axbanker | 21c78356d6f0385f18846e62fb1b19d5eea93079344273d386c147e6bba974ae

Analysis

max time kernel
149s
max time network
159s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
23/02/2025, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d396e3957d97f614588e8feab010802d.apk
Size

11.1MB
MD5

d396e3957d97f614588e8feab010802d
SHA1

44b2ac18cc6a684a2ee04dc608ebd9cfbbe54ff8
SHA256

21c78356d6f0385f18846e62fb1b19d5eea93079344273d386c147e6bba974ae
SHA512

45dff9a9dd9141efa330a342f8a80a2fd7b62ae8d53e97df2400273b365c04d9a4f3b5040b0558c4bb4ba3eed1337bd64c2543793e42da42693751313b261fe4
SSDEEP

196608:l9xdCvDmAcrzSt/M6QZSDjim26Vbl3sEJbv0JzNkop1hg3:RsriSt/gZSDjn3Hxv0JzNp1hS

Score

10^/10

axbanker banker defense_evasion discovery infostealer persistence

Malware Config

Signatures

AxBanker
AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.
banker infostealer axbanker
Axbanker family
axbanker

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.rewards.mycardnows

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.rewards.mycardnows

com.rewards.mycardnows
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about active data network
PID:4333

com.rewards.mycardnows:my_process
1⤵
PID:4406

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b4c81272b7bafde7fc880f06e13466b7

SHA1
38949b15fa4c675286a539b5d4c04fc986df0ab8

SHA256
fb0e7640da930a4d338f5ebb238bcda7548088b140aff974f40d4884cc55758d

SHA512
dca48104453c8dc9f084f39760910212d8822aaa3ac62ca63add36f6a39a715ec7e5f12a32ae7d914e19f45af7ec9256be506b8bf5142806596ae443b3f9640b

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b99a32e437d628d9459e72b9ddab133

SHA1
b1ead89b122f2cd298bf8d88d4c38b9e48aca183

SHA256
f6d395d7b3a2a743be95080999fa4ebf99d1f1b6f347fb85fe51d32367aaf3e6

SHA512
607adb3d53ce135e880fb711825c4882271bdd66e24feff8faa4dd2a42b0d9b7e812a96e6728575699865f310b8ffa54b8209dfeecad5d4cca36f0684866cdf5

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d0dba2f818e2c319ab36a6819f392f21

SHA1
5bda84ca4d08ccf08535428a6744e54524c3c836

SHA256
885b4441eff513422dee0ac7fdc51f5b6620f64b4214df331e7f621c4d807f1a

SHA512
fb50dc4df68962e47e408393a4156ef75d5c53446b6ca8c8db838cc6673d69593969e29ad3b85a9ad4056498d9ee46e4cc68dce09d4abf54dfc432aec13ae591

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db

Filesize
16KB

MD5
390378fd5abe8349f187bd182ea71ea4

SHA1
a9559f0510077284bb310ca8bed7141e79428dfe

SHA256
5e7f770353a0a7c55c444558e516a84053a6eb931c281a76c630783a6f7c127f

SHA512
1a8ab94704299f5c9ccc7aba8c77593097c1d1773baf68370c7373a9fc0be7aa3db2bfb57a3d246b7be0c4b04ae7f37573825805e1c7b887b5a47ac443d4163b

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dcbb6209c93a3a273f1f9f6bee0099f0

SHA1
b677201b04afe53a9085e5613a33cef9cc18ffc5

SHA256
5794aa9b40564fb7db996d333e4ba5abedb040d45efe7ed83ea7de5552b00a9b

SHA512
cdf3ee536f6ed0c159af64d5e531adc377ac1712978f87d55ae32f786db20a763d424471e09ab5ac37c11f1bdb59584aaaab29f00acbab7d75e7330f7624787f

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e050e712a36c24ff66ce600d97f30ef0

SHA1
b4b4666ae7930b3c2f38b8f105abe8fe12ac7c39

SHA256
d246121ad9ee2799bfa7220fc8895d3cd8603ae716dd6994c4da1464dd3a4aea

SHA512
205115d958d207241d1f7d5a5a71418adcb7f43d41d8ba95e8f1d28df37ae9f71f68576f5585203c95038acd9a5527030042caf23452ca95b57ca3013b55a031

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c1d8576bbe9417996b96593c68b0347d

SHA1
5ede3e144ba16b673bd59be2dc91a1e8de11a124

SHA256
b6d1908a9e04edf903da962e842c1289e7c9a5b0e90c6ec210fe92eb94b931de

SHA512
dcbad79b1e4dd0173ad879f89003b826c05cc9eeaa6e883efb3cb029a1989d608354ff3e7bcf574374705e1584d4fd696f5ff1721d68bc4be4d09e883d9e3795

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f6ec61f9e36389e36e3f7ab4395fd717

SHA1
0cccf45efd547e7bcc843c6786595033306b43fd

SHA256
2dcaed31b3531837660742604b860c7c257cac3e4d1565930d9090ccf5dd18a7

SHA512
da379c2de041ced4851b0dc91b5c4828c741f6d2f15380cad58549bb8bd3125490e9a92e951732e8c7225bfb2319af4d2c15aa1626d4687eb4b2540477c2ee56

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
646fef21f69abb372ac469a5f372d478

SHA1
7f0a72739e4168a2ca44fb5d16c9941de8968e3e

SHA256
bc6109c5ce030d74b32e8316ce5c0b99b35afdc61184aecd5c20513d70a60950

SHA512
c1242cce7fdae6be7827529c49cfc421df6502e7a79121502db85d599789097d69e159181b15a823ad819161d5aa186fb036f9cf95e8488c6d5133be47836dd4

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d10913226440facbbbe364b7705dab78

SHA1
fb136988eb778df0204a75dd6c560c5c836e214b

SHA256
5816c7e12cf4760dc4b6bd3fdd7d326f5c2bc08315c972bca56128e2b6cee332

SHA512
866b17a3b828202ae4c7b03f40fa2c2b607b3b257b02a1d669bf57307e41fe07b61dd487a0b008464dcf64459ead5b75cdf1f74f403bfc3b40ad53b1090be0da

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e60500368580617e54a07ff7de51e146

SHA1
da9370ea43a40ab6917ed838ba265fa503889d35

SHA256
df5254b957154380fb347fe4cee2faca88a2710ef83ec7bef71bd5a898ced73c

SHA512
2c22adbcbbc9b5a9754ea0ee421e170efe04d846ab6fd9adb8a4506f5b494ce5bab37a4639911fbe34a28a1aab7e3c38bb6f86ea570907ed0be3cb1668b89f51

Download Submit
/data/data/com.rewards.mycardnows/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
66bd17163a5410fe5393d8595e6bf531

SHA1
6bff4af3b2ce7d082998dd679af25cf162d41155

SHA256
79350b30ee9f0f637f9f2813d0bd48f615aabe3f44889a85803a8c7ce6b3b57d

SHA512
94cd5d13e53da09e71df718fb9226594d937edf46b38278c1d05adbac0ae61a12a5626792916d0027b68aaf7a3ff9ecb7641068cd0113e5e7715590e090c8b95

Download Submit
/data/data/com.rewards.mycardnows/files/PersistedInstallation5542989246697047774tmp

Filesize
90B

MD5
df9d7992987b090950c199b0b34db4fe

SHA1
aaf9dbbe5600942530db91fcbfbf296a6631715c

SHA256
8e13251b1933b866ba89ef0dcc2b2075eae7363bd614005d635c9c096a7df719

SHA512
5f4d83edd06a0440d900372f844379249befda9c8f60e4e631ca2f75371cf08fc81d8fa417b85a8e99213e692d29fc538bb20108ba088ccfa290a8d5835ca699

Download Submit
/data/data/com.rewards.mycardnows/files/PersistedInstallation7810525359974619089tmp

Filesize
567B

MD5
9b8162b83e4be74acdefdb440dc0a030

SHA1
4c7ea1b7f269afa27143cf33fff2890e5af566af

SHA256
f2c1dfa04009f91a07c581aca1617ceb2a03a18155855086c311886aca5a9064

SHA512
cf92866043651d7bd2a0a7d1d1bc9bb87383662b780efa3e14c2df6d13c4f89f6e109b76c10ee02ea69075baaf6a5b29eb77dce8541b781d987f49010ffa38c4

Download Submit
/data/data/com.rewards.mycardnows/files/profileInstalled

Filesize
24B

MD5
907feb086dc62801d8f111e205ce950f

SHA1
6bd5f2da26bb5324b791286723b946dfc344ef32

SHA256
d8fbdc20116698baed78ba4f399dc8ab160b86e0fbf109aa3616ebb26574d4c6

SHA512
a62410ced7ae7645bb1a24dfd10c2a9d834785716d6be8efcc1e40a0efb765d4714ce06c72b6a5ca89e4c41bfaf40a74da0efa49211500af02e8e4647fa4c523

Download Submit
/data/data/com.rewards.mycardnows/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
8b9ed752f2b54dbe545b751b098d5b39

SHA1
29b5414da47ac85b4e8fdc00ce15723b6bc74e4a

SHA256
91c70c549762ddc66cf0bf75289de8cfc032f21a9478a3e7e6d1771e56574c1d

SHA512
33f6f31befae15d29b61d770ccff7e7f0fc0d1c31829bd59fc0fa6379ff7e5164f28907960560907a38c7ea12650efd9877cd33c85ec3001f90c54dc2f48f14e

Download Submit
/data/data/com.rewards.mycardnows/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.rewards.mycardnows/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
bb4e10c9955fc6d4911ecaf6374092a9

SHA1
6d73adbb5ddd4d6ad1eeabb88ecba11d8ada5119

SHA256
38236b7b29956a74f3afc4d67f416d0b09c0249ee20d326ecc7abc2da7a61a84

SHA512
355aefb42ce33cb028cd5fe093b915ccffd15f8076eb676cf779ab1a9b26de011888fcea27daf1f3630af5f7b5247816038bacccfc5c314f01f6dd8735eeb943

Download Submit
/data/data/com.rewards.mycardnows/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.rewards.mycardnows/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
de9ebaa2de79edb1ad86958a339b361d

SHA1
8c7323e28d252cf49461f44c489ca9407f21163f

SHA256
db4a148b6846fcf27d00a20c6c98457107af79c9a1cf3b8224ecdd4d53d8abf1

SHA512
a5f49439d8270bba8ab9e88a9b134e37351d3cbfdaa6b812769668d4eb2faf3a807b2a7af39a0b1bae9210d19ed35b060e463ed823829159cb13a9bb612ea07e

Download Submit
/data/data/com.rewards.mycardnows/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
631f5912b9634e6fec2c8f6ba1c38a9f

SHA1
8168596a7c79aceca2acfcacdbaf19e3cbaca288

SHA256
392ae00127e2c0584e1cbf798393ab91e8754424a492edf2a246549f94c35153

SHA512
5ae195c7d73c4512e0a0bb56d49363b7d2d69ff7a99463691ae677b707efefd8761eba38dc5b69a62d4974e10061c8b6fb2bfec4a2c1f4ccbfcc4985363297fe

Download Submit
/data/misc/profiles/cur/0/com.rewards.mycardnows/primary.prof

Filesize
2KB

MD5
d753c16b296b24b7b2b0a08c64a2239f

SHA1
d7881da382811633bdaf2d413a2ad0f0a2678305

SHA256
ea0110c8afed41a7fee1261442826003ed9bbca2c9511d854e0673ec4da4c6d9

SHA512
8e708cae98660fec75e89452561638692cbcc884fed93543a627bbce002570259fd58aa41fd959b28c44e32a25282d005c2fdd277b62b4788333887a067ab52f

Download Submit
/data/misc/profiles/cur/0/com.rewards.mycardnows/primary.prof

Filesize
10KB

MD5
331e2d423f1d0be846c4ae32c0950c1b

SHA1
025373ef83deb69acc1522589a1b0d05eef5ca57

SHA256
289d4b33a042c7391e4ac8c5ea80032e4f17d91a5a79802a1dcc9c0d2aa3fd00

SHA512
fd7e3cabad818eb96fa8137fbe0dab530d5c7335c4c7ad06132d96650b8ba8a400d611a171f738452f6fc5197b7a5b107dfd22ebfafc59796a6cdd82669b9937

Download Submit
/data/misc/profiles/cur/0/com.rewards.mycardnows/primary.prof

Filesize
10KB

MD5
98fab377c324473ab8287f64303c9f89

SHA1
ca6fa75b82a378cf6935d03a2bda4a347014e0c6

SHA256
6a4bf064c01040aad090a674d28cce5865d0a088d7611cb7631387edfe533edc

SHA512
6d3fe4e3508d21bc4aa02062fe033b95410e18c6a987b1a40c6164af89df4ff57dcddef7791f1c75bf7efe225dc562145c8c81cc5fc775b2106990c68b2566f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads