axbanker | afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc

Analysis

max time kernel
299s
max time network
312s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
21/02/2025, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4976

com.disprzs.hdfclife:my_process
1⤵
PID:5141

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a7dccf9a83c2495e246bbcc1479322a9

SHA1
5ab03155f40eabe0653c1a7ec889e8d82eb74711

SHA256
661d737e564168aaf5535c9cb3a19e9131c7204fe67704e553165aaedb631a4a

SHA512
39d57ef457229048c2442ba160f52e1d0c0089e53750ac85aeedb070eed21f69bb2399f3665ef75ce9f248327639606d5c57e0587d2bb5336aae3a60d3dc6918

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7bc65653be5835e55a45a5e8786513dc

SHA1
2db681a7c1a9606a1a19903c887e262c42e4c284

SHA256
a5fcaaf247ca99e1a7d73d4428c0ccaa7b11dcebcc0b5f401e9480e4a0cbd988

SHA512
890589a633d90cca26b581bf0de22da5d4469601ccadb017de5bd177c2068b11fb6e110320ceab6475daf0852d6e6a9b13171e663fbe4c845cb78b711a95a5af

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3243cf3cf441e728104f48ac126d45fa

SHA1
1580b2b7e1cb0193fe11bc44692e89a34f180bd9

SHA256
b9542ba86c6c520d903e18cd2d82fd902e4812d326899d2f767bd7fed7d4f42c

SHA512
e64e6791fc69518fd12cd40ae530e2b1a4c50e520f711c83e8d243874b16f840e8174b96721a3f0d0328da86382ecb9d42e65c1bc81a0cf4e3492d6ebe3e6a87

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
8fec96f308f9b260206aa8078297645c

SHA1
2024bd423f27d6cd79a42394361d9588daee95db

SHA256
79eb2de0d4cc6138cc02ec87db407a4c65275a4820e8839fb6573e6a7a9e1e4b

SHA512
5f08f48ef3267ae0235163dee3e194d5360e562ffd56683463cccbf50f70caf1c332e957c2c57bb1f72df84fc182a37b6e351f27a4650acb3305f257f73fa674

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
96397d456cdabd74d321eed8930a07c5

SHA1
335278c2a66bee0f6ca3c0f44158884f76868b06

SHA256
2209dfc9946a00cbf0728da08772b5f8d707cb54dfb65360b8b2644d169f8067

SHA512
2fda1f6e650bfaabb754b9bc1c822b195bf38874a5e6408b2430fd35bb7023e5b7bf19bbcd07fdeb05bf399bca6c8bed58c3854466f2d76278e1bd48dc1c5cb6

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
188ee196a7ee7b872cb1ae4a62e48f5a

SHA1
10c9dcc573182de5bef4338c03a2c0ec910ff104

SHA256
2b40a59cc1b42d4bb67e6ebb8bcfebadcd8b806d1dc191848ed1db8fddbe66e9

SHA512
3a493d87d64fb966906e4e1beb7e8418f40afa47b5b3845d40dde083da442c13fac58229c540c8f818003839cfff99d91125a8e220b0fdc33ece50b1fa72b540

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
dacc636831c3a073a6bf0f5d91f0d7f2

SHA1
bc8aa09af5eb78c41ebca7c70ac3384751bfdbfe

SHA256
3be4f2fd3ae18f201eb144d56e6a8f022ff4afd61629c5bfe856e332e41ea2ef

SHA512
9bb43682876810ddf32208f931544c6492551f574c0eb9bcd66d1a1382032c9a355979e5a3a12538797b094725b114d4addd1c70cae91eb4a050f8ca9053ab2e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5bf5a8d4b2b450de80fc6ad2c522a36c

SHA1
d7758e6563c89cfb7c0180832d5cccf2e9f9d4c0

SHA256
37adb493283dcc04c54559e2c910af5089c5f0d9089129a2d7f59749d01a6267

SHA512
a3ccda47fe8167d8864474e259f8d345fdb4a0979702465d390d0f3d2f163df33c41fd57b429804d0fd67c422adf3b1f2c94a7ec5483a055217ea8c47d23be8a

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cbd1f6199fa494a953b1fa535e641d7a

SHA1
668a27986457da8b5710ec0ece2279b729b0af1a

SHA256
b0c771a143e41051a40346e30fae61c3ec43af4223937b6cf78e8256e9f92830

SHA512
45bd27f7bd48e1d368d6277ef87a328020e8223e89e969a999589851138e0a70acfabc989291523e7d7276e6bbe4b88b0686d0cca2dadfea2cf1f421fdab0b11

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
413fe8856d49fa12b55dcf8a9ddc4eb3

SHA1
3ca8507a85711defb53296d1e0feabb3c7243f6d

SHA256
e133864559e3d5a7fc2d45b081d21da65721ceaa725d5f4920df032e1395a35b

SHA512
4d33faad69a6f6540135ae5e3113430bf5118a902a03689022f02def163bbd82dbd8e6850a0d1db44d1f459c8822fcad3445a63dcee1caaa83f7ab0713b86449

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
555908414634be56a6661fef1103aaf3

SHA1
5ba5fe939418245c36bf3753cbfb22db83b136e0

SHA256
2142c1744b89621c871b01b34fa4d8132b534ccb1585ece3539f306316e56b14

SHA512
7520f0906cc36478d7dfca257ab8591e03e22ace138dc08601f427c718780d60ed6e7752bb61d4e57e343ffb47b783b654778238bd2db3bddc800667d661794a

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6dbc3805a215a8edab005a0e26c677c6

SHA1
1035f5704790e2bb2521446fbf6f9e9c18fe8d28

SHA256
dd78e6ccf9ab7300f9470e27dfc11a9c3ea62e361c3a3e2cb1c2d2631843e702

SHA512
0c1044323a2787579508b5fd04e38514017607a6ecdced71e00119900b836e548ee32a50d806c586e612d2dfbc65fa4f8958949a22e9b99364488cbc04ea5ee1

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation3047175510380809693tmp

Filesize
569B

MD5
36e9675db23c82bbd1e04cda9ec71772

SHA1
9c54706f9291de5735346ed280c61501c31862ee

SHA256
7214a8cd4adefc49b06faeaefe2065ca399b6cb6563af0560dcb328ba2c53417

SHA512
093c2075c6c9e034525b61a789bc658f2ad55ef6098a31df1ae7f5c57bad3b54e75e018ff0403944e039045fa8fafbd15ec5b6c782eba5085201a9a8097def4d

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation7691365537461017187tmp

Filesize
90B

MD5
e9d717971944988864fd3c55f59b501f

SHA1
dbfc517fab9b2993c723a37dd5d1974fda9514c4

SHA256
672971efcd4f905692a9b1c6ac334673412bbe87ff82e4efc5474c209fdb3133

SHA512
4a06dd050a0ec541ea8780e97791862f2b224dd4bcbf221c0f4aef743e5611f676ff184473f824d41e909a0065b635e06852504fa5acedb241cda79a3544ef0d

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
02ad2838ea9403277fc34cf3f6bc0357

SHA1
a86de7df348e53c41345a37bf40099e08aa4a4ba

SHA256
2f9b4dbffe9d2c3418ea2c08b621b4b6339f1a51842a7f98fcb28f29a03613e3

SHA512
2aa2cd73fd0816bdedd540baac39ba686df8b29d234a94112fe72fa8c1b7ba10798bbe98f6af74687d42a60107b88739f391b8093b0d776469cdbc17a3e8e637

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
5ec67cb0a6d880eefdbe2c4917a2bb2c

SHA1
9daafb8701ca03dbe7f76a76c3052f29058b335e

SHA256
5df3addc58ac522b3e23d6d4cf6ad0721e6b0e518932ed7e1963013b42802680

SHA512
e992dae1c1c0546f7d29fcb0bada4fc191e4127cad170d1eb67093989365a8919f4f8e2778533897182eca7011d7d425dc256b27daa25aeaa3483ddc5616559a

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f2f9bece022a59dde31c55a92064f8cb

SHA1
884585ce2cbc66505a9059946c91ac329e73cb9f

SHA256
0b069a3f54a89828158b9e5a7130e1cf15b48692ddbc4497083f0c6b939ac29a

SHA512
7b20613f9b8f3028ab5902ec993a11f720f7e9aa7d5b50cd206189a8f6d2bd32c9bf177b1774965bb414f9b45be2c8231a48f355a0a93e90bcab01000867a82b

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
29468ef3d94b2c5023f4d0af0a4b8551

SHA1
3d87d5639be4216829770ebc8c853ef4318c1e19

SHA256
94c313e34b9e909c248c7220e630ac7fda16a5a01aa3f0606b376c86228a3c9c

SHA512
63b665681df9a59683688248cfc6f8867b1bc6e8ebd22a3edcf170330a43dcab921f46c64d5871eb3929296968b1014bbc4eb829005ac347c02fb8a8f66c2c4c

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
2a6193213d84ff312002175c80b0cef2

SHA1
59d0a84668744b94a5344d94d7d4b35419efd10e

SHA256
25a479b8e59967088bf8f6a5f94d462397b52ee8788b7479cddd0c5c4b7027ba

SHA512
667522145c1e0b901afa818d69a0996f622868a531eaf6581e8275aca9465d9d936ee0b3b9cdf0e68d5a02efbfc53be8be4cc93b1bfe01e6257cbee257ea1ac2

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
11KB

MD5
16e1bc8e92217e83f8965e32bc3d7303

SHA1
83aac18fe3c5d6c19df0e0e5897d72fae8b5b3f3

SHA256
d1f65461f121dbb62fa046e66245614f3a3a12cdfeca1fcd1ad545e7a07813aa

SHA512
2eb4316e1f3db2b6bd60655898c9aa00b6e3604e3e448bb27f5eccd07c016e3a7071dafee1b03fcd289a77f7c288c91d1b0de69dd1384390d6550325c7fb195f

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads