Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

chrome.apk

android-10-x64

7

chrome.apk

android-11-x64

7

chrome.apk

android-13-x64

7

chrome.apk

android-9-x86

7

base.apk

android-10-x64

10

base.apk

android-11-x64

10

base.apk

android-13-x64

10

base.apk

android-9-x86

10

Resubmissions

21/10/2024, 05:56

241021-gm124atekm 10

26/07/2024, 10:06

240726-l5fw4a1apm 6

26/07/2024, 09:57

240726-lzfddatgke 6

26/07/2024, 09:52

240726-lweyfaterd 6

26/07/2024, 09:48

240726-lsrg3azekp 6

Analysis

  • max time kernel
    286s
  • max time network
    250s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/10/2024, 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base.apk

  • Size

    7.6MB

  • MD5

    ca99cd533c8f93ab900b9eaa2368b6b0

  • SHA1

    e9dfe27df482d853a8072bacb734bccd05227d35

  • SHA256

    8e8470ed0fd881e9c7ad3db2bcb9515a9dc8fbbcf9fdf38169330514524059ef

  • SHA512

    f1f495744e9cac629412e7e9eb0828f6d1197a84bfa2692a5bf34022f3a754d4a78907fba0ec8cb5b2eda6d03ff17b59ae7d7f93fb6cceed2be87e909885ab4d

  • SSDEEP

    196608:X1H7QE5m9OHWTpCiAIR4dpMy3Vhx+KOs4G:X1H7Qgm9dMICFf

Score
10/10
trickmobankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://starnow.cn.com/c

Signatures

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo
  • Loads dropped Dex/Jar 1 TTPs 8 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • pekers.car413.qui
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries the mobile country code (MCC)
    • Requests enabling of the accessibility settings.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4338
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/pekers.car413.qui/app_rude/ZMnj.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/pekers.car413.qui/app_rude/oat/x86/ZMnj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4365

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

2
T1422

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/pekers.car413.qui/app_rude/ZMnj.json
    Filesize

    5.1MB

    MD5

    055e11f346de40ad4a6abad3546ea225

    SHA1

    8c9cf7cb825b2411146a3b4e2aad27f9229e3fa9

    SHA256

    516c9d7ac13f1c36aa6daa4831b468300e38d770fe406a986b29a7eb0d93d400

    SHA512

    2b1b011be419297887194fd269879138db8d9be461aa93f5443e9b6aecdc4048b99611343cb69357c78dfea5f6eba3d06fdf3e528c54e8c2563b74ea07e4537b

    Download Submit

  • /data/data/pekers.car413.qui/app_rude/ZMnj.json
    Filesize

    5.1MB

    MD5

    7dd2673821338d19e639cb56a823ed65

    SHA1

    d0aa9e03240bc7d8985603005e69044b7de7c724

    SHA256

    d1596837b8e5bc67ca3a3206f065a4bd7e8ed8d4c062daf348f138647cee8b2b

    SHA512

    d5bdfc9702f43d6452584c4b137581688d6586345cffcdf169abe7acb26a58cb226504e84f1cc5320474019bfb3cce8c03c41e73beea359f9de4fdcfa0a39798

    Download Submit

  • /data/data/pekers.car413.qui/cache/clicker.json
    Filesize

    17KB

    MD5

    636e55d791176f11d06b28d2e3bef86d

    SHA1

    685a82b348877c97f50def61ac0bedc02035255b

    SHA256

    c890742667132d62ea76f4f9ccb64a67e06ee6f4dddd39da458fcf46fd567b5c

    SHA512

    4d656078ae7ca93daa3267cd08af620a7ca375a51ee07f998c1a33607665fcfa6a786f80bc2ca022b7629de3b095d7c29cacdbd9581a58cf1f101df3de5924d2

    Download Submit

  • /data/data/pekers.car413.qui/databases/a-journal
    Filesize

    512B

    MD5

    6b1f0e93c281f0673df036b11ca78619

    SHA1

    58edb2104e262114050d5549f5bf2b4a25976f1e

    SHA256

    b68fb7a9340d1833f88d5cbfe4d33fc6e64dfa8fc3c489553cfd511f6941870d

    SHA512

    e38fae41a43abf5ef1479f2285eb16b08e4978440c616c6287b8a08527d277e5f1c7cebad5af23df7ce0632eb4b43c42420555c10806c2a21a8fa950f28d9677

    Download Submit

  • /data/data/pekers.car413.qui/databases/a-wal
    Filesize

    32KB

    MD5

    628c07484f31d1f58c04411a89ccbcf2

    SHA1

    8152730e02044ef73ccdd29d4977e9bd6e381e3a

    SHA256

    98069eebda699bdd933efd8ac18e7c4f8734675fe1eb95b2dce697c975413de1

    SHA512

    b227890604c639d6914bfa07e29c0e8d137e6402c7f8757f5ee8745d30d23da846e5193ddcab47ba2368baf0b5de0a8fb59c1bf38739ca8b292444567ad2faa5

    Download Submit

  • /data/data/pekers.car413.qui/files/pekers.car413.qui
    Filesize

    256B

    MD5

    c49fdbbc8805945a892c22238c32c8f2

    SHA1

    ecb299646d641c5375fdba3b75859ccc2aa03544

    SHA256

    514732bfccd277a73f8755b2bc6bd9f84ac16a527e1cc2163ba864c18c55b319

    SHA512

    08a54207ca53400635bca8101b5968b94b4488240b6ee13a187f4a79ae872f0801dfe25eddc0a0a6db39e1ffa2dfed58a9731289591838c3619ca9b720c04098

    Download Submit

  • /data/data/pekers.car413.qui/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/pekers.car413.qui/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    9e6b865c02ce38a4dc910a360a25cd66

    SHA1

    8025b6ac64074a1bbfa9b60e39d2fa887620fd11

    SHA256

    8bd6bedbc6a9b594f671e6a3afaf6b2826f87fdd49e9172adc06bd5c6a1ad3be

    SHA512

    bd31b8756206226163411c2a4e3b025d2b5304966fe5a56c2fc064b67f80d4113e657b4548bbf6ce3ff6bc3c22da19d4ac8bb71696b6113e402f6c8085232062

    Download Submit

  • /data/data/pekers.car413.qui/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/pekers.car413.qui/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    4d51d89e743c214dd9eac2e69b8fe318

    SHA1

    d5a6b5fe1d1d86774ec654bd40800031127f3dee

    SHA256

    17d2b4c424c72256bc497c88a613a3d44fdcde562ff27a625e23ebd19ef41c72

    SHA512

    c65702e88abe67165be6c49d0a724a34b7673453258263b85e58c767e9b6f3ef4298c12a5fa19952a7d56bbe148ae291096cd24307d76329a8595fa11b02e7aa

    Download Submit

  • /data/data/pekers.car413.qui/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    9292d60a3e1450a4e06bcbb00cc26ba4

    SHA1

    e644eedc423a37fe25f3f6b281094a7b2adfbebc

    SHA256

    a20bca8982636f7a674f26fc54215abe694f1733884056d8addfe3cdc7a6e266

    SHA512

    fb0a26e7a792f41e314c04ca8a24e98d40b63ffcf870c8e7567c881bdbc8f7f692d05e1db28eb64f71a077e0f0124823e69768b83d9b1bd40c8f66a837587ae1

    Download Submit

  • /data/data/pekers.car413.qui/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d4a38749169f1e87f7476d5476881ca0

    SHA1

    c01b7217fc64060c7e00f0c55272f23ce491d76a

    SHA256

    27e0de046afd4b3c281f553e1d7464fb68e758b9006892a68ad359c06d291b9c

    SHA512

    11ab1d8f4648f68430eee17984a65bac9d5f8011b0b40417f6250a6b593379a1784888fdbbdd01c1c3fee5e8890a34023c20d25fe8e7e44f755fd811c9a324ce

    Download Submit

  • /data/user/0/pekers.car413.qui/app_rude/ZMnj.json
    Filesize

    11.1MB

    MD5

    b2dd75b19e82fd1b6f8c1bbd80b00d43

    SHA1

    fbcc0c095a6951f1c268c3534e80182275cf56dd

    SHA256

    57b7c8e0879f6b3cd3bb169533f8069072322b178dd2efb8cedf5d77761e32e0

    SHA512

    078089605d533d1d8dddae498383e79eb37275bb034666cfc5d2b2df13883f9fa417374f1461d091fe0d5d37d09a5d18a2f9c42228e72b68ac8dff01de380395

    Download Submit

  • /data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes2.dex
    Filesize

    354KB

    MD5

    e111d110016c06792f99189957bf5768

    SHA1

    ba1b4f6e7c7170239e9c001779ef9ff2995ef5fd

    SHA256

    c6114bf54ee58e37657467acfdf8e5d147b778a1e718e085e1f0a6a14e0a480c

    SHA512

    c98bc318f555b059ee1c5b0ef9bef2076b1bd265ada3d303a05e2fe481e2dcb40fb041e1e136d7a1ec0094e08020b0064bbddcc5efc5c32caa71ab42bb27a215

    Download Submit

  • /data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes3.dex
    Filesize

    253KB

    MD5

    6a828a2f97a63e9bfb7a8479ab4c6832

    SHA1

    6bc2017f672b3c68b6a19d2226f46f5519d168bc

    SHA256

    5e60365bd94ccf2533cc24ffeb4b69ee1b66283e4472e92ee8741b821f26c72b

    SHA512

    b58c4f1caf85196de0572544e00a51d62e11b2c59fb60b7f66ed5ec77b4b587f02aeacae1602a7c68532be8990ef84e6c3887bb35f66b2725c2b651ad7193937

    Download Submit

  • /data/user/0/pekers.car413.qui/app_rude/ZMnj.json!classes4.dex
    Filesize

    1.9MB

    MD5

    32579b28ea9ce1c5fa1f35bd4f9818bd

    SHA1

    8a262963232c8e2e43d755281f46ad7565e62a9f

    SHA256

    217bb9f5b5728b6373d10962cffa93c3b263049601ce4bfdc30f1b89c0e69c53

    SHA512

    dfb21bbe5a06aa760e412d05e9a91dc14b44928b8f88e6e01f96bfbd3d9a6637c33e8cf5d02dddb038cbd8dba5dd0cc382debb31c66f8f7d6ce3f176b2a6873e

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/logs/log.txt
    Filesize

    223B

    MD5

    eb541a19f9f82ad76ef9aa7d0d720df2

    SHA1

    940c9cf58fe4c8e33bdc9c4b4d76b264a5b36271

    SHA256

    6c5c84225db8bb8832b39c8b990c1d9da15aea47cf2eeea0060b54c100bada4b

    SHA512

    d97bb97166ab74253e1171791c74b27e0196024c5705db74ad9b340e49cf2f7e057669eac449f8e3d6791cfe870b543c549abda64fdec88171f1b719007768ef

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt
    Filesize

    46KB

    MD5

    e64c42a444cd46d4587726940d1a4d2d

    SHA1

    ed28522feda8b1ae63c91378753f442ea7a3bec4

    SHA256

    6626314fcb6c0fae4ebb542c4f53222126c35c4031ee13d795a79252ddd4d989

    SHA512

    fec03ac074e35efbd523780a44e1d9ddffec11eab344037ef3c728c888140e3b91caf3494a896e3f3bbbc5709372c531cb6d4dcff9054627f64b334fd65c036c

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt
    Filesize

    92KB

    MD5

    e9939b7c1d1fc5f6495dc46a6e723fc3

    SHA1

    ed2b7c144fb11f95864c42b01529bf04a52bcd39

    SHA256

    a0e50519b9c741bcadb50e1a3a7155aa7486adf142d60316bfd3ec5d1a5a3498

    SHA512

    cbc509b29c684b87295624f8bd95a507f7207fdd7f92e16920c7277d9f58a9b80b68e9f559766aad0a7ba34b9712554bad5e1567c7fa391a2ac7d566fb1defc0

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt
    Filesize

    139KB

    MD5

    c099329aa4005da6e36edb08d6c38423

    SHA1

    9416ff78bab043d13fa10b5a4b14b1a01dfb026e

    SHA256

    a7203472a11fe9ae0244fd17734a41e2d9986afdc30ae8ef6cb7e509329fb350

    SHA512

    8e9e3fd4a429a31f5c346bdeea1e75cc7c681411965d2e9ca7080e0da61621fe8005fcf1db07b9463757572d35b8fc503725016310a9b98eb3c407088d1aab79

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt
    Filesize

    185KB

    MD5

    b8430b6dd264f1d3ef108b0f5a0da6fb

    SHA1

    114141cb3b89ed67fdb5a28f628dc2ed40d27b0b

    SHA256

    2bec0d4327165eaf39d712c5b6227135180dd51986acaad0aad77f08761a3023

    SHA512

    ec7fe3eb5d638564b0672c252621675b08b960992958b00725693d718596fad36bb57536664b9625856c4c9832100f78a8cb85127099590700f99fde4aacfe04

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt
    Filesize

    232KB

    MD5

    3d03ac440c0dec920fc155676cdd0b5e

    SHA1

    317b7ab97a2e3585b629b333ab41fc5971f8f206

    SHA256

    536b00024647a1f4e72ef91d231456a4db5695c13753b8acc1b8da072b166722

    SHA512

    153a4d68d6845a7b54f7a50160eddb9f7d1505b3e7f2397d8397b656d2451e4aba0690673bd79c4b5eb8abf5f301f209de3b65b2680482d30bdd615acff7cdbf

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt
    Filesize

    464KB

    MD5

    7a5f6b895cce8e41f64b2f93668edb8c

    SHA1

    a21d808961f6adbe874011be809ab96227b0d6d0

    SHA256

    de7219d96aa1217daca070414b79162d9cec1bf6dc776ac60847cb09c2eac2f2

    SHA512

    ba395a6899d336260273417068c67f11847659013372953897bdeaba112b4d876aa26523d4cdb3c6a1815a2b0771d51c0066f1a84c33886f759a7766d706b5e2

    Download Submit

  • /storage/emulated/0/Android/data/pekers.car413.qui/cache/records/com.android.settings_2024-10-21-05-57-50.txt.zip
    Filesize

    15KB

    MD5

    f26020047504f122e6c6accc7e56c5ac

    SHA1

    374e5d3fa0b320a73226f4c43161c40c2b9e361f

    SHA256

    d769c4e23f7da210f074819bf8fc5a0d8b772705c58ffd3267dadf7d0ddb2fa3

    SHA512

    eb4dd0b81c98b6e532c9f2fa18025a8094f53b5fdf8298528102a38d1107d880629cfec653f618dc41ae2a9a2e8f7e900ba648f287d4f9b94fe5bfa625a0212c

    Download Submit