axbanker | afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc

Resubmissions

Analysis

max time kernel
143s
max time network
161s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21/02/2025, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4260

com.disprzs.hdfclife:my_process
1⤵
PID:4329

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f15b2de47d2832fa611a801bd9d7ce88

SHA1
43a3dae99df6c466f69c34199cfb6128350428e8

SHA256
0f0070db4b16035face1e4def44796257a734fac04663efceff90993368f8d16

SHA512
b6dbd5b6b00a33dd0c15b9e0363ab3ced983aad30d9632d606ed06980a74eac3213b01f0553de84af9c396141ff8f098886a9f284221e2f67c0e570ef4edbe66

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
22cf55295c40585f5460d6cf024b0fe5

SHA1
2446772fd1f12b43561ee9982d8cf2084dd8e0b8

SHA256
323c8b0a7e2563e7e33ee18483217c148704295e32c0575dd6294cbee6e9b069

SHA512
38ae9465376c50854b5e8eb6c0fa9c3c4b9ad73ca8bce538460793b09410d3fee976a89edfe174c98b76af904b8b8d580c1de8f02e5be60da8b9bef20fffcff9

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7a83d68219c183a41823ff17fe705f07

SHA1
d72d00657914b75274c49a0acccb4cc4c2c78d7d

SHA256
6343753b8bf65ccc716a20b75585815a5cf00463db2f47b53db90cc25d93ae68

SHA512
25d167bb496d1ba8f07c554027b2ba039fd2d0efcb40d6ab8672bd5b8f54c763fe5d8d444d306b72e7b9701e2dddb624eb890158da20d455fdeef3981e8c766c

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5ad4f609a842f57e3992ba5d082eb7f8

SHA1
df3dbe5a1dfa037c268fca6c01b0ff8826dbbaec

SHA256
0e3070b40d84760d420e900c52c59f6cfa2a6890cdcbeff46fa4f0ffd936fef3

SHA512
167335f52a5ffca1c5284cb46bf0c65a00c2bad09265720dd8ec9fd587644888e51e99048c970b2b1d731b02426db7ddbdcc12230bbf11e59ae01d9373730871

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2e77dcd05acdceec366d93275dad30c0

SHA1
fd29150b74de0601589856de9ee17308efcccf98

SHA256
953910f1400f96563ca455fb89060ece3f0d4423ed3d1c2b2960463df3b5566c

SHA512
da742e8589de919ef58ff99ad179fa79a00c1e922fb46382cf3989f14741df0f28969c72c81964cf22f915033ba468ffdf5dc3ac678215a8785433241dbb6436

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9652d23a34b310129af9de1c5bc9f2d2

SHA1
55f3a6ab4be77e002da33215cb149be9476cfd79

SHA256
e3a147150812cab0249038b27228d642e9fd79a04b2d539dcddd8d6e9b11d1a3

SHA512
d9cd35e625d072239aa4f67b60b43f3631c5053003dd8f37d1b06180f66f56e50346603c0f4d14b3893844a33df5936639c1a7879e15f9e72330078a1ff64fd4

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c848ce56e63ba7ea3d0c145a6701da40

SHA1
6a6af75194554f82244704447319732dd2310dc0

SHA256
c09cdc5c9f20b239a475ae5876c7d7b34ae0290ea6e1c8b107fed1afafcd5b10

SHA512
7f90fc31b1e68aad24531062579f760d155f5d9d4c28e652b1d6187d9696a035703dbf85faf12f11ae89498c0200075b0608043971ab9884d0824c3da1dbf5b5

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c57e7459e4fc045553bd56275e7781bf

SHA1
58b1bd889a2597858533b91cb0eea6af34a5a90b

SHA256
73ae9fe332604b653ddea768ca97d1314819371c645519ffde85184f189e453a

SHA512
cb05c9b57d3e563fd6464e5bb65f8a1136017963e54de9e66dde53b24bbcd2ec64013e9e65cc5ab4d06511a6a239128f7a9a9deca0b0ce59879a27b1d0bc13e9

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
bf33fbf409615c482b69bc33f9ea3a0a

SHA1
27972c7517e5de0ccb7d0a14f769d41f4626392b

SHA256
eeb753591e686f8a30d353a8cdd51dcc6b0521f768b1b0fdde66d3922a220975

SHA512
3ab6e7f5a516bc04d0bf974fe4220a4620dc7a45743ecc8117824887396326dbf459de532eed951c54c771872c1b2ba83c72e5f0604f926497d691f4f155ac9e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
036155713f2c7ac25496fd8cb71fa52b

SHA1
fcb4d2bb82648ed30ee872ae7e78461bf1e112fb

SHA256
fac15713b9c1d727e11f7005315ab283385fdbcb41dc9fc91bcdce6c848d6aef

SHA512
9334a2adc46b4be161b0b4d3614c0d9cef8955968c778cc9b88050a5f93aef812948e42b0034ccd2aa22a1e2a2f9b20d520572bcf450698c1ad5651bdeccd10e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fcc525762e644be1e32a20d396e47015

SHA1
2b917135df07a70708416afb301066202b542106

SHA256
7305ab6de05c30f0f6b44ded6b79e84587f1ebbf09953ffa40e2ad8febc36691

SHA512
6cef1ed4cf97c7186cb2a51d837a32bf2af32e8ab76cff40dd13fd51089269121e175601e7d384e81ceafb7f725f53517f3b055af999d5dc1fe597681675814b

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
06f3c7e8d79d538c7787b6c11b4bb958

SHA1
52d3544ba956796fc39be5001be045be30342ab4

SHA256
f9f34beb7f20a1882d172e719dd66b2f5775542534bb39750efd370d6e72c241

SHA512
2877fcf9901293c0131813d9aee2ae31284963b8c508f5961720bfdef072e06cb646f8e5b34e6866f3928060a7b112336ccf7a9bb4951ee5bbb11440dede9ba0

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
1d13a8bbd8f6363c8ac4f1451f14d797

SHA1
e130349c6ec96eb1b0746ffa4804f4e02a621382

SHA256
3e71fbad5da8d2fc68d6de7da50ee0f9feebed8cb0bd8fb1a341ff859e898e32

SHA512
7b445e47c1022f68a6e33642926b2cc7abbfc485f6175be9ae3683a60961faab71b71de4ad426a1ff96418f7375c379636a67167b3cb1d1719edc716ae36b304

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation2821455229976543601tmp

Filesize
90B

MD5
6bb3ab0513db85e13fcc5ae51d15ab46

SHA1
6ed9972534852d3dae692db494a1bf54f0627520

SHA256
453a731c8df65763758a4f9104b569f11d4ad1109158c3560d964df935f11605

SHA512
486a6fdfd3ce63940169c6c6ea7cc2170d01ef62f1755d502151992e448b34200aadd43581511b0934e62779af6022f97dd3a3246822dba5f2c658d51bc1ae63

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation5805622982783684277tmp

Filesize
567B

MD5
e553fa50a6578480ba222e3f5fc4a269

SHA1
327e177efd8ac99c24660c78852820644a9c7fe2

SHA256
c167160eabea650793172837a9ef3af941091a49d86cec15190609a1e49bc527

SHA512
61b72349002295f06192a20fd68a191d9dab7774e9df1a735d39303d9581dd6c1fbd5b8ac2c55aa8133bcf7fea505ac2e8090d6af04f350fc0d39ead0497185a

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
38148b79e44ba8311a14d3b879af9ba6

SHA1
7b5b12ec9425e0dca294be6618a62803ede4a2f1

SHA256
d9b39ea4612df6640a758ab113c9eae9dabbd17c1c594c241bf57f64215037c6

SHA512
5f144a760abb4958721233b0ffe99271847a8481f8e42755bd135c5ec2ca3fd33432fefaf542e928c3b1652be3160dab1300bbdcc86322f55c45150d5d3843d5

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
a2dbd96f17143d33b35ea197f78dd627

SHA1
97510ee6329e3aff42148faa91480d0587bd122b

SHA256
94f65d14714f309dda642385b43376e86a6261e32be64c63db2420b164ec756c

SHA512
eaf14dd5303c280b859747e5d2e9a070f0e0bdcfd709381b894bb352f5f7fad1e161247f29b970fc086948d249dd07b8f75dd880f4b423db43982d1c6dc050d6

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8372a27a07b42284c34865ac97e6542c

SHA1
bdd5ecfa9926c67e923771606e9d7be1d03572dd

SHA256
46a49c13489efe2a56ffa585d966af73e590dccbcd89713e78c02a1ff12b3af3

SHA512
ac7764c13b3807f8e1e19352e89c9847fb45680c8529480bd0fa387b17722b9c58d38288f25067b4b557f166ddb075a08b82c3b476b0072b0368001bb9225576

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
84557d03dbf864e981db08b502d74c2c

SHA1
9dc46182dcba1958171e842e0a03d18cd61c9046

SHA256
da8bd6ae55420764e12771beb71829f4783cc62b923fa788878551de3270d238

SHA512
7fcd7b0ca3ca28d941d550678e613fd0e6dc61e05456c753777dab6082354e75c2781d6e96aca7c451ed0650ed0d14f03f05a76717e8e22f4ea5145f0109733d

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b7f0b6aee2e1a57fc4826661c9f64893

SHA1
372286bc052631bef1809a2f006f98bfa85c4fc5

SHA256
2622bca5dff7136748cd456fa68f42df07db762a545441d0959908ebd5ed2367

SHA512
c14aa7a8d9fce39156079207507b68bbd08874d2338b6f34a1d372830aa47a994d7092b58b8484f920d10b94c10871c7e67a9da831dd25934ba04b340d2e76e4

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
12KB

MD5
55428c82cb5f77947f1adcf98e882e5a

SHA1
17da26d613eb987fcca88218e0d36c910bbdbbd7

SHA256
f818acc9b2190ee4ee3466ff862a13601fd8bf1fe283359807868a719a23a657

SHA512
fff8da6c4856b514e4385096bc575ecdf5eae196f9c2c678936e355e0ae1e3269b71cfb91286173a980440a8688e9fd0b242f5c44474e335e6fa50837a59900b

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads