axbanker | 16a1157a52d06932ce0f7af9c8725ed8a549aa2ed28edf04650c076608b6bb29

Analysis

max time kernel
149s
max time network
156s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/02/2025, 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4470

com.disprzs.hdfclife:my_process
1⤵
PID:4540

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2309dcd231cb6fd13b953fddd56c3f6e

SHA1
4f29f2a69a4957a301e9590dd09270d967b8aede

SHA256
915f5d6bac7a55c88745c05d0e44cc84e26a4ce82415add63b2c7a08870814d0

SHA512
0663b16fa146b8395bd2d132573240fd6562e8a0ee65555affc548c6e61cde178f1a471a8c1919270d1d53292d821eea2310a3a8d3f3368a45bfa616c55ee116

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
787f611696d33fbe881d740409436e78

SHA1
74da5510847e22a0fa56e6d73931ca8420fd9e5c

SHA256
09a2fdbe60b1301b65abe50c17ce6ad180e275dcd3e37b07989715b646a94827

SHA512
f28b5c397a4a509bd1577c069aa15831ba0bec4d1ddc675984f271500a63e9c97b9a73e997d2601d4e752de15856bbac86edde42a0434720d9dce94dbab28b3b

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c6073370b7b7a157be84ddc0360448b1

SHA1
280b13565a39bd81fa14f50e2979c8f1c9a84752

SHA256
d02231a155614f8b4db5ba1e72bd4cfcc5e8a692260eaab1352e2b4dbba1a495

SHA512
1d1dc64f568c686286c4101c9cbea430be2517283729566ec7281919eda0bbe5e1ffdbe3e324dc4f83299760b7a56bec2f1e294274312953d25bee8c1d1bdf1b

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f57dfea9c08239805d813fee29541357

SHA1
ebf83b975d4ad688293241e2baaf9546bb2d5fe3

SHA256
2c723b76faa1299d1554d0a327c2541fd30caa638af59e2787694fe25f48c284

SHA512
49e51bdb3b1c1f93df42ebaf767176c0bd814db2566d724ac1b16ff39ae164e90f24c6d5e60cffd27c1a34af9aa6247641d5aa9d0750a14a10568cebd1f7f4bd

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
30d69b725234ccb7ade4214346687799

SHA1
602ce026b4d955951ec2674afbb0afeb463c90e7

SHA256
a9afd660030162e080aff81b57082b276a76316e7216ee522fc4948e0f9bc140

SHA512
ec60016046539d38c79e5bc97886696e32f1998d406d2c842a7144852a8d4388c8ac52b5a3fbd379a85a7f6859c1bcace2d0d02d799bf8585362893235b33c4c

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4a8fa74e22c4ad3b71c5015df194a78a

SHA1
a6ff375b996c0fb277c6e0cfeeca465efe9fab41

SHA256
58e06c07e95409ff57837494d532334e4913c0cd8a6cb7e3d6618c7c1c193863

SHA512
840c1f671989f51cee30e4870bf6ca99d2de983a72d79be610368a7b6fb2bed5e2f80fa9b5511405ec9b03c23b505c9c1ddd067de39ca6270da850c1f0aa6d9f

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3b18c857ed907ea25afa42ad791b6b28

SHA1
524af35a7506183c35a33ad8d0d0b21278706aea

SHA256
258431daa8c2b2d21aecb01011028d2d15f8556fae067cb2398a95f9ea7a3a2b

SHA512
446c66a2f0cc19921cf27fe4a419e70e46e813a25eaf9156162dce9bc4aeb41602e16baf9164a95e265be8b2e296ea103599b7fcb1aac6b30e5dad713289f5b2

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8fbccbd9cca43b3581c33b67488c6543

SHA1
0f07f4b25416d8836620281143d0c6000282c802

SHA256
2285bef28663372df02ab299c0ad70d7d892b4032f33f694abcd6d96dd6c31bd

SHA512
1341f4c8bfdba7b057ea87361ba37f7d7ca52a6f51b0d9d021414ee5b6c40f28ec8cea4599843e8d7246c1a032653d8109575806657bc990b5e9bc3475c36b54

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
df7225091f5e717aca8afaa82115bee7

SHA1
f5da7dba82d0dfb00f2f2079e3048d3b96f12f17

SHA256
9e57a5ef5280ea3c94b230063cda92ebd54c70c90fdc5222122d0eca657e7f7b

SHA512
26a8f2781ae9d85e52dbec7b3b40a6548d60c868bbaa46d41007307e2bd1cbb7407f414708ea1a454491da08c965be4a410939f1758783d93506eb8292f0bc0a

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4483194e4734b8229730266f55796be3

SHA1
5ef1b7cfe971b7cebbfcee812c13c9037921d52e

SHA256
4374d1ca49aaf3e32e1393ef8414a9129e5c229754dc3457c200b3bfd33e9c21

SHA512
ae20e222a687ba2b61fc1d0ae2892d635be8e4dbd309da0b997974c78d71f858c810b42b4ad5640b7708c02f006e601ec840803835b689428e02e4b940661e8e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6a531a9ba5d74ce0bb1eec0012082f12

SHA1
63c18c75fedb3cf9b0a90a9a1fd78122a56b1021

SHA256
f41e8d33c26af532611cc05ae19dd8a82e1b02a5bd76d71877c036f251e9d658

SHA512
7cc15512bd532e1788443e8f3e2bbf06362df0cb55c8ac717e187581961e79c3560250fefc7e9f3c8353af19498b15158808a5b22431420f27b84d0f40e1f955

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a25cc9676aad219e1f9b8ac98aadbf12

SHA1
777f508e6176a520e0c9dbbfde8174227cb17942

SHA256
820b8beb18c73a89314d363cf52369ef84881d51a3b2c24fcefe823c6fbafcc5

SHA512
345a6d318bff55d3986fc91d82901ef0fa399202dfa649734ded1ac1862beeb3102d0ef6ddb0a8965dbf91e285c290b322ce3c3d7e3a3d60fff756b667561c15

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation46763108177522586tmp

Filesize
90B

MD5
969fcd5a7f320f2e98627a8c94c61838

SHA1
95ee9663926edef09c01267c7e7cec2599f566eb

SHA256
d429abb4b90f3b3d8df699c522f1cee99565d474eb1753ef035fcb733d5cf317

SHA512
464f0201fe47d27f63bba9b28e1b327e23c012d6302268184498a6035bc038efb85e6e4ce9d2bb4faee59efa0ae18d9c7722cfa256f46cba8c75557504675d65

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation888670322910333029tmp

Filesize
569B

MD5
37212a37a8e423597bcc90c45d919102

SHA1
6289c23a28eb60479ca3eedee7f5d1ffc54e6036

SHA256
8f47766feaedb409e9f9d6fbd9d0dd4851346ec18b9b767e54a3c9c65f4a4435

SHA512
1acf4ba8bfdc10be768b4de05e5520d1d398343f383c5cd4559ebad0c65e8b3e3817cb11fcc51a8202d9db68a1e665aa92e68f480515b7b48f6635dd9e091985

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
9b763a3f3b927ee8a488f5af6475f683

SHA1
5ec1fdd9e44504d781bf969fd3bfca6132d4aaf1

SHA256
04a054258fff0b18ad9d9a9df72893814a22b0e812a2b87e0c052c1662ae8076

SHA512
1f2d6a83d4f15654ca6b3e69fd86dd993b930fb08666964fce4ee50bf45a7952fc1763b79e30c739dd4dbf1f7a614658d966c81255376e882ec9e92d2d2c5bf5

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
d172d8f9876b6d6f16323539e76f6fd1

SHA1
bef8063af590728ce9a1aa763d23c8be46fde602

SHA256
069ec3e765e80cc13ed7ca81772e1ffadba742d4d2f15380b48e60dca834f0ae

SHA512
70d2fe7b0bbf1147b04b1c3a5880032ab98ffec89191e4533d4a21e5f9c1e984718087eb8f4461e8447eefa5f50e4b323864a841831c477d3a9d321ccdb6edb4

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
4f07924c7a31d0222469033982e1e966

SHA1
e4659eaf13b515b880917e6ca91365c7d26f8e44

SHA256
48c5beec137d8228128ae32c088b43f82103916ef2994ad2d3107e7f683608f0

SHA512
1df0fd8490dee03d2e3a1b0419a1a2c1c74c1d56b1691219aadb58e75f703111d1012868e83fb74521eec886ee36a87e69d7ee12e455eff71cb1add5b616b26b

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
16c0d83fa23bac3f9c3b91261aff6a57

SHA1
e6ed95a0f222758fa2cfb51de5f95cfe19ec70aa

SHA256
67ccd2fbd0a63865db716f18f9c8f8946f8d22d76f2a0e24aa08bc45f878e233

SHA512
03c1ecc1f9f75eb8eb150165d48fd89bf2eb220658653f6a57b409c28ae76e042a5f2b68d4cd31b90f25f2767791d037a880615e2adfd9d09e6c3f1fe3e75eae

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
6931cd0f9f99d1cc623fd471f1c456cb

SHA1
190f04d495a29ad01cca6b60096dc3b6afdd86f5

SHA256
e602a48707405dca4a6945542c531d5f49da1b6f875ef7ead29e1664464b64ed

SHA512
b064ac0a17eacb1d9415bebf3a946d4a6150559cae6966243a6a372b8d8fa7c3a51531b8e6ef386188033d32a5f3d16ab5332643ab3cc6c5ecb4732d1557425d

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
ece06bd6e2c0545839a53ff322ca7391

SHA1
5bdd05677aef2b528b07af2e6bb160f933e57845

SHA256
48d0d71fffacba39c9039674d4c34103618b40c2e8dc3b3391cd67019f0583d2

SHA512
61169d69de1dbc7013843de803cfed5099e61ced49662549711113757ed33fca5826a2e5d1f37481b8935c4a74232b6abdd3d221b7e399c76e458e73342e4d02

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
12KB

MD5
510e18e15671209f5b074784d0685ff2

SHA1
05aff2cb669a5932b6966665726d3ef7c1899f7e

SHA256
f48ccc7826104909565b09ee42215f4f5ba547aa9a1a8cba3d9fdc610d3d6018

SHA512
1f30b5ca14db68c93e9ace8dbff6e838731fcfb34922f861c1abc6c27c367b2f49ec735485371d9787e869689e845c99d77dc38b1fba791952145f3707c65d59

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads