Overview

overview

10

Static

static

6

4fcce7c445...9b.apk

android-9-x86

7

4fcce7c445...9b.apk

android-10-x64

7

4fcce7c445...9b.apk

android-11-x64

7

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Resubmissions

18/02/2025, 20:08 UTC

250218-ywn8bsxrc1 10

24/01/2025, 04:44 UTC

250124-fcwh7azqas 10

24/01/2025, 04:37 UTC

250124-e8zp2sznay 10

Analysis

  • max time kernel
    135s
  • max time network
    149s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    18/02/2025, 20:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    deper.apk

  • Size

    6.8MB

  • MD5

    2d34dbb4167ebb371e33f3ce700fdbc8

  • SHA1

    4a20849866f90262f9a0b2793f84cc7d5e057656

  • SHA256

    c00419b21d10a236b47b43bb1eed3dbc5298e471cf9616848a84da5baae8e611

  • SHA512

    20365af814427670ea62987e750657a04d03c509382abe655f87952d6794981e7811c0b7aa9dede998263c2e2a98c5c008848324c4e653eba77517fc6c7c034b

  • SSDEEP

    196608:Lh1ZR29n2MKoRk+bB5fKnQgO5SS4xx3Dajo:9BgnzRL5fKnQgkSl3Dajo

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://traktortany.org/c

Signatures

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo
  • Trickmo family
    trickmo
  • Loads dropped Dex/Jar 1 TTPs 8 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • lansa.sis722.sers
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4338
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/lansa.sis722.sers/app_cigar/dZxFW.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/lansa.sis722.sers/app_cigar/oat/x86/dZxFW.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4365

Network

  • flag-au
    DNS
    appassets.androidplatform.net
    Remote address:
    1.1.1.1:53
    Request
    appassets.androidplatform.net
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.201.110
  • 216.58.201.110:443
    tls, https
    915 B
     40 B
     1
    1
  • 216.58.201.110:443
    tls, https
    915 B
     40 B
     1
    1
  • 216.58.201.110:443
    tls, https
    915 B
     40 B
     1
    1
  • 216.58.201.110:443
    android.apis.google.com
    tls
    4.6kB
     8.8kB
     21
    22
  • 142.250.179.227:80
    260 B
     5
  • 142.250.179.228:80
    260 B
     5
  • 142.250.179.228:443
    tls
    135 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.9kB
     13
  • 1.1.1.1:53
    appassets.androidplatform.net
    dns
    75 B
     135 B
     1
    1

    DNS Request

    appassets.androidplatform.net

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.201.110

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/lansa.sis722.sers/app_cigar/dZxFW.json
    Filesize

    4.9MB

    MD5

    9f765bbbb28171e35f6f17ee95ebdb90

    SHA1

    7bfb941907bea2a41e20f38e31c07566d8d3f7ef

    SHA256

    c552d3c465661b4bf87bac3eeb7a9000569a5b19cdc05094713076b89a776c83

    SHA512

    144b72da338daa9b520d181934fc63f65165e8415085efeb1fbe32aee33ac1b35305d7040829c725300ce54342ddc62bbb601bfa2ad383da3b4007bb8760c4c5

    Download Submit

  • /data/data/lansa.sis722.sers/app_cigar/dZxFW.json
    Filesize

    4.9MB

    MD5

    cd652200aa24e4da945fcca01cf402ce

    SHA1

    ec15238d8fa5f5906b1725965bb5eaef3f977172

    SHA256

    6296249f78b601b6d29c26e49f59a99ba4074358d82e4229d1b0eb137bd03408

    SHA512

    7d4aa9255ba25ffe1b07cefdc0ca05daa13c12d22974c050b17ef83f07f49eebe62fd125e3f9ef96524c345e4882d6eade3220a4b2243ebeddfe63a5366aad9d

    Download Submit

  • /data/data/lansa.sis722.sers/cache/clicker.json
    Filesize

    20KB

    MD5

    e48ae2e98ea5b39dd12819b5cceb7dc3

    SHA1

    219af8ebe9bb26b76eaa53356a613e5fbb806dea

    SHA256

    6e954b8f3df47f2444f1877d8b714e7baa19a1fa4eeca749943eadee1661eac9

    SHA512

    443960bd2d2d0c9a57fd5d2bd75d7efe78071ece69f020260065ae0fffae70e5559c31476156fff62b7f24f4e72b953885a0ea1a858d9205d658e9738bb181a1

    Download Submit

  • /data/data/lansa.sis722.sers/databases/a-journal
    Filesize

    512B

    MD5

    794c9d95e7c9f762554acc2c4f8a4b93

    SHA1

    6eab4c0510367b4d913ee4d8e92014a71b959de4

    SHA256

    1d84f23ceadab6b0c8880f219515be80a89ef0d161e671f0d32f1a848f2e56db

    SHA512

    f60acd1e81ea5ba5fd8001e79b5fa36cfb8b20f5873fbe81c45be22586bb8cd7ebb62a61f2a57191cb0b56709426a0b6ef95a1bff4e422d28067d8ff8cce20b1

    Download Submit

  • /data/data/lansa.sis722.sers/databases/a-wal
    Filesize

    32KB

    MD5

    71782de91947cabb0d2d33c82106fde0

    SHA1

    769c375b30785869102cbb6f203d952f63f7bd2c

    SHA256

    56a195595914e18aedfdd173c65914ad6e971c129587cb54e9dfc12fcfbf8180

    SHA512

    fa8184ed8aeec1ee5cfb6e6f142cc28f1227092ab05d01821b16de2def3cd5677b1769c7c01630433efa42670fb8baafe8eee0087454b9b3caf7b0f7191e53fb

    Download Submit

  • /data/data/lansa.sis722.sers/files/lansa.sis722.sers
    Filesize

    256B

    MD5

    428696a01b421c5ca9df36a190042f10

    SHA1

    58695ab753e9377affbdc083da7cc4276e4ef463

    SHA256

    de38f95ddcbe7b3878c117e640cb31b52a986d19be3a8b60a5f6fbbd2a5c9460

    SHA512

    762d9985535dd5eaf2c12934a385ddf1ef1cee19bfce03bd33f06f3b073bf3016dbe72d5a27712f8253572e24046f29e48df8b1cc9182568aa5fcd11ba8a743d

    Download Submit

  • /data/data/lansa.sis722.sers/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/lansa.sis722.sers/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    422dc881c2cb350597c0443a8620137b

    SHA1

    d8b429f14ae562d28f3bcc9f9a4248620d7ca70f

    SHA256

    8d059d73e58a7ece3179c696c66e8f8dd8c37458a58cab403d329e622c7dee66

    SHA512

    c2fd29c720535ac6256c2ca5ae9287eff7e1a91649ca70c58220f9c26035202d2abfe7983ab2a1b4016c5d808510bfafe93d16efd08c9be3d3c24f42f782ebba

    Download Submit

  • /data/data/lansa.sis722.sers/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/lansa.sis722.sers/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    4e29a154771fb86d40012caac2490ffc

    SHA1

    38046804e2231f8e49ad403107bc9d8b5455458b

    SHA256

    25af66c3575f72bbcf027d2103f1884e234ea0d4e907799d8caf6ef6af91ee21

    SHA512

    e28e695614b8d8bdd80d4ec690a4f49b526d7d62c5b0a082de552f017eb05be77daa07eabf312004b88f5b8f899b9ef09a8f4cb9f1c9bdea15268b985534d784

    Download Submit

  • /data/data/lansa.sis722.sers/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    1b4e6ca4e0bb26bd4a2b541c9ef4f042

    SHA1

    10dce5d5b74e95e06d004c59237292289e6a28f0

    SHA256

    b20479579ef0b4aadb79dc5c657b32ad4f3f840b4a7e97f1e91bc3ce7e3ef4f7

    SHA512

    b7180df257f1d168cd09a705d8e11f1d45fdf1f81bba102c4db9f276412c8b1a3ab95a06bdee9bb197e8a0a8f4b103e97d9918af5ae6543871a846dd294da90e

    Download Submit

  • /data/data/lansa.sis722.sers/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    097e8d3e672ef8da30f7c6985c735725

    SHA1

    3585393bf64b96d8a25c60ef0a827bd8e6eef922

    SHA256

    9799053af57382a775ce763a48171e85d389c29978d17d891c4964bf202113a0

    SHA512

    b88230ecd569969c36b6f48839f7488ca6b9a4600ad22601f0ea2afe44c15d02090c3d9fd7ee3eb9552f2de1d3fce2d905ba0d95e2780efc6af55c1a03528f7d

    Download Submit

  • /data/user/0/lansa.sis722.sers/app_cigar/dZxFW.json
    Filesize

    10.9MB

    MD5

    35d4cda95e19e9be467673c78e1e2fa2

    SHA1

    3868d4dda794c360f57ba650c332b39ce5c68d8e

    SHA256

    6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

    SHA512

    577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

    Download Submit

  • /data/user/0/lansa.sis722.sers/app_cigar/dZxFW.json!classes2.dex
    Filesize

    308KB

    MD5

    5e58845043089ee3b37392fec0f23992

    SHA1

    5e8290a1e9b734ae423aaa5f49bef8041545ebbc

    SHA256

    ad60aece05f500cada31b766831e2fa87aaf6fba58b9dca20c9152f16605faba

    SHA512

    84387a9add5b7ea6220ecfab5773b62d9d0db6ebce799f5a090817a04d0862158e1acafccabbe99bc2dc7abb30b5ade111bd6b4769ef929f3d57e962bcb656a3

    Download Submit

  • /data/user/0/lansa.sis722.sers/app_cigar/dZxFW.json!classes3.dex
    Filesize

    265KB

    MD5

    cc92d248d0c568e5351842d103bce7a9

    SHA1

    1d4950fe500f0789ca77fa4858ab8ebc3cb2441f

    SHA256

    0201c5566b578cf5ec8237dc7970a5a3b63afd2e035d8e94ee82230c8a2a691d

    SHA512

    a49aa848d7544e20d33de320faf7169c82669438394d861814fb832d8984fafe86c955484654d55cff7d5ff45e0c60d09b7b6e7c4602ef8ef312c0cafbacdfa7

    Download Submit

  • /data/user/0/lansa.sis722.sers/app_cigar/dZxFW.json!classes4.dex
    Filesize

    1.7MB

    MD5

    30465152db261852e3a226a666ec4304

    SHA1

    442a188e07db85653022734d0a8537d4312aef38

    SHA256

    c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

    SHA512

    3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

    Download Submit

  • /storage/emulated/0/Android/data/lansa.sis722.sers/cache/logs/log.txt
    Filesize

    83B

    MD5

    15814740ed2a09c02404484a7ad9859b

    SHA1

    c2696facdd354101133982c922ea9b35bcdb0386

    SHA256

    19b9e6905ee6ef597403878defc24f4d673e14e4e17af018404e0b302e995a40

    SHA512

    b6443d0435ef6c5e216d6dcddd4d4d210dee51fb7580d947695c4ec63fd2b1e8f57eeeb61fee79e2ba22468c591b8059d2171a636845f9327afb05924bb712d4

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.