axbanker | afd3227c4fb790a2033f99857417061be8eb1c3c1db0cc2910f252ed0959a3cc

Analysis

max time kernel
149s
max time network
159s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
22/02/2025, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa-bb-cc.apk
Size

25.2MB
MD5

eb3221bc83d0e78a6839c9c81e738812
SHA1

264b0fad92be4fadb1731ed750b06db744da343e
SHA256

d823512275c19bf8bd6a30f5c780498fd447fefaff58d42b2812435fbd0b9f43
SHA512

6fc0543ff1698d94b7283523067d342403e4598126e74bc3e51a882802d6fcd4c734799a3d204e8ea207f5e3a6b2d356438ff017d5cfc2797c603d875eb94351
SSDEEP

786432:af/S/8gftjdRtNURndfE7w3M5T/q8PSgs0zdVo2U:K/6jdRtIY3TCXEdGN

Score

10^/10

axbanker banker defense_evasion infostealer persistence

Malware Config

Extracted

Family

axbanker

https://hdfclifeproject-default-rtdb.firebaseio.com

https://lapsclaim.co.in/new/api/user/step1

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Declares services with permission to bind to the system 2 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device.	android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.disprzs.hdfclife

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.disprzs.hdfclife

com.disprzs.hdfclife
1⤵
- Makes use of the framework's foreground persistence service
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4373

com.disprzs.hdfclife:my_process
1⤵
PID:4480

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
18fcc5df5f9fc414a952a8036abfcba0

SHA1
8bc8f6883c4f1d30282c2ab74974dcb46cc55210

SHA256
9b476a01129aedd1553df6621f3446705c5b6a89283894dde9363ade2c77eb6a

SHA512
4c4cfd5d6bdd02b8d7d466e13c51adb6764447c3e32862c5cc3864cf1170488cbbe3c5ff0ac7ecdbbc2adb5aa655e75e9635926139bd13e60ba6fc1482b4934e

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f6e8d9b054677d83742d4a015c46d24e

SHA1
64500e93ca8755eb671176aa96e9c14fb36afa6d

SHA256
c02ed7ebf30cc6a8a1835ced5d4c3112f442728601aeea61e93eafea4666d998

SHA512
4ad8bfb3396db9dca8eedbd2d93d6ced47b45caf0a107c6561021dbd7227d1d017826af5287733ba152b6b017d710b10b98fb982fcc85660faed3d291139e126

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
379974f819f55ab2d72cee2fbb9609e4

SHA1
47c09cdb3d895331e25301fd334c15ca4949a99f

SHA256
e2b05fc3072d6f85edb813d7e74b1da5d45cf048781522a285feebfe3c55cb0e

SHA512
4200ca1d4140881bf43f12dd38895a1c4411b489c23377d4ed42dfc8f877b72699db903623d383add576df50b68d44ac3e2debd866cb499d5a72ddfb06bef3d8

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5e887e75cab1fff41394861f380d03a3

SHA1
494a11f9d99d8e8d5a3a232772b22a86ef2e4504

SHA256
12e2a93478a58dc53b9e81f964b3e9ce6880c703d7995100b2421526fd8d3fee

SHA512
e0995ef56a4824dade83f9b59382d2671323516cd137895c8b4d59ea38c3bd5759dc83da88bcbf76fc4126fc4c3f96a11f4041771b08e217df7672444a62dbaa

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
30d69b725234ccb7ade4214346687799

SHA1
602ce026b4d955951ec2674afbb0afeb463c90e7

SHA256
a9afd660030162e080aff81b57082b276a76316e7216ee522fc4948e0f9bc140

SHA512
ec60016046539d38c79e5bc97886696e32f1998d406d2c842a7144852a8d4388c8ac52b5a3fbd379a85a7f6859c1bcace2d0d02d799bf8585362893235b33c4c

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f7461878003caa77ec4d18d543c6b18f

SHA1
351a4c0a08ae5ffcf43eaeead8be0639a889a684

SHA256
d25bafbf0346be064d8bcbb7283fd3894e12df4bbd676274c67a5e09dfa5b50e

SHA512
3480ea56a565610cdf925e8a6775db519e0d113b77fbf3c3438979cb5356e56c2d735f164ab813c65fa3349f0c4e4ba10d05fd8bb219076dde0b2222ebde3aa8

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c87792a158d1c828436f1970c93261d5

SHA1
d5650a4251480cf5d384e7203c7af5ae4df9d53e

SHA256
27e399278b06efbd5677410e1d2d720cb8bf0440b9f26a6e9dfeb312218c7774

SHA512
d659b44c869430c6230aee2dd39a51c4bc2720a1aa277e68911ebc23ac206d987cf99a335c81f57ac9f5255f6382eef7125e36baf8d92b26b8f3a90e0fc7a22f

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
641bcf8a516cebe292de71a0f0e84643

SHA1
d55e3a011ea59281db29e8988f9462a3078b70ca

SHA256
03abb2ab5fd7138f1e712b6084065dfaee504558d7424e760bf932f2eb09b0f6

SHA512
09156330b2562419b232716c35fc0877fb85ab4d9c0b3c0e96bdceb7368b8e8e12b1d0634c40e4ce41bae8e06888224b713a1cfb69d3c356e758c8a5de01c9da

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
444c9ff47c45c69852821edc2929b42a

SHA1
ecc18a69dcb13f6042f60274c4d355e6eb150578

SHA256
989221dfece6808989f26b1ee70329b119f70f31d73d55c7815d00b24814754b

SHA512
2b6abe9d30ea3e62460714c1b3c0223447fb310439c225bd1e0075fa39cd594e29750527656729a474f8d10e30af55908ff471d61a5ee494453e395de5a28820

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4c4bee8df3829a0b3afd372139ac6b2d

SHA1
5a311167d609af8d4a7864623523c7a7aafe7feb

SHA256
ed0258ff5a1083a26fea51a140e38c5a408c834b9b8847659ff9affb89898193

SHA512
a78e7736d6a8f237839ac07974ef7633f460779e2a2a11479ee5f17be8377fe9aaf368abc78664b26db2eb40809f0cac79b30e14d0c8f94cf0f9029589bab891

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
52ab1c80c91f8b9c2ba5e092a18b029c

SHA1
dd9aa3943fa923e839c88ed25e327b94e2eec75f

SHA256
59d97a447d2fd6688fc863ca2e168ab4b8afcb53541133e747902729fb16bd57

SHA512
438aada2e532aa3b3c16d03a542604aa2e8e311abe33c463b13596f530d93b8348fcc50be8b8773ff8c6a6bfff9a3c61346612a6c223874d9ce076b16b891a45

Download Submit
/data/data/com.disprzs.hdfclife/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
942c866750c86f42143bc7042159c876

SHA1
67406fa06700be1809198126fa4c67c8ee194ff1

SHA256
cf518a43679b2537c76dae5a5d62d55960c1d935796ba1a21264198639a84c7f

SHA512
2c16f492818e76e309812ee2e296e80e134b08e3892b0034fbfcd14e2a2363c1f3ea2a05b6d1ed37dcb15f17f3754c643120173e4447f82661c37e536c865798

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation1084276540815266392tmp

Filesize
570B

MD5
e84409dfea5e334cfbf69fd66fa00eed

SHA1
5573cc17da78ff0b79b708ce0ad13a21a642c14b

SHA256
1165c2697701c977d994d416327aa978af93ca2d4903f5ef0e9f7175b1e47822

SHA512
77a42db91bd35197579c8d7c88c400f4f383fb0386f63409ad6371909f9dca58e0d19608854077518424d1c640e5342f614ee4f2193472792e46dc5de6c95128

Download Submit
/data/data/com.disprzs.hdfclife/files/PersistedInstallation4652285361230229305tmp

Filesize
90B

MD5
4e89f2256f06af5666cf71b13d3fd838

SHA1
0a34514ca693b67af45020b43ebf7014eb5dcdb5

SHA256
27cf70b7b116deb945e71f72b3097a82d94e8a539d0ec12b1ed5ec12f1701f06

SHA512
23ba64f8a07d2bfdd6ec04dbbda195a875191741a49bcf87ab5256adafcd43ace00f6f96b13dfcc61d78e992fb312d8597fd8903b0803499047aa1aefb2a780d

Download Submit
/data/data/com.disprzs.hdfclife/files/profileInstalled

Filesize
24B

MD5
ab13b5ffcaba421c8f9cc3a13be48c47

SHA1
db0ed3bae4a9b658654170fc66726ed9bfffad95

SHA256
29906310ae2370a294cdf68b8d5a134537b99c8ffa395eddef24dd15adbb2672

SHA512
fe74b50e1b3432dedcdedf14651b46e087a87e54c872004b404fa8f119f7730947c66d2ca579735905a4d0a048154a2b5b4e44f88c3700fdec28f7ddeae8cb30

Download Submit
/data/data/com.disprzs.hdfclife/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
dc8afd3abbbccfc740c5b56428608093

SHA1
7d9bb2665b8c8db8051251b638ee74c2e14e347e

SHA256
e183cadd845d83805bb07d278d42134deaf631b50d98bd004e248203eef155f6

SHA512
d1d04f43f6e7446b1c3d217a9d68ac7079af8ba43ae54ccf824ed23a4dce1aa76f2570efd91eb22be465f1ff1fc493f08e5b7b662e1bcbc4486ddebdb7877941

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
5fadb09d60d657e250c3596676e70edf

SHA1
f043facdfb65d7ebd8193ced15eb7da68972b8ae

SHA256
6e4931a812a2997b7f9fc7ebb65b138e105f2798ad61184fce6985fb02fb51ec

SHA512
0fb338cb25b8c07589d3752e1970e273b474e89e16619eb671d10ae57f11ffa7a00a3ab9a61355ff66e7e8ce31e188d307253b006548bee1ce32d581c6847442

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
491fa70b329596a8ebcde19378bbcc07

SHA1
fc9ff6b3a9cf2dc79f65b2098773ff7e847ed1a6

SHA256
95867c7530167e81056338c6d6b3bb52a33b187c621af814c0675b494ac675fa

SHA512
c67360f18d2ee23cb33328d6639b33ac22052532b88709b89dc248e55dd435a2cca25cd7cd4d8fc259e8db0bf0b4038feb91df4ee370e0c43abab32d48783a86

Download Submit
/data/data/com.disprzs.hdfclife/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
7ea1c6f0e778b43bd8bd13bf8f3fd373

SHA1
1206a3efbb5b418807b0b44b70b82839c8d15a8d

SHA256
570035dfa06bf035572110a0096c96dc915f070fcf42478b1b57f19d9baca964

SHA512
656a681955ebdd9c421192f1866cb1e73a634374f5a135339b935f12a9c5a0988d540d479b9dc79e4a86c6f72d40922a5fac3a21782135d439521eb89b8f14f5

Download Submit
/data/data/com.disprzs.hdfclife/origin.apk

Filesize
11.3MB

MD5
596d77b3f736d77e31b622180d4c701f

SHA1
4c61f2273734cb7a080fe4f089440068da49d080

SHA256
8ae7b0080fbdc2caf4bedabdc09579441ba25dd0b28750a31864581ca9c2a418

SHA512
35bf77693479a8c9e2a32af1282b8fa3d05d6843ec5032f9751396f5db6e25c54f68214dfa2f5fee29910f869a0c80a0e05016d49a5534abf69816a7149d2cbe

Download Submit
/data/misc/profiles/cur/0/com.disprzs.hdfclife/primary.prof

Filesize
2KB

MD5
ece06bd6e2c0545839a53ff322ca7391

SHA1
5bdd05677aef2b528b07af2e6bb160f933e57845

SHA256
48d0d71fffacba39c9039674d4c34103618b40c2e8dc3b3391cd67019f0583d2

SHA512
61169d69de1dbc7013843de803cfed5099e61ced49662549711113757ed33fca5826a2e5d1f37481b8935c4a74232b6abdd3d221b7e399c76e458e73342e4d02

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads