Extracted

• • Target

    cfa37c111d5d86aa348a8411c39fe1c54034c437a5c15777a42638c6a9d03eb0.apk

  • Size

    8.1MB

  • MD5

    c889e75eb26de5a53531ca1d799a777e

  • SHA1

    4c9ae2c8bc9a2bc02926ee2a9a49730881907a69

  • SHA256

    cfa37c111d5d86aa348a8411c39fe1c54034c437a5c15777a42638c6a9d03eb0

  • SHA512

    cbe94441f6ea06b1c9c9de0933e9755d3ac7deb3197d795570cde4d0680c87f25c8c3e34c189a8b8d898b8afa9140093dfbf731852cbc6bf02cfc03c00bd5941

  • SSDEEP

    196608:5erveQWOfAMidD+traG/iYVS9MEY2HWv7ecSb5xW:47eQqMidD+hjpVSe/2Uu2

  Score

  10^/10

  trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo

  • Trickmo family

    trickmo

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    defense_evasion

  • Requests enabling of the accessibility settings.

  • Listens for changes in the sensor environment (might be used to detect emulation)

    defense_evasion
  behavioral1behavioral2behavioral3