axbanker | 44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46

Sharing

Copy URL

Twitter E-mail

General

Target

44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46
Size

80.9MB
Sample

240518-k8pgzadb7z
MD5

1581203a4990bef028f82dda1d02e8ab
SHA1

586c5859f8f9730269314b63ecb3cd52f94b08a2
SHA256

44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46
SHA512

468de490dce3fb0280e1eff8a5714bd2c44a37f59364c13651217665e824e2fc3dfaf677d9a174ab2100e25b25037bfb5d8608428681b94ecb00a2c63b407cb9
SSDEEP

1572864:gzOGgMhjFX9rl1ZIqaUQyR0bu7/APL8vjbkVxVcOP1:63TFtrpI2QyKQ/eQjbmVcs

Score

10^/10

Malware Config

Extracted

Family

axbanker

https://truecallerapis-default-rtdb.firebaseio.com

https://truecallerapis.firebaseio.com

Targets

- Target
  
  44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46
- Size
  
  80.9MB
- MD5
  
  1581203a4990bef028f82dda1d02e8ab
- SHA1
  
  586c5859f8f9730269314b63ecb3cd52f94b08a2
- SHA256
  
  44cd742ef87d463c3f84f424263dae21306b207631864b383e8e94f8ded92b46
- SHA512
  
  468de490dce3fb0280e1eff8a5714bd2c44a37f59364c13651217665e824e2fc3dfaf677d9a174ab2100e25b25037bfb5d8608428681b94ecb00a2c63b407cb9
- SSDEEP
  
  1572864:gzOGgMhjFX9rl1ZIqaUQyR0bu7/APL8vjbkVxVcOP1:63TFtrpI2QyKQ/eQjbmVcs
Score

8^/10

collection credential_access discovery evasion execution impact persistence
- Checks if the Android device is rooted.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads the content of the call log.
  collection
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
- Schedules tasks to execute at a specified time
  Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
  execution persistence
- Checks the presence of a debugger
  evasion
behavioral1