trickmo | 20c21a0bf466412118a8b79e890e2ce5dd068a9a2d354f43f6b4b7c94ee16509

Resubmissions

21/10/2024, 05:56

241021-gm124atekm 10

26/07/2024, 10:06

26/07/2024, 09:57

26/07/2024, 09:52

26/07/2024, 09:48

Analysis

max time kernel
282s
max time network
295s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
21/10/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

7.6MB
MD5

ca99cd533c8f93ab900b9eaa2368b6b0
SHA1

e9dfe27df482d853a8072bacb734bccd05227d35
SHA256

8e8470ed0fd881e9c7ad3db2bcb9515a9dc8fbbcf9fdf38169330514524059ef
SHA512

f1f495744e9cac629412e7e9eb0828f6d1197a84bfa2692a5bf34022f3a754d4a78907fba0ec8cb5b2eda6d03ff17b59ae7d7f93fb6cceed2be87e909885ab4d
SSDEEP

196608:X1H7QE5m9OHWTpCiAIR4dpMy3Vhx+KOs4G:X1H7Qgm9dMICFf

Score

10^/10

trickmo banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Extracted

Family

trickmo

http://starnow.cn.com/c

Signatures

TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
trojan infostealer banker trickmo

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json	4663	pekers.car413.qui
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes2.dex	4663	pekers.car413.qui
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes3.dex	4663	pekers.car413.qui
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes4.dex	4663	pekers.car413.qui

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	pekers.car413.qui

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	pekers.car413.qui

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	pekers.car413.qui

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	pekers.car413.qui

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	pekers.car413.qui

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	pekers.car413.qui

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	pekers.car413.qui

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	pekers.car413.qui

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	pekers.car413.qui

pekers.car413.qui
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Reads the content of SMS inbox messages.
- Requests enabling of the accessibility settings.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4663

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Protected User Data

T1636

SMS Messages

T1636.004

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/pekers.car413.qui/app_rude/ZMnj.json

Filesize
5.1MB

MD5
055e11f346de40ad4a6abad3546ea225

SHA1
8c9cf7cb825b2411146a3b4e2aad27f9229e3fa9

SHA256
516c9d7ac13f1c36aa6daa4831b468300e38d770fe406a986b29a7eb0d93d400

SHA512
2b1b011be419297887194fd269879138db8d9be461aa93f5443e9b6aecdc4048b99611343cb69357c78dfea5f6eba3d06fdf3e528c54e8c2563b74ea07e4537b

Download Submit
/data/data/pekers.car413.qui/app_rude/ZMnj.json

Filesize
5.1MB

MD5
7dd2673821338d19e639cb56a823ed65

SHA1
d0aa9e03240bc7d8985603005e69044b7de7c724

SHA256
d1596837b8e5bc67ca3a3206f065a4bd7e8ed8d4c062daf348f138647cee8b2b

SHA512
d5bdfc9702f43d6452584c4b137581688d6586345cffcdf169abe7acb26a58cb226504e84f1cc5320474019bfb3cce8c03c41e73beea359f9de4fdcfa0a39798

Download Submit
/data/data/pekers.car413.qui/cache/clicker.json

Filesize
17KB

MD5
636e55d791176f11d06b28d2e3bef86d

SHA1
685a82b348877c97f50def61ac0bedc02035255b

SHA256
c890742667132d62ea76f4f9ccb64a67e06ee6f4dddd39da458fcf46fd567b5c

SHA512
4d656078ae7ca93daa3267cd08af620a7ca375a51ee07f998c1a33607665fcfa6a786f80bc2ca022b7629de3b095d7c29cacdbd9581a58cf1f101df3de5924d2

Download Submit
/data/data/pekers.car413.qui/cache/clicker.json

Filesize
17KB

MD5
d780f836fe54e51872bf31220a4dcb77

SHA1
5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

SHA256
32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

SHA512
62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

Download Submit
/data/data/pekers.car413.qui/databases/a

Filesize
20KB

MD5
57baf3e42a94e8dd82e267b2f0619330

SHA1
76512dd29fbaf3cfd2efeae0ac2ab5108b81af19

SHA256
49a98902c1ffb97354f0e8f0f9208b84dfabaa826635f6ade1fc782169a3ec7c

SHA512
227f9d10a39fb0d8ae0a562e3b983fde44de62b3dbcd577172451e0e1f669e5721ba653c324af7c4d022032edd951cc417805a4eeafd5e84f28d378b9126a690

Download Submit
/data/data/pekers.car413.qui/databases/a-journal

Filesize
512B

MD5
60a35148a370417831c9eac03c8d59fb

SHA1
ea0719bbb863085522ec46cbfff7212e508edb2c

SHA256
337c568768bff6a7c4d20e82bdee67c6d27807b23a80a2f421863a00576e2420

SHA512
c2870eae9f765966cecaeeb089ae0e72fcf561d19d510fb84910620ded04f2a06dd1c333fe0622c10f07b13593afde2b8d7cc87bc9f93a2a3326f767ac52710b

Download Submit
/data/data/pekers.car413.qui/databases/a-journal

Filesize
8KB

MD5
2d6af786d1a0952b282ec37c868b4db1

SHA1
ccc9afe56e3459649b2553106f734515dcbe5602

SHA256
45fb5ede059b7b2974c127ff639de12935d3ef92ef053462598f2cdc6e24de97

SHA512
32b5aa136b2bd61eae87c6bca223436d82a070c972c6414f3387414e7add33dd1e0f2da0d5c5125c09fff962747ce85a0fa9d29cf7793460db4d5d41ae8e4f22

Download Submit
/data/data/pekers.car413.qui/databases/a-journal

Filesize
8KB

MD5
795faae9c08b850e8d2082b27025e5ae

SHA1
ab073fe6f4d330bcac68cc8138660e6444dbc38a

SHA256
f3a473274ab78adbdcfb17763a475b0b6dd423c197e5b342a518bf465b168366

SHA512
c84898d34937d80d66a781f646a0ca655767f9571c584ebbb98a3ee2e71779c2acf9f1e1eacc85edad498d661ad169480c2dce86e69afefdbd43b327c6aaaddf

Download Submit
/data/data/pekers.car413.qui/files/pekers.car413.qui

Filesize
256B

MD5
692541f94627ad7b0f7d526c552a32e9

SHA1
46dafbb997cd83c9e27465999111ddfd9fa33f44

SHA256
3cbde7d43472e220b662e9f805ca99502c32174a5a0828c815690f0aeb9503ed

SHA512
3f95d0bcfb9dcd33c9c3cb26359c89f0ebdb57c7e55b36877ed46dfdeede0eb3b0fbdf5d783eec005966a6aa925f0a91d8bc7dcf3eff7802611f12abe7d6b384

Download Submit
/data/data/pekers.car413.qui/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/pekers.car413.qui/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
d97d49a0a830cce7ef4a61c3ea3992a9

SHA1
36f22ef55bfec09ef4620588fc7ce993176bcfa3

SHA256
26add10090314e517ed9563e12290bfcb957cf0751aa90bd3b4869eef2087647

SHA512
2f8324f6b1d289a54001db40b33af26c366b1564993a677801ac71fbafc475b337e81ec5ecbed6423c49880b2c8938b7c78d28db8e14d9541056858e834a4763

Download Submit
/data/data/pekers.car413.qui/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/pekers.car413.qui/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
538101c69252b359fa16bc0706e334a3

SHA1
2e3c0f5dea9951f0723b83200d54a8917b9880fd

SHA256
94cfb493bb9678017f75047244a4c6c547a5033bf37c0d78bdb97868bf5abfb8

SHA512
b68269cac93e6cc5949f6dee050758a092278d3a0fd1c30352b8800d8b041146be62b49ea308d8fd8e9b9b37572f7202dbfb575ea4906522b2dba8615773dc3b

Download Submit
/data/data/pekers.car413.qui/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c7869c741578afd5faaa6ca8e5583dc5

SHA1
5c4fedfa416e78930daf3eef309624ab0fd3803b

SHA256
d7767d049b7dc5357001123838d4c8e8cbfb679b3e0b4a99c72b6f6460015cfc

SHA512
dc3c06ff2a30515c1b9b04f18efe7f4c82982531533c53c2b7a1cdc5db5622f5d3fe0a4eda7aa3862af0a2e761bb3cc7c10b46d52941bb874ddd2a6c46e88557

Download Submit
/data/data/pekers.car413.qui/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
1db079bd7b0482a011774204bfa7b1e8

SHA1
90b77bbc1db9a24e1d58011b42c2664a5bb47128

SHA256
8343d9d60a6502f49e9fb5418b59213850eafcf94bfc5c169c8150351a8dc4fb

SHA512
39c5a44965c66090782fddaa5b440f5b26c9d6b0e9652fcfa0d45c273642508f4327ca65868e3648f1c316971142485aadb1a8e36654d662793e15f3a0c4ec47

Download Submit
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json

Filesize
11.1MB

MD5
b2dd75b19e82fd1b6f8c1bbd80b00d43

SHA1
fbcc0c095a6951f1c268c3534e80182275cf56dd

SHA256
57b7c8e0879f6b3cd3bb169533f8069072322b178dd2efb8cedf5d77761e32e0

SHA512
078089605d533d1d8dddae498383e79eb37275bb034666cfc5d2b2df13883f9fa417374f1461d091fe0d5d37d09a5d18a2f9c42228e72b68ac8dff01de380395

Download Submit
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes2.dex

Filesize
354KB

MD5
e111d110016c06792f99189957bf5768

SHA1
ba1b4f6e7c7170239e9c001779ef9ff2995ef5fd

SHA256
c6114bf54ee58e37657467acfdf8e5d147b778a1e718e085e1f0a6a14e0a480c

SHA512
c98bc318f555b059ee1c5b0ef9bef2076b1bd265ada3d303a05e2fe481e2dcb40fb041e1e136d7a1ec0094e08020b0064bbddcc5efc5c32caa71ab42bb27a215

Download Submit
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes3.dex

Filesize
253KB

MD5
6a828a2f97a63e9bfb7a8479ab4c6832

SHA1
6bc2017f672b3c68b6a19d2226f46f5519d168bc

SHA256
5e60365bd94ccf2533cc24ffeb4b69ee1b66283e4472e92ee8741b821f26c72b

SHA512
b58c4f1caf85196de0572544e00a51d62e11b2c59fb60b7f66ed5ec77b4b587f02aeacae1602a7c68532be8990ef84e6c3887bb35f66b2725c2b651ad7193937

Download Submit
/data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes4.dex

Filesize
1.9MB

MD5
32579b28ea9ce1c5fa1f35bd4f9818bd

SHA1
8a262963232c8e2e43d755281f46ad7565e62a9f

SHA256
217bb9f5b5728b6373d10962cffa93c3b263049601ce4bfdc30f1b89c0e69c53

SHA512
dfb21bbe5a06aa760e412d05e9a91dc14b44928b8f88e6e01f96bfbd3d9a6637c33e8cf5d02dddb038cbd8dba5dd0cc382debb31c66f8f7d6ce3f176b2a6873e

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/logs/log.txt

Filesize
306B

MD5
ea7d3ad15ec7740990bb24fe66482869

SHA1
1cb5720806d6d0b0c4a580ac035c212bede5d423

SHA256
0fb426f741397aaa3422835a5d145ce26c58713306230f6cc098f1d1e7ad5780

SHA512
e1de67e921ce4ac787094c52b2c8505a77849441b521da8a942f594c98c3b8c73031a4a832854eaa6cc95d35bb0f5998707a087ee0a40daa51c2275c916784e5

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt

Filesize
99KB

MD5
7ee1ade573c2113fe755aeb5e24e5653

SHA1
2d82ece1bd3d1e035fcb3fbec355229582070a15

SHA256
91146e11dbc2cc16b727decc3238f1ac6297d23903b22fe495d8b5b89a2226d4

SHA512
a31467867e08a0d995937eadbd62060c60a9fa9bcc5b48275bf5fea046b36a7486b1e96301ae5400997372220394344096f44d083bc30c87b104d46513f62d51

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt

Filesize
148KB

MD5
bbc3ae7e1e8a3e8f5c0fcd3075667fca

SHA1
24bb204c4787e1df6caeb02281c2a039135c2382

SHA256
5d5ce433c2d839dc4d61749c6d30bed42a91273b244b7f352e6100be4a8c8bfc

SHA512
663e1046ccb8c6439ffd76027f5a97815b69e1b6ba1467c711e9a3adbee8d16df4c30c8b3300616d30f382179b2021989d9e74c0cfec8e30a04f1751de382d0a

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt

Filesize
198KB

MD5
7e92e14cd980fa002cb1120934aa8175

SHA1
ba38f3a1743e0a8295acd6049109efbfd4264c0a

SHA256
a804038a5be38832e00c3e23df2090c1c6cc2d51cd71ee0c4599feb7c3cc4071

SHA512
04aca931d180977bd3f1c3daeb9797f966a0df37db1fa7e5a04313e8946f186e2c5c7bf974e934780033c4e223aa95723ad64db6960bf4cb2ec253b0632f6f47

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt

Filesize
247KB

MD5
c9c38acc04cc9add907238f81979681a

SHA1
b0b1c306aaea46d1d9958c2d55df1a8f58d1d8f0

SHA256
cf08bb57105e37e046dc6a84225c799600205248829cabfc8c60cd9a44c89420

SHA512
638a1fe6b59d9e38eafc54cb8e579cafe93e0515e35526476431bf9371ee063fa2ad263ccbefbe73240181a848327be981c84ce870de09dabe5411233acad5d0

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt

Filesize
297KB

MD5
a82f77f832781da734e405304907172e

SHA1
1b69938c43891aae4bbf3ea6fe4cd616d4b0faa4

SHA256
121fff20c24eb179d4133aa9be5bff11319d73a81938bfc4099ae3dc843a6586

SHA512
d1b66708ae3162053a37c6354632bf76db443890f6b8c7cb4bedf6176b21ab457ebf743b5380e6015e0bf35e84699e4b669baf8ce3043decf9f2362f86a79a39

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt

Filesize
346KB

MD5
95fa6b7ebf6086a24931375ad1cffe2b

SHA1
76a61fbbd2805965bf30be07341bf39649568f02

SHA256
ea00b924c76612b3de75544689fd59a52f21d7f4a7f27101bad6c43bdac2f677

SHA512
4152b822b9183b5132041319157f3738f2b9081f474e887e01cc0b066f2972a483284fd4c8a97153157f1fd68f199db3c3b64bf21a74949d950085300a84cf3f

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt (deleted)

Filesize
49KB

MD5
33df3f33978e68bb11f08a4abed5fe9d

SHA1
dc0410abe83a084f309273f91fd3e948419e057d

SHA256
b97c3b3ad89133e6452b0c13a59127b978869b6e12079125d7d35f97744e6255

SHA512
f6b2773750622369234c487194d86f1914f27bf332c23e3eda71671330087970bc725f0339c12497e9afa89e5d9d791efa2ed0bb1a9f9ccc4884bd735401a29b

Download Submit
/storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-41.txt.zip (deleted)

Filesize
12KB

MD5
8de3bf3fb09542eeee7804de477ca650

SHA1
6b904d297dc551ce1d7d9f047a7048876290355f

SHA256
38007c9e564f8b3f37a2281b777b19481b941b5c8daa1c26442909d5b2acbe13

SHA512
10602abe708f4f6a5bb450c994f7189e3c2a4146aec9dc319791651f06c066165b56b27a002ff46d315b697c693df60402b6325e0e36f27f5267dae139ddf32c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads