Overview

overview

10

Static

static

8

11D14D9655...B4.apk

android-9-x86

10

11D14D9655...B4.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11D14D96556D7A4D018D168AAA134B133762493ED2A6393F732C7BBDDD5C28B4.apk

  • Size

    52.7MB

  • Sample

    250414-vycerswzcw

  • MD5

    4ad74913ada99165e6b01107a167c2fa

  • SHA1

    2af77b626b5ff4cc40f6b67d79627d6af90fbe0f

  • SHA256

    11d14d96556d7a4d018d168aaa134b133762493ed2a6393f732c7bbddd5c28b4

  • SHA512

    bcdee7f42a903abc0a90e845942a99e624d84693aa5bd70f81d07daa0ca7b4bbdb7017dd608b46e5905f22fa9a50711da5b711ac245b48e25e494b29b795c5c8

  • SSDEEP

    1572864:zdVmeObSNSm+PxvjP+H4U9X4U9r8bwidCUiSE7BKrwOq:hRRYbPFjU4U9X4U9rLRR7BKJq

Score
10/10
axbankerandroidbankerdefense_evasiondiscoveryevasionimpactinfostealerpersistenceupx

Malware Config

Targets

    • Target

      11D14D96556D7A4D018D168AAA134B133762493ED2A6393F732C7BBDDD5C28B4.apk

    • Size

      52.7MB

    • MD5

      4ad74913ada99165e6b01107a167c2fa

    • SHA1

      2af77b626b5ff4cc40f6b67d79627d6af90fbe0f

    • SHA256

      11d14d96556d7a4d018d168aaa134b133762493ed2a6393f732c7bbddd5c28b4

    • SHA512

      bcdee7f42a903abc0a90e845942a99e624d84693aa5bd70f81d07daa0ca7b4bbdb7017dd608b46e5905f22fa9a50711da5b711ac245b48e25e494b29b795c5c8

    • SSDEEP

      1572864:zdVmeObSNSm+PxvjP+H4U9X4U9r8bwidCUiSE7BKrwOq:hRRYbPFjU4U9X4U9rLRR7BKJq

    Score
    10/10
    axbankerbankerdefense_evasiondiscoveryevasionimpactinfostealerpersistence

    • AxBanker

      AxBanker is an Android banking trojan that targets bank customers information distributed through fake bank applications.

      bankerinfostealeraxbanker

    • Axbanker family

      axbanker

    • Checks if the Android device is rooted.

      defense_evasion

    • Checks Android system properties for emulator presence.

      defense_evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Listens for changes in the sensor environment (might be used to detect emulation)

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v16

Tasks