axbanker | 7b03b91887dfed7fbbd931f8ccea337926b8d55e675f4d15edfec6f0c7b960aa | Triage

Sharing

General

Target

e394ff12c3cd2a050501e621f4fcb9ed.apk
Size

14.8MB
Sample

250223-qt2rmsyrg1
MD5

e394ff12c3cd2a050501e621f4fcb9ed
SHA1

e74aac9dfb7f4fe5303d7fe7ce152785876af868
SHA256

7b03b91887dfed7fbbd931f8ccea337926b8d55e675f4d15edfec6f0c7b960aa
SHA512

a18c21747590251e6e8fa5093fb8186857a8d66db9da7deef54349e55d496c7d2287238b801df375ca5e3c7f900c63f53e03ac2ee7059ac29036339dd144bd84
SSDEEP

393216:5J9uB2qd5SEgR0vMeVcJVzjoJlLLYFPEQZDqP9:5J9uA2AEgR0RVEVz0JlLCE0DqV

Score

10^/10

axbanker android banker defense_evasion discovery infostealer persistence

Malware Config

Extracted

Family

axbanker

C2

https://ajaychnapp-default-rtdb.firebaseio.com

https://geticapp.com/api/user/step2

Targets

- Target
  
  e394ff12c3cd2a050501e621f4fcb9ed.apk
- Size
  
  14.8MB
- MD5
  
  e394ff12c3cd2a050501e621f4fcb9ed
- SHA1
  
  e74aac9dfb7f4fe5303d7fe7ce152785876af868
- SHA256
  
  7b03b91887dfed7fbbd931f8ccea337926b8d55e675f4d15edfec6f0c7b960aa
- SHA512
  
  a18c21747590251e6e8fa5093fb8186857a8d66db9da7deef54349e55d496c7d2287238b801df375ca5e3c7f900c63f53e03ac2ee7059ac29036339dd144bd84
- SSDEEP
  
  393216:5J9uB2qd5SEgR0vMeVcJVzjoJlLLYFPEQZDqP9:5J9uA2AEgR0RVEVz0JlLCE0DqV
Score

1^/10
behavioral1 behavioral2
- Target
  
  app.apk
- Size
  
  11.1MB
- MD5
  
  d396e3957d97f614588e8feab010802d
- SHA1
  
  44b2ac18cc6a684a2ee04dc608ebd9cfbbe54ff8
- SHA256
  
  21c78356d6f0385f18846e62fb1b19d5eea93079344273d386c147e6bba974ae
- SHA512
  
  45dff9a9dd9141efa330a342f8a80a2fd7b62ae8d53e97df2400273b365c04d9a4f3b5040b0558c4bb4ba3eed1337bd64c2543793e42da42693751313b261fe4
- SSDEEP
  
  196608:l9xdCvDmAcrzSt/M6QZSDjim26Vbl3sEJbv0JzNkop1hg3:RsriSt/gZSDjn3Hxv0JzNp1hS
Score

10^/10

axbanker banker defense_evasion discovery infostealer persistence
- AxBanker
  AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
  banker infostealer axbanker
- Axbanker family
  axbanker
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
behavioral3 behavioral4

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

axbankerbankerdefense_evasiondiscoveryinfostealerpersistence

behavioral4

defense_evasionpersistence