axbanker | 9dd601fca2436a82a61453216060c0e0b0e4e8fd6c134ddc5d70db70c214f254 | Triage

Sharing

General

Target

485fab3ac27b6fd3ca570c7732bf31f1.apk
Size

7.0MB
Sample

250221-h1mbjawkav
MD5

485fab3ac27b6fd3ca570c7732bf31f1
SHA1

22d587aa9ddb607d7491af1caaaa52788e53b455
SHA256

9dd601fca2436a82a61453216060c0e0b0e4e8fd6c134ddc5d70db70c214f254
SHA512

3aa4bcff7cb046b36faae0eb26d9e6f5660dc42557f6b62ee1c89cdbc577bc18baeb6ba0551a8f810253b5943b7eecf7251d5b217061bbf54267f4339f8ea936
SSDEEP

196608:sB72QXdCqiiHp8pxGqvTyAGIieF6RoE4LLolMqq:U7xdCqhHp3qvTyOieF6K1L0Mn

Score

10^/10

axbanker android banker discovery infostealer persistence

Malware Config

Extracted

Family

axbanker

C2

https://icappstore.co.in/index.php/api/user/step3

https://newax-d7dc6-default-rtdb.firebaseio.com

Targets

- Target
  
  485fab3ac27b6fd3ca570c7732bf31f1.apk
- Size
  
  7.0MB
- MD5
  
  485fab3ac27b6fd3ca570c7732bf31f1
- SHA1
  
  22d587aa9ddb607d7491af1caaaa52788e53b455
- SHA256
  
  9dd601fca2436a82a61453216060c0e0b0e4e8fd6c134ddc5d70db70c214f254
- SHA512
  
  3aa4bcff7cb046b36faae0eb26d9e6f5660dc42557f6b62ee1c89cdbc577bc18baeb6ba0551a8f810253b5943b7eecf7251d5b217061bbf54267f4339f8ea936
- SSDEEP
  
  196608:sB72QXdCqiiHp8pxGqvTyAGIieF6RoE4LLolMqq:U7xdCqhHp3qvTyOieF6K1L0Mn
Score

10^/10

axbanker banker discovery infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Queries information about active data network
  discovery
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

axbankerbankerdiscoveryinfostealerpersistence

behavioral2