732366b1719e735d006dbb3a28c2a2fc05d41d11df3a27

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
465f10c4842b07e93d91ebb1aaec7894

SHA1
46257026b2631d32ecbcb549f845d5a5a8732f00

SHA256
eceb9f1664146753e224cb1930f3e7cb7e29de71d1b7874308e496a7d0cbceff

SHA512
936f54d8a434f26c77c39962a003f243e0984eed25fedf26cd8ab3467841d03a2083e8f98971a2059b22535140e69e1ab55b3228ecc82256ab25ef882c053957

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation3368921199652156378tmp

Filesize
90B

MD5
b3db971f989a081454e3dfc422c8dac0

SHA1
a94b7b9eae6454b2032ad5e194842416b47a6ac3

SHA256
e0e1a9296c1b43bb7181ce7a826418caa905b72e224558c286698f07d73d4b7f

SHA512
d8e2080bc623bd17a2fb0a49e7ec2d840d5b776f77978e9cc6cb05761a7d17ef84c4548ad7a52f78268729de664b7e80fef9a5c6b63a1fe87be4543e8d932b06

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation9157738889866988834tmp

Filesize
569B

MD5
86d39b1d1ee78c38b1c52c0ea99ed4ac

SHA1
b4dd9620a286de1440b88d72f25cabf1d9821a17

SHA256
5ab471e4b6e6667db02f4725e0542876d7d10e3698bce5e94ac87760b3cf3327

SHA512
5bae673865c3b78abab04190f0a7deb72871771dc977c50288d00ac51e8b48b71c49a401180e26c820473a803e1d224d961cd16c57743eea097a24f0a867cbbd

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
3b069b307b6a620c1735fb8cbfe74eb5

SHA1
e87b9f1f26d6451a7359bbfa39e4ca72676e6aa4

SHA256
8e20102273304f2538c6d5381851b18f748cfcca11198780d990dec0f24dd546

SHA512
d63db8f5aa9d171ee175169ead8e957687a05623a4e86272f666a31be0083571da5d508ba17fde328ab783fae6e2bcb6a6a56aebbcd7ee01cdbd08c13cfab608

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
083fe766889c9007dc75485ffd6818ca

SHA1
3b783cd3a481473a60653a4707b8744542e22ab9

SHA256
29b8f86a6bb95e795bb85e78d8691a96fbda2729cba5f2fe156d8249346bbde7

SHA512
94da953319ff6dbc4c89e449bd359b543c91f2b20a572dfa6ef531e1f7101f504ce2e078d603803bf97cd4a7160d5fedac9aecc28ebc81dec888256dba72f5c0

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a1ac24a83e372b89deedfdb40b896bdd

SHA1
fedaf84075ec3bc3eb5cca3e2f048f9c7edd2fc3

SHA256
8ec267e46b1d20814358176363e411e0bae8a133315d092ff29f9336c30bbbfe

SHA512
948bd60e335e0ec815979b2eb1a6af99e484ec1bd2e7ff9f39a87f7c8f3653a21007acaa7b025b3fb13474fc65fc3dc703dd05adcdd7a91177a25bf6b3db7ea5

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
bcecc03e18f67abd1ce6c7dbd1f8437c

SHA1
0131512a7c3b701f1114041eb3381fbc5007d5b5

SHA256
a0a1f6ce58c69576a8ec3359181ae70f1c6c934c1f77b82216437b3a12a65c2f

SHA512
f0ad0da4f8ca44d940efbb2f934730ea1a3b2f60ad4689ae0b19341a03bd176d6d6bd115bf1c2374e411ed5d50d35464cf65bfe5a76f8cb10f675f6de078bf7d

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
785f26c61ff82bab3b61808a9cc88c29

SHA1
dd8402df8cc64fc2e6d7287353059ea43a6d9ed6

SHA256
a6ad2703824d0a1be4df0b4da50fb572aeaf2000dc792970061426683df73403

SHA512
7acc530149951963945a8b8602b522bba2a83ec9a5672f2438d22049427a5ea691674c593fef553e56320921c448a7574545777ed3eca25c09363215d7f3dee7

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
12KB

MD5
14eb9cb8f9959b686c2b8927ca16dcbe

SHA1
70e93222603439968a94faa8d77a376cd59764c9

SHA256
18b17b503c020ca157c8f4fb7024295d465b65f3b81611019c63b6487529353e

SHA512
4db38125f7c6f65e194a1e4561109b578125d8fbe4f3615336b56b47ca38cf828c1ef41ea9497b6a28b45cd1beef620a1968f735fbaa6d19b36b002b9f4569b5

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads