axbanker | 9dd601fca2436a82a61453216060c0e0b0e4e8fd6c134ddc5d70db70c214f254

Analysis

max time kernel
76s
max time network
82s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21/02/2025, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

485fab3ac27b6fd3ca570c7732bf31f1.apk
Size

7.0MB
MD5

485fab3ac27b6fd3ca570c7732bf31f1
SHA1

22d587aa9ddb607d7491af1caaaa52788e53b455
SHA256

9dd601fca2436a82a61453216060c0e0b0e4e8fd6c134ddc5d70db70c214f254
SHA512

3aa4bcff7cb046b36faae0eb26d9e6f5660dc42557f6b62ee1c89cdbc577bc18baeb6ba0551a8f810253b5943b7eecf7251d5b217061bbf54267f4339f8ea936
SSDEEP

196608:sB72QXdCqiiHp8pxGqvTyAGIieF6RoE4LLolMqq:U7xdCqhHp3qvTyOieF6K1L0Mn

Score

10^/10

axbanker banker discovery infostealer persistence

Malware Config

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nekki.vector

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nekki.vector

com.nekki.vector
1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4242

com.nekki.vector:my_process
1⤵
PID:4281

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nekki.vector/files/profileInstalled

Filesize
24B

MD5
14b5c5e60e287486f381613ea3a0f3f2

SHA1
0ff18ff849e0cf54f8d35f6e05791709ab3e558d

SHA256
c59596f20f7acbc98cb1bac97af126148e8a703b95869fa82e4304f42432491e

SHA512
4faba52cdce1c105a9e692ce8dc3d6f8491691cdbc0f8cfebde81e1bfa5eaeaed07f55fb04464058a486e4e04e0f1fb9a1675e8c10de16c988a0f488bff3bbc4

Download Submit
/data/data/com.nekki.vector/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
ecb9da3d32e180e3d24a872cd9e8b7e9

SHA1
4f4348e1f876c143ce16f29b5c78a4b4d6dbadfc

SHA256
027e1a084a2919de1734cb25f903d3f0302bd8e61131d69d161a1fb02c5cec82

SHA512
9a2f40657a5f9f1a1f0a5eaab0cfb960f0f68e44e3ddc2236e100b59d4977bbdff8199a7b4092f3e382e307f8e08ba03785fefec59dedb7fc420c4c1a0d389c3

Download Submit
/data/data/com.nekki.vector/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.nekki.vector/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
988f53884949987790dced8963ba9021

SHA1
e7775c7ec9f58bc24c2958c61b1fadaef9f0c6cf

SHA256
a0d48f9253ed6bf9dadb110c35b0933cc51a186f097b4be401dfaad7a7a7eeab

SHA512
3afe198e532f2f4fb1ee325747e62a1de6a1b6db886b49f670445732cfbc299109f6f4f02100b708eefa7701fc0f495f54fdd724945f3bb6f5bfa4ddf808173a

Download Submit
/data/data/com.nekki.vector/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.nekki.vector/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d5656274e141e611552794863158d28b

SHA1
2eeaf89418e448c37909984ccf1a49fc8f00e7aa

SHA256
2832653b2ae0c1f5438c2c721fc1985c24d35057cbb5b7c1fbb8aa9919e248b2

SHA512
069655672dbd781a6cc702a0dfb10eb7ef99fdab1617635eef98a017d2a9539cc43446e41dfdccc40c068c7fcba1a46410b6d68747005dd5ea72b31d58aa9653

Download Submit
/data/data/com.nekki.vector/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d09e3ff02d7caedb3b986a5034078612

SHA1
3d118998fa8ee53d9681b6b334d8dce3cedcfc9a

SHA256
434073a9bba686079d38e572d35eda3842f1f59fec8bac425ef8a0b1c17c6582

SHA512
37f3decba6367a1ed76be3eae34f5ac94b5e8a6104866b159c7bb46993d98f0c261938b7a2519b50c27579b77041e25b7d3eb535a2abfdcfe09722e524f074b9

Download Submit
/data/misc/profiles/cur/0/com.nekki.vector/primary.prof

Filesize
2KB

MD5
d14d3739c3da97a35ba6cad06e738b6f

SHA1
f6cad3d865a7cd304258696208e9b7f7f433884b

SHA256
48f45a96b587bf5dfd6033832a1c3d601988027a1a9373ed70479babe8b223e6

SHA512
20ac6960896b1936cda459059e00966af0342cbaaf03eb353fef9f5e6de7d93ac92dd0f7bab61431f9eec1fd475fd5bd173e7b7174b8c18a65f04ee2d01af79b

Download Submit
/data/misc/profiles/cur/0/com.nekki.vector/primary.prof

Filesize
8KB

MD5
b3e00db0c4e96f72dbaa9baebd68544b

SHA1
bf2d291c040c4c481687e8c047d8f247f3f9120a

SHA256
86e0f74c05c5ae78257a23578e608e724a2e3f7cf9e52f8061c0a7ad4529cdf7

SHA512
5249bf9f5a7a3f8de39bfc5981884584fe920519b55c533ce4d4feeed01356c288f9077ef5fe2f8561a47bef1f24bdfd52af2f4609ddc77bf767c773e02194a8

Download Submit