General

  • Target

    6be5f03c8f98c80241c9c9d8a5348ffa.apk

  • Size

    10.9MB

  • MD5

    6be5f03c8f98c80241c9c9d8a5348ffa

  • SHA1

    bdf5336de045f3cf4cd49bbb972caea0cb23a07d

  • SHA256

    7803edca36272a0dd0db6c92a15d75a7be22d6d0ef211281520f40336d74c925

  • SHA512

    3ba3f2991a69ebda0177121892dbbfe6187c123ba833847143eefb76fd6abeba9681a48045d1bca843e434c37790e62b5491dca2a7113aef8b7ae24ece6071c5

  • SSDEEP

    196608:ITR2F27PMY+dTiDDOnFKwsF8jeOL5vN4z1sBcDPvI0Is6r60yWY4KHqLXn9mkoJ0:6RMMDOnFVb5vyJsWDPvqs6r60CJQNYPe

Score
10/10

Malware Config

Extracted

Family

axbanker

C2

https://icstoreapp.co.in/index.php/api/user/step3

https://newax-d7dc6-default-rtdb.firebaseio.com

Signatures

  • Axbanker family
  • Declares services with permission to bind to the system 1 IoCs
  • Requests dangerous framework permissions 4 IoCs

Files

  • 6be5f03c8f98c80241c9c9d8a5348ffa.apk
    .apk android

    com.nekki.vectors

    com.nekki.vectors.MainActivity


  • app.apk
    .apk android arch:arm64 arch:arm arch:x86 arch:x64

    com.nekki.vectorer

    com.nekki.vectorer.SplashActivity


Android Permissions

6be5f03c8f98c80241c9c9d8a5348ffa.apk

Permissions

android.permission.FOREGROUND_SERVICE

android.permission.INTERNET

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.MANAGE_EXTERNAL_STORAGE

android.permission.GET_TASKS

android.permission.QUERY_ALL_PACKAGES

com.nekki.vectors.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION