axbanker | afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc

Analysis

max time kernel
149s
max time network
155s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/02/2025, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4402

com.disprzs.hdfclife:my_process
1⤵
PID:4476

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6f98ac90ef5e90157589d5e516d88515

SHA1
dd45dfe7d21fcfa6aef78d3f7c86e94b89b8a5e4

SHA256
2b6baea43607e223216f9e43ab34f96adea415a2ffe36d8c6606fd5d05906f4d

SHA512
9ee5d727cf733c6ba4ff8a9e50caf01767bec90ae099662cfaf092ad31121e6339362a1b6010c04a6c1de360f549f6a613e7bc4a7302379eeee2e2239d4b7cd3

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6a926aabf510f74e54dd10782ba790bf

SHA1
7a372acb6ad4e991a78ff9f42d2aaf0de356cd81

SHA256
ad523d6a2bea4250e0483f30da4c9353a11dba7a73035ac3ca30b8931cce09ee

SHA512
585b2fe5546e164248251cce7dd4a0a4a24a729d9ae94674e6ab935c436fe98dffca145c905abbb8feaffa58de4c146146951801b76b4353aba6511eef46adc2

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
848b3c68c41019809360da4bf5c1579d

SHA1
8b1d931680ebdd8f51ddcdbf546cf6f51cd981b0

SHA256
c7ad158dabbd9cdb3b9f8eda1ce2432c27c21f4d7983ecdfa8025cdd4608bed6

SHA512
1c19e81e90d97d802b5b65b975e143ed7c1ea3fccf0c535bd8769e39ab388c1340e0896318633c681f766419da343c2610f4d59a3ed7129e4cc5d7fc3fb7be72

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0400658830677ce75e5f98fe02917efe

SHA1
8e5b9497204bc00e91f75940223e9938fe378225

SHA256
6c3db8424a14e3093c97bfc8ab1b525201da8e02dc76e9d419fbcc6136667002

SHA512
4264dc3969955389804ef931c07e214da5e5d7b7e755e59926032adff600d8c2394c0d8ba19705ea924f13a2cb1010eca7235508d3a465ddd1064d7f6a376794

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2e77dcd05acdceec366d93275dad30c0

SHA1
fd29150b74de0601589856de9ee17308efcccf98

SHA256
953910f1400f96563ca455fb89060ece3f0d4423ed3d1c2b2960463df3b5566c

SHA512
da742e8589de919ef58ff99ad179fa79a00c1e922fb46382cf3989f14741df0f28969c72c81964cf22f915033ba468ffdf5dc3ac678215a8785433241dbb6436

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e5e7845fa7a66c638d48202dbe9ed7f5

SHA1
781d44f2fbe31fcb83f06a58534687906e6baf7c

SHA256
5c36f5f33d0433e6ac8aad10a82ee74ff8f916036c7dca1c2f4d4a7b49c925c1

SHA512
3e86e204b0d00ed519bf56c7ad0c3da8ba12f2c97ef8a9bb152878880edc35636e8baecad0ebbf092c65d83e1100c60120981fdeef612c6227b46dcef83854e0

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f8a6f5e8072f4f9e1ce12f126a5d6867

SHA1
d6428b88b19fe1b1d1cf42ab8ef9b0f49f702bd5

SHA256
98e54ad2781e8f250550cac57ed84f1febeffd367c47a6b3300fd12db036a5db

SHA512
5e30fd5744431ee86a8aa2764133ab8b6d9f11f9c2ceb20d0a5dfb5ac5ba72f30a8711b0f71028b7114aa584683a2def06fba455ff509243c7b13a8c3edbc5ff

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
8ee5e60ba7fa2fb90e2e12917c9474cc

SHA1
8473fe7ce58b5fdae26d1443fe6d6699588e5286

SHA256
8807b54e5a52393ad83503f0e0691deaf2efcfb2a88aebce87a1536be2a02b88

SHA512
758e3cf736ebee23dfbe76c8f9fc2adb5f4bad441543331816237d1fbc1a3eac02289956030ae11eac0933f3af249a4f2d03a111f97fb4f23f6572f034c10213

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2d5b0d7ae7cd97802bf8d2e9d90e02c5

SHA1
6570e5bdfd0eeb269dfcc0af107270f852e0d6fd

SHA256
555904b7771649118bf75a2e3406b00c698cb5cd1321b1e043ba242fad40c274

SHA512
e8961a99268e4a5049c17747053523e6ee6280858088649b4907cbc156e9e839b5bbc94e0647e324a989cf74dae02683dacd7643d1d909d9e33e3f614baaeab2

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
881b86796aeb6b853bffcd5b87ce0663

SHA1
6623c0dae5d251997968c8d738b367f8e3af62f2

SHA256
f9889a8145f89baa4d4d5773a646c2ff97e29984d4ca88e515ca595ea2245256

SHA512
554c2bb4d78aa65f2378fd2c512a8cffc55f1adbdf55c876da6be0b90cbeb79576b62c56e3a5b185028480bf5cb3fa58892fa844a26f9e2dea9617d921467df5

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0c5b45825730fabeb1b489c621983610

SHA1
757dc2d1288a70de3765fa88e96ab3e317ae322d

SHA256
e798c13261d654603ab41bc59e10c49a13b193f1157374660a32346a9e5dd353

SHA512
b06fe606c52312e7706dbf4e17606e1337772c8ce51ec47dc7df324bcad8f354b99e0efcc45e303f1a7324bf5ad213599ec0290960845fa7e1901b6159d656d5

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9c8442bdf2ed4d08697ddd5fe43003dc

SHA1
b1656205449fbc0722d7dcdb17d6ea0e24439c02

SHA256
f9d6034e7a1d0d83537d9c89544fe31dda71e9a4d2c582b1066ab8990f03cc2a

SHA512
359bc181933c04102b0cf6e6ac52eea6f6754017703688b78dfc883a59d7de1205c6f5b9e3ea5ecff23e0af8fbaa875de55476f05dd311b94a23103a6614bece

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
5a3aa7bef00d5ec41f056298e951f7bd

SHA1
9f7b76ab5c0a04545fa5d2b1ea79adb17179e574

SHA256
5125c6e8755145ed8dc14492452661fa55a24dcec7913d2d33f282b67ef30140

SHA512
fa4233237eeb36cad2b6a4ff9db48c554a041c67ab591cf010c806e2df66e5b1411b3800b65dfe532ba1f85081044a29b09ec1ff55d5deb659f4413fa1c7d900

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation1095590505510201732tmp

Filesize
569B

MD5
94d84c84a967f2c6eee7420a98cc8110

SHA1
52b6216b4600ac9c88dc2adcfcc84f5293ce10f7

SHA256
2a36e5d71490f3b935060ac2e89a718050437aee8b3cd642367b6cc4408951b6

SHA512
d080b94bb863b3e6f1cbe7cbd0b94c8a3cda80e56c3a0bc1fc84036fd8edb2d5c28c9a4cd0371d1cc365a61565b0330455fc0e488d6cfbb8bdd088fe53af09bc

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation5106784264648202878tmp

Filesize
90B

MD5
393d958978aff232cd78dbefc086de40

SHA1
33cf8edee15401946866f39b05745f08ee6dec8a

SHA256
225ce6b361b48898d8ab1682f95c99933e139acd6b05ffc04b89c81646d88920

SHA512
9b6f59a94e9d1c29d6a135f69dc1201492855a775d45be9483f51066782fabdd2da50f8f95aa98989a81c2fef2fca90ae4dccb728d4353122cc29c1ab7050313

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
f1953260c72a2dfa195a018cfaf503c9

SHA1
cae533b3bef58c92cbfa2377c6a75c812875e1e1

SHA256
2ab0d292ca12636df6c4d70ef610769ef61991541a4368e99a88f8c3a0200ca6

SHA512
c87da68211cbc6b2ffc4f9c677361222bdde04e3f529e4c941781f287b1474fdc7fa91d42bd18fd764797fd6d753497aed56c152f3e551c0429527f49f9bf83c

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
578936bd19f5defcc2c4f86bb2866dca

SHA1
14226f045ab5ef1423f8951af25390cc7fca999a

SHA256
2cb65ee5dc9c707feda0755a4c854f2bfc9e5c7f5ab973d9a7bffa96550e1983

SHA512
75c6fd61fb4df312db2a3b010c969c9bbe15dab8255fe32d466ca2a2ad4697133e4430187c83c9a744248bb63ed54ee32479d83313443c85f2fc7a06e5614988

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
dbf7261941d4399f909074f1eb84901e

SHA1
71ab8573d6ef97b44b6872d711a1569a39d9877b

SHA256
fe576262f96709f3b874b4034359bdfb56d6f09ae20eb6e97918e2238b7f6208

SHA512
dba904db3fbef9d28d2fffda91d6b700cbcf2bae23b1b850d85f26c5e32f3bb07bccc4f4fbb810128b5190e1cb7ecd2618f0b998e2abbf9a2288dc6ab4e08067

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
50d34cc592be23c459cc83f83dd70922

SHA1
cdd373dd7a84559eefa104fd983569c6850f8087

SHA256
7f0bf2637878cb15cc18a7d3ae78b109db21aabb9094199394898ef10855c6c9

SHA512
2549485b63b578d025d712df06e98b4482fd7cafe8fd8390a28431d9170df047624e0f390af1ccc02f9d8bd5addf9f318874ec09542ed6e7dbc463fc3aba1d82

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
78e5f782f7313c99abb6491daa31625f

SHA1
7dec46fe8ab4cd6f08093dcf7ef304b5c6d947ad

SHA256
b88a2b74a364c72be8edc33c3101c32bfb4f24958f8404d8c658b58a8588af19

SHA512
a8cc5d6b5661cc0e329e16e2cf2deec9d6e628816eb035277f0caa8ea80d6df658c61d2bda0e1b3d8707c5ae025fa2c6156df1d23a1e075645e8437fb8354c69

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
25d28d40a79e59e9c62d34f20fe6846c

SHA1
a0cbf4dd440a0e0b43c70be3dbea02f38ee3bcaf

SHA256
d0d2f4966488f6452931e7c209eded824879e20e118450120ff3d66b28f33d19

SHA512
ab19c08213489e817fe3ed0dede8cc9436403a30a45381bcad0525018dfaef39cf96354bb0436f44d2e53eb0e4dbc2bac567562c099e751bf069c78ebba74299

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads