axbanker | aa359e67e5ad3fd36d9487b30fb08d7a47d66dae31edc7c4f32cdb626bc3228f

Analysis

max time kernel
65s
max time network
69s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21/02/2025, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3576766d992b7c33538a39ae246dcdde.apk
Size

7.0MB
MD5

3576766d992b7c33538a39ae246dcdde
SHA1

7141d8f16a509cdcf0c8ad20e0cce321af094cb3
SHA256

aa359e67e5ad3fd36d9487b30fb08d7a47d66dae31edc7c4f32cdb626bc3228f
SHA512

4bdc5acf901e568c5c64d099bc5c2b4d7d9e770e649b1876305b4420f2a0044c3f4c0669306b7eefbdb131dec9c9d865bb34d6194087d6f62c36b5c849fd6965
SSDEEP

196608:LfL/hEh5MF+rrAMwv2IieF6RoEmLpolMYCF:nivMInAMwvJieF6K3LiM9

Score

10^/10

axbanker banker discovery infostealer persistence

Malware Config

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nekki.vectorer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nekki.vectorer

com.nekki.vectorer
1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4250

com.nekki.vectorer:my_process
1⤵
PID:4291

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nekki.vectorer/cache/volley/-758317104-590220981

Filesize
22KB

MD5
82c5b3770cd707425a0f3029af3a65d2

SHA1
3e0c345b7f886d9d7180ecf834a7a5dc043d3f71

SHA256
0517fa6b202f158337a3c5cad8669733dc3ea6fb8898581ad5b947300c80b811

SHA512
432f968df7b089ed194b113aaba30b3740244002556ba09f612532d14b6783920a69da850d96b9416a88b0c2e8c42ec50e352b0ef054f47a28c1596075a30ba1

Download Submit
/data/data/com.nekki.vectorer/cache/volley/-758317104-590220982

Filesize
22KB

MD5
afb5d358b0fb537506653d36d8c4678f

SHA1
f11d63bf13c8dd887882eaa9f3108e85b4fff791

SHA256
2e8f2a8e8ef2025605a7d47aff3016420df1e39b22fe603a49d9a123836ff131

SHA512
e6c0d626168e16532a423f3eecdc0a569a0008774807631d83508b9ff4f6ede894466cf1be7487cb3023a72411e92f56bd2d063a737a391cd9021bc810adb730

Download Submit
/data/data/com.nekki.vectorer/cache/volley/140170683371476312

Filesize
22KB

MD5
8d65adc4170fdcce420f6333c3eb096c

SHA1
aaf8b67698b19b793501ae5a32a8fe5fb4c9263c

SHA256
2f75157ab2652ff0a96a7f16580d7ed263d71de41d500576a2e7eb59030e983d

SHA512
35248634418dd976b4221af2993ae216d3ab6b5dbc13f820216c9d077e9dcf852a81e524600142d6dd43d4d511848b9943c929f58dea8e94ef3707dd92f4f2c1

Download Submit
/data/data/com.nekki.vectorer/files/profileInstalled

Filesize
24B

MD5
43ba75fff84945b37350298c14c24175

SHA1
cf26818a471102172e15ed46b8f60090f591ca31

SHA256
49ca51f880e141f977dc0b6e25fe1d659aee310a68c92d25ded091d8a82eda45

SHA512
edb6a9b1637354c09b45e5af73904b00fc281a121a4ba8fd31a885948020649a10226c885d3da787ef4f9d9a10555096092a29bf3cc6bb10f6d6abee3f93bd4b

Download Submit
/data/data/com.nekki.vectorer/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
13f3eb2a132e362c0681b395e6be1703

SHA1
02e7a1a0758a1f7d23fd1c8574dd0af1a4307af3

SHA256
c29a8b4cc08d2796a6ba012d64710945116c92dc34294ea8e01fb2ee1f476b46

SHA512
7d2ac0982cad48f89157386984a112da7a52a96980c12afe3c9b2ebf36ece7a11334cd4c8440f0c951e16b0a9722f499dfddf70c82ed66bc29d541d10362f7f0

Download Submit
/data/data/com.nekki.vectorer/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.nekki.vectorer/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6405459da21acc94280305ec1be023fc

SHA1
61c947bd4aef3bed907a7622465a2c3c61942dda

SHA256
6c04b74c328df198a65c253254fe948b9f85ff8c1fcc19869593dda613fa09ab

SHA512
030c362e53107d1e539943f63a310e6838e27262d511affffa67f7c14bbd89b6eb187b6ab143783b5b7ab442b3aa2c7e00d1281056b9c5c40b608630d067ece2

Download Submit
/data/data/com.nekki.vectorer/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.nekki.vectorer/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ec83453913d5d500f75a791642171864

SHA1
1f68132a3d3af8db8499a5b4a69adc8999855c4e

SHA256
b73a2e417cd52da5c913aa3df7d3314f30847c86a4f27bd28c51818d57249c88

SHA512
0266f4dfe411972c62b0c0410a2c0ee5e97dc1ec0ff49481d63d68b31fdeff1afda6b6eeb243ec6af29335edf8447f691f1a85f053cbb2c89e9a9eab09a0b108

Download Submit
/data/data/com.nekki.vectorer/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
f228bd6559a9e907bbb5a18ae4af3980

SHA1
49de790785e5c01ae460dd47d4c22c55a301a0af

SHA256
49e71dc31d83c34654183ccad1aa93a45ac70683c2216e597c63b94cce047884

SHA512
c859931e4072d9be2f5a92391423c797ee246a095cc5e98563ab0aae02fb902d9b9e38161c34cd1a9cc6bf649184f8979f170ce92fb79cbeeee7881311c2c7e0

Download Submit
/data/misc/profiles/cur/0/com.nekki.vectorer/primary.prof

Filesize
9KB

MD5
92094795cc78c2d382fc4e2bab435ffd

SHA1
2ed4bc271a45890c1664c1d596f94dd9709f95d2

SHA256
37b5a796dcaa7fcbe56d8c96a0d7db9e7256aa83e026ffdb827d4b0bae591e0d

SHA512
5227e3ef336376e8e86955fb90a92306c080d299adf404ebba2dcb779926c8ed4d1d017e149d18f771fe3f2933b7af928ea1ea047d66fb03e3f6d1f3df6df42b

Download Submit
/data/misc/profiles/cur/0/com.nekki.vectorer/primary.prof

Filesize
2KB

MD5
f7afde2a923273fa6f80694da3ef6c52

SHA1
35a266a58b56d598ae2834159459573d0e89798e

SHA256
cffe486ac802f9e24408ece7040e0f77bca3be212e02bdd8dd243cda4af597ac

SHA512
af92f03ffc229b04dedb9b38c346879e677596cdb1b59933946753b3a93b205ca63ef3e6952178b88b7e4892292a7fa1998ec00397fbcb846a9fab9bb7ae1052

Download Submit