axbanker | afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc

Resubmissions

Analysis

max time kernel
149s
max time network
154s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
21/02/2025, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5153

com.disprzs.hdfclife:my_process
1⤵
PID:5278

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a35d6bde363f4ded7f81aa23f21310a0

SHA1
26313c6296f9bcdc7e97919f772cb0aeb805c847

SHA256
56963141f1ff91de3be4ed2be28c41314d7d70dcbedcb8cf9ff534720ddfc861

SHA512
b648ac34a56326d2839cb0e0591bb47a06f8f7c45e34dda2a42d9ca3ba1cd80c9ceced58177c2f3c729c73ac87f894e5b5fe2de811d7c0c5f16680fb7c99e83f

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a3a4f649fb4d40330fcda7ae355eed2d

SHA1
9d38943226b3e6799040b23c50db3fbe07879fa3

SHA256
c61c44b23310b10c3ee85c4ba419ebe2d3cea01069fcd13212ae2cf8605b16eb

SHA512
f367b8bf01bc0a7dedf5d79d754ea23d3acd36dba78b5db8459b839728b964af8f20e4221af6abb6046b881656d0492ae554e445384292adabbdd700b210e097

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8acad71b608d13a83202808593b354f6

SHA1
a1848af5dc27e453b191169e4047ed2c88ab50ae

SHA256
d8cf2a4bff61ad482d7c90eab3939e107e1551f3c582c75d23e77a795f8e740f

SHA512
e081a1ab606599244cd218db79ec7dc525b529426ec39b20ccf1da5bcded379312fa169e748d3f1b2c71f6f871390b80692a232d5d166dc57da1bc815f28cee3

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7ed099f4b8fcf8ad482c8ad2be26e94

SHA1
a6f05b5d0d80d20245515ef3e3f14a069d93aead

SHA256
e6f1d3342329b927149e54cb3773ef24d0a89335162f131e69a7c8526620a33a

SHA512
28f68dcca50afeb02266a0d2303f4a7bc8983629ef6691567b242447a9e2f4fa45bef88cfe815639e731d642647eca6cf23f27befcaccb1d6475e346c635aa18

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
96397d456cdabd74d321eed8930a07c5

SHA1
335278c2a66bee0f6ca3c0f44158884f76868b06

SHA256
2209dfc9946a00cbf0728da08772b5f8d707cb54dfb65360b8b2644d169f8067

SHA512
2fda1f6e650bfaabb754b9bc1c822b195bf38874a5e6408b2430fd35bb7023e5b7bf19bbcd07fdeb05bf399bca6c8bed58c3854466f2d76278e1bd48dc1c5cb6

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
80b2cd46620fed16039543f0356de249

SHA1
ab839277377de47e51b565868c663e4ff74c0c3f

SHA256
edc01998389776845141549c6368a60a315335cf29cff33e018b93ec880d056e

SHA512
f622310bfecccb2f8f8256f5c4e99fe11982c8da0e7f7c9990abfdab51ad493185c817f8f5cd6b1f8aa80e08183c8663b8a80444a2f92648507887ad9e441930

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
73e070dd1de576bb175e9391707f7957

SHA1
b9857226a8b720b93eddc6deadea0622b68ecca5

SHA256
89792c1be392e3fe61550d21d7404b5c407921a91d12378555169d176ba0cdb6

SHA512
f27e772fdd775cd053423b4b54b53d2945e79a758c4e0bb3024f43b63ec3ec46258eea168fd8294f760def941ab7b8b2c3e3e410c50fda17c6c10219c3ff2a19

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3888d8947260457db727c6f3d68c3e9c

SHA1
a71ba32649eecefebaa61a89143b5a25d91d2994

SHA256
4e08d18eb11273c69f1b538a4e449a4a82fbdf36b045aa40da52b7bee8360515

SHA512
feae722fc1f26153736b142f1d2519f446cb65ffcd070d1a43aac994f17e3dd37c601494cea12316ec3783117705472ba1914bca2a56d8096b57bec00171eb91

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6fe5e1b18b091312e6d635ed0c3c7b74

SHA1
ea07a564c2c0733d5ba765263723539fdc0baf63

SHA256
e2d430949b9c9067909cf0d80e548211179f9156c61ded47dd546b1cfbb9015f

SHA512
e60581f311bdb53a54aa0938344fea2aef903a308a3e10b32714fe2eeb507da643b1b4996c1c07c67b2f26f1ecebd0d34eebdd56a9fd2e4055490be509f0d356

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c4237ff56ff067e04d444878380344e4

SHA1
4ee81af0f66402bdd66b9a662adee11a7b84691d

SHA256
81c0737f556546b3261320de3de7dcfe565801361015411a9086c36a5a8fde9d

SHA512
51ee5d61d3535a020b406c9cc130842da487b3ba991fa4666e10e468cbc71fef1431f4d9dae6d6b09ca58589d7de949097884f17f7420608cef04bbb2de2c4b4

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
a1ba64b2b6c4b0c962a347016f9ff74f

SHA1
1211124d493b27dcfb265c14b4e5bdae6660037d

SHA256
fa4cf693870ab365b377c7f575d5266aa064ef9f93fa15b75dd86c4565c5777c

SHA512
cbb4f4202908f0145ec58003b2e17a8018976f55a88c3a71415c160ccdfa29d3544901455aafe08b755d38128c4adc83a364718a773f35ee327e26cb02e2f372

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5830a765baf0fae2f7d44f0204cb3245

SHA1
5fe87eff82a85d1383961c1530e0d0042e7f64a0

SHA256
77b0e853742dc70a963e6fa66256a13afecb312c966aef693ee0de33030d4a89

SHA512
a2468d0493ff43e578baeb39e30c0a84a4fc91b051e576218bb475da4b95ebebfa8daa3247b4b4b9b2082045a40182fa4fd885fb96814fa2e8a99c3292e2d6a0

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation3937088899109937363tmp

Filesize
569B

MD5
9782395e9cfbfac24ca79dbd6947b741

SHA1
63a76dedfeee94f327bae68d822ae4f3ecec03d1

SHA256
449a27b64de6611f153ba05e4c2a73e44de983279ab05a5ea1560c61edada497

SHA512
d611b3c5a4983c60b3df830e0cdfe70a4df3d816e7717eaa5db32aaecce08070e76bc12bff87fb2870776ed629688ee3f222b13800ac354bc64ba7c6d7d8010b

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation7051090137778620602tmp

Filesize
90B

MD5
727ed7460c5f37b4b471f0f9d03a79b8

SHA1
1299c2e182a8460510d728fbda9d53bc9d77e1de

SHA256
fa70e87fe48f6a186ffb12fb5a459edf5b1de4252c00e83cd7cc1e6705194d2c

SHA512
f40799712979ce46291e68a20784d7deccc5533c7427ce423c0e3772a6bc90e96a905e9934fe2ed3b54564bf6e4c3aeab7ae750c4771cb17cf3a01527facb285

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
fc359ddc13facfb861a23a3263fcc574

SHA1
678fa2bb23c27bf30585a84a422615ac904c714c

SHA256
02122f83b145eb3326ec0a62ee0145b977c5c758ae8cbe39c066f24ca13245ea

SHA512
dd5842fa595130d90a0d9a3aa7e901935c8ecde56a150a0fe8931cd08f9b36680665c82f0e8b8eff05b219234a3fcc48678072ba32df4df8ef5fdbba9fe61bf2

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
bd0d6ccc417dfd8a4c98dc6ae61032f2

SHA1
1f6428a69f6677bcd575fa0bebbaf7c23ce6bb80

SHA256
227fa47f94938e9cff04f1cae86f91ab3fda79a0382d720b81419ecae3c35792

SHA512
3988db3479838997fb6d439e0ee9e4b635fadc57d23716ba1f7607272a380a2df30fd8e048e18b47f4da4867f55363ea410b08abe054d9fbcc02e98b90a12743

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b4d556f864d009c181a262cac9527c6c

SHA1
1a5df250eeb1dc90691cad5df52be55393f090e1

SHA256
a5e3a99fc28ce1d3d8d1ad047462d709c4117cd9ce93436d58f6a7410676f0b0

SHA512
303a116e24728d8a57cc2247364f0d136299ffe363b2cecc76adf51f918acb89cf4ff280807fbeee3762968620a357109caf2bf6c002f499dfb6509e97ae1f38

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
0da68f07798c79f143dbed61eadd48af

SHA1
eb6bd57b17edf53337f7ea17c4da84240f7564ae

SHA256
30308d3fdf423518b1a9cbb023d0c8e93b81b9bd381edc5ae5d944c81e61c697

SHA512
5ffeef94d326d92bc14f903b10dc9f4be209604bb61984ac740b54accd701f3142d1574a8b212638c85937dee9b7d96c54675d70e0474f832926b39426112690

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d14ec8ede4669604491aabd31104ef41

SHA1
d51196265b9bd9291c66b9fe03a8c86966724a61

SHA256
8272bce47d9093d566a681fb0e9c1105039581211ffedf9124baf0fe49e558fa

SHA512
cd63050c3618f4c621e64f82ea5b16c7093125c279a13281d25e6ebbcab581559cd43dce7d4eb6a8fa84737d194224452ded9125f4bd284b65def3c4171b1d15

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
11KB

MD5
f174b753f71c134f2b8792e6c74c3151

SHA1
ac3f270bd168299c999b61c9f3bb18854c5c8adf

SHA256
40bb881a543ceb184c65c710152a96d2132db2f4eff49977c2ac9232fc332e19

SHA512
a26594795a50008619bdc5e369cfdffb590fcc588ba0bab55b3154191d5273241bc4c25b2b17ad4e8ef3680876e72b0b878e8e9e5d3e8e2e164001aad053d36d

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads