axbanker | afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc

Analysis

max time kernel
299s
max time network
311s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
21/02/2025, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4624

com.disprzs.hdfclife:my_process
1⤵
PID:4744

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e4494f278cd1185f2625e6d51257e219

SHA1
0e90b9985ab4d141eae5f9d9cb59628e9369c56e

SHA256
f2a742034a2aadb8707cd5191f9b075f418bf1ce14caaeb72ff7e25a03f14922

SHA512
4d0c394c932cbe70f3f0946158a51d25a592415f2a3fbd02b9146a5c3cdc6c0e9bc831da68c9e05b4b6e24aa2a5047ee4321e04d8f86662d0a0500d46935e88a

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
54703c03f3d04fb2c9fa10d169c3b1b3

SHA1
fe87716fc8be06c8342b61bd242ab8cc70e239a6

SHA256
4dfae696599971ad5b131a6774cd7c29d4b8e2c98c0604447d8c6ccccf96c5e9

SHA512
9618b5be7bea9a8a0ca5da734a194c78d586291628ab3f7feb3f3956e3bb5a02fbb917cdf32b7f24ecfe0f01079c9d33bc1d5eeeab5b6f582f31667e9840daa6

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9ecee51940dc7b7877f197dbec0710e3

SHA1
7ff2bd1e89e36b8153d8be90bc21d2e23f460e22

SHA256
92b113d42f5165d6147507aeb70f95d69948423dd6892c65f979ab4143c7a084

SHA512
f853bd512ff5777a27813e506571c270fd5c9f172f577f403dd231e74f032cbc88c5bdcb9add979c1dda53b87d59583231458126aa8ffcf891264322921fe88d

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
141ec27f9ae247281360cd8c49166105

SHA1
04d4dbf7555b468bfa45e11de32e5f25859002b8

SHA256
fbb3cd9f29f80e07daa115ee1851395305b9a3a8b3ce56a7aac1a7ded7eaad7f

SHA512
f0d0ac75a8fcd12b688bc3795a5f1c48c866bca2219937b834b7b2a8b84b9031e42bf2a13f8c69a9a8e6e2f328842ad333f1577ca7df1bed0f36896210e3acc8

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
69c941a47739350865e6e413019a953f

SHA1
993e27987031de9f50c2967516706a879825806f

SHA256
1990e82d4e9b9a8b843872e45c3e255520e0767c7918ae1501102e866221cfa3

SHA512
4ff0a7473c762f08dacdc829dfa76c97e6df6a3f5dc55069e9775c17162722bfa2aa36bc5678f29cc6d40a9928fc77dee5230e98e53d4bcd3832c471347656e8

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
45697e37b50ef259bfa1b7e62dfa5dcc

SHA1
9175e74ca000ab5b438a74df8d1dfa241accd968

SHA256
deb07c96c6d69c7d99fdaf7d885d323c49c89e6715794a741b615bcd7e1d6b02

SHA512
d7ba74b496a301b6510271cdb5fc2b79b752eb8f321318145076725caf65fd408b2f88577e51a8c7fdd026328b8fc195afb10b1355d4ead572bbb76785658d75

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
179a47aff8034bcdf64a5f41d3a7b9cf

SHA1
5173213127e93671316a1996fb19b67fd96f63b1

SHA256
44d38fa1d710222c565bb21e62c05f6f0ca443a97a402da3bf498a2873f6d1d9

SHA512
8ee6177c6043e7b311dcfffe403905afed583f777807613bdd490ad65eb69d24d009da05e06ae458ed83ea91d44416ec12d1af5d826be35585777a8a3cbfeb7c

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f1b570be842c2ac48653b2109963955c

SHA1
ee39cf7f970b8115fe331df7f88c19c755298d7f

SHA256
0399704d4ee06cce28c37b76ecf3af17f32ef690308934cec50ebb31d896a15a

SHA512
f48e72e0d66b9ee18470447e5e843a9a33d9d55e0cab1555ad969d5bdeceb2ab5951e433016b4569c905228d68c361a234eec341c43fa705cc7b4c4959a20f59

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5a834ab25eb1187bd5a74cc9f1d97a1d

SHA1
ea810413749452ab03d3eb4ea04bfa05721f0234

SHA256
175412a0ec01952ce5f4e4fafb18e3fb0ffdfff65af4b8bca06cbeb06eff15d0

SHA512
de25601f27f04c28ac1d0732b57bfdc4e81e521dc2a51d70bbd39197f534d270869bbb95bd13e6ba7b50e4a7d395e0878a957632262a1c5b6cd8d1d82eaa0a70

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
84d8bc841b6c8dcde8ac3c533c50c625

SHA1
2a9a810feccd5ec4fc2837f07d62427e2336b0b3

SHA256
136b8480f1d7cec46c3c2b4fc625e983fb3e231daffbba5a80afbbcd741fd757

SHA512
2df51de63af0b33433652aa6f3ef898d792de7c40e7e62bbd422d8d5c828dc9a6dc8add4d1d048995fe1c39912379b7a9982ca3b75332069b694c7d8fdb0cf8f

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5ec447ec0afde384c9c10d77a35689c3

SHA1
9a0f55f1ec0e7918e3fefc9a64bb87d739868be0

SHA256
337ff2c0e71f12d7cba7013ae81433957af58ff2f57c1332889b80828430a54f

SHA512
612382426bc17df3ecba95f2c5ad03c0c27a7aa18277ab0f1689066c5118d5a545addc1cb8466cbe89861ae4bcaa62ebc97fd3ec2ee9641a18d95711bf7d008f

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
947e24773623d643f17ef03a54beb62b

SHA1
af9d5bfa07238c2aff36b7a00249b9be59630301

SHA256
4333f3bba9fdfd1dbff5d9caa07bcefb1cbbd5efe4e1c3932009b44b8e5546e6

SHA512
d0d125d78d1afdd1e935aaba2db33b956f4bef49b7eb7e7f7df53a55298d53b13c86b1b8c33a3978bbeccadc11f02da9f34eb8d5fc500bb44a46c96ab6c4806c

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation1403923537800180892tmp

Filesize
569B

MD5
3b89f92fe9b246f8e604df17be7adc0f

SHA1
522753a4475803a4d8f5a42ca70dd2df7083566a

SHA256
899e7e445cdf6785e095252f6a60f81140c52ba825d6f486d566754318d2638d

SHA512
74eaec508cdb23b4fadd087787bfc619a04bfc7cbe4d8e53a3c5441aba75b400325b12f1aa3348424557b9068b43f733ea5035c826e40f4c305624fc1b300371

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation1470729426850274973tmp

Filesize
90B

MD5
87fbacb96b9e2bf60d530ae3683f26fb

SHA1
53e020d0fbb6de0c9b9a1861672cc74ef6990b49

SHA256
660a2f5228e62ab100875d28512a1009f8c1c1aa17971de040768c081d2f8bb6

SHA512
85ff2663cee6346a6fa93e5696429e075675da89872e0a1e350a1b4300d665bb79a5d53885fef3825fbc59a53393a8d492bace57cafc24205f554046c22684df

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
c9a206bd16ad9d1c1b59c93f7e0b2f54

SHA1
0512689f1d4e0710214861cc72adaaa5daf9ed63

SHA256
93a3dcd15174904017db3bc9fc98a47fcb5f05d2989757004a128bb3840059d7

SHA512
2cf85819d1a7461b99426bc3b97b185906b52af1c8b33c745c68c33034c71d80ecba09e0e1616ea5cd5e52dd55ef7632076f843ea1c59ff00ac596047678d3af

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
403ee6f44395ca4a29cf8ce835f7bddf

SHA1
6f5bef9f07a03513064c7b7d57b5a35442acd0e6

SHA256
6a82d41d9ef88e6738cafe93d77bc3c55f2047911f1861e8cfb54eb40019f078

SHA512
4be1c5e1b9a84a9bfaa800bfc92b679ff1c9b3944503c20a4c877b1ec6dbd30405ed9498ddc29675aaef909e349fdc0a64660ae10a5e3ad152ff209ea60e28b6

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e102711006dfbc39bec27e7ca210f203

SHA1
3c8bed32faf1a354476d4e9b755231bc8c24ce31

SHA256
1dce1d781c58c3899c8d7c8226f02c88296033ae69b5f2c31d4bd5dedbc1d48b

SHA512
244fef878e4dcb4947f70994d795930e379c5537de18cce0aa5d5317487f95fcf189bf197315617ea1f05142aaaec8d9d17fa32169d78f82b6f292a2d1505171

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
154c7e2e7ca882d19676062c02b8f9e2

SHA1
599431e816c977888d5ed59fe1fcf66a8e0465c5

SHA256
49bdbccdea8b2e1d804770a30ddbdaae09863765d5b9081d895b174504a53e1d

SHA512
5d71ec7b3d69e92c22a86cbc012d882abc04e4e92f87b095e01a87582705c30617707be825be498983eec952583493c38f8b0bcc0fcc7d65c627accc3cab6d56

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
25B

MD5
b9d9e0f8902d129e1aeebff0ae7b725b

SHA1
cb0d2b4c9dd60a5c1fc6261fb581bcd3416fe781

SHA256
25a822139d06016af8be1296c0242b60e35074f94c713e03323636be1162ce91

SHA512
f158a9dc753e0cb41f71a98714ff02198c576bacdd792a6153fdaf6f9a7b52d8cfb6d09099a269d0c1b0d31e2ea5a307ea1db85115bdc6797887a6de36d597f6

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads