Extracted

• • Target

    4fcce7c445d89d7de943ec0e0c2fc285d4b25a67950ad7d6bcb50dbcbc4ac29b.apk

  • Size

    10.5MB

  • MD5

    8ebf4bdf9326073fa0577a2e1950e1af

  • SHA1

    7a30345f421c243cbef4dd42d60f5de45b99d580

  • SHA256

    4fcce7c445d89d7de943ec0e0c2fc285d4b25a67950ad7d6bcb50dbcbc4ac29b

  • SHA512

    006dd16eee88a56657bafed02d5585d8a04bc98139249f9fb0553382d284a23546071f3bff9e39881150d0ba802f92ac26b1fbd8fb6c5b20f1a6cd6301e40243

  • SSDEEP

    196608:3wGdnljZ/MLUBwiwOYTR8dhTVKZZRa+6Gz4+bpRdS388yngsaFf/FYd9r:3VRRZvai3YOBkRTz/RdS3886gl/FYdF

  Score

  7^/10

  evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Declares broadcast receivers with permission to handle system events

  • Declares services with permission to bind to the system

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests dangerous framework permissions

  behavioral1behavioral2behavioral3

• • Target

    deper.apk

  • Size

    6.8MB

  • MD5

    2d34dbb4167ebb371e33f3ce700fdbc8

  • SHA1

    4a20849866f90262f9a0b2793f84cc7d5e057656

  • SHA256

    c00419b21d10a236b47b43bb1eed3dbc5298e471cf9616848a84da5baae8e611

  • SHA512

    20365af814427670ea62987e750657a04d03c509382abe655f87952d6794981e7811c0b7aa9dede998263c2e2a98c5c008848324c4e653eba77517fc6c7c034b

  • SSDEEP

    196608:Lh1ZR29n2MKoRk+bB5fKnQgO5SS4xx3Dajo:9BgnzRL5fKnQgkSl3Dajo

  Score

  10^/10

  trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo

  • Trickmo family

    trickmo

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Listens for changes in the sensor environment (might be used to detect emulation)

    defense_evasion
  behavioral4behavioral5behavioral6