trickmo | 81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804

Analysis

max time kernel
128s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24/02/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

deper.apk
Size

7.0MB
MD5

29759b117a6ecbb109eb13b61eacc875
SHA1

e43ca6077982d51cac30cd400c667e9f49265945
SHA256

b35d3b94968603813ae26c35442b7d254c4d670aa299cb7439f083d46ff50bc9
SHA512

a21c4265b91fecc60886c3ebe48c47dd15890b6f451e4450e3ba2cc8ba595b3d2f4d8ef4864883d41cef65217f44e2d6a5d34df4bba69832ff77e0413673c0be
SSDEEP

196608:WJnJLjXIH/aMTuMkqM6rwii11a6mOt9XkRsCA/gex:EJv2aMT4qM0wiG15mOfis94ex

Score

10^/10

trickmo banker collection credential_access defense_evasion discovery evasion execution impact infostealer persistence trojan

Malware Config

Extracted

Family

trickmo

http://regtoyou.com/amvgaghabjvlamkmms

Signatures

TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
trojan infostealer banker trickmo
Trickmo family
trickmo

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/anen.perd715.lia/app_south/oT.json	4274	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/anen.perd715.lia/app_south/oT.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/anen.perd715.lia/app_south/oat/x86/oT.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex	4274	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/anen.perd715.lia/app_south/oT.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/anen.perd715.lia/app_south/oat/x86/oT.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex	4274	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/anen.perd715.lia/app_south/oT.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/anen.perd715.lia/app_south/oat/x86/oT.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex	4274	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/anen.perd715.lia/app_south/oT.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/anen.perd715.lia/app_south/oat/x86/oT.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/anen.perd715.lia/app_south/oT.json	4248	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex	4248	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex	4248	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex	4248	anen.perd715.lia

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	anen.perd715.lia

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	anen.perd715.lia

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	anen.perd715.lia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	anen.perd715.lia

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	anen.perd715.lia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	anen.perd715.lia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	anen.perd715.lia

anen.perd715.lia
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4248
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/anen.perd715.lia/app_south/oT.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/anen.perd715.lia/app_south/oat/x86/oT.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4274

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/anen.perd715.lia/app_south/oT.json

Filesize
4.9MB

MD5
df041a8b4b8be53cfcc72536c6d96a92

SHA1
489c40b44337ec4734e6cb9c90b82e62725f8ef2

SHA256
37ddcf18c9c2b6f9985027831046eee204c33e2ecb629d4495acfdd95b0497c6

SHA512
4600203722bd25cbef3a9f3810230f9f57ff54cf424c773ea433d11a489d875a0367b8ed724a03a5731e41a3fb62badc6b4bc9d1a96cf2a61395aa76627db1ac

Download Submit
/data/data/anen.perd715.lia/app_south/oT.json

Filesize
4.9MB

MD5
5689572b41191ff3f4bfc5b9bdd86733

SHA1
21f9eb38562b198ef29663f900c1fe092b535b0e

SHA256
49bff12769e22bbfe99d4a369ab3b7e20ed2b7b6783a1585c2bb551b28e202e8

SHA512
94a058a2d53f5ba59317eac25bb295b12ad4159f484322cef203dd4413a5b474bfee5536e4a9e185484d76a6ad4ac5bd51b12656dc77f3846eb7427179a1a2ab

Download Submit
/data/data/anen.perd715.lia/cache/clicker.json

Filesize
17KB

MD5
d780f836fe54e51872bf31220a4dcb77

SHA1
5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

SHA256
32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

SHA512
62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

Download Submit
/data/data/anen.perd715.lia/databases/a-journal

Filesize
512B

MD5
b8c39c24144cc556c81d84211461896b

SHA1
346d2273cf14cb67623d53197fe22fbafa15f4f2

SHA256
761bed12609078da4f720fc8ab43e02859eef9cce3513045af8088d7114fceb5

SHA512
7acb878fce8880aff3f82b0fe7b4ed6de88b3eb5ebba736da17e4f7c61fca4849cc1bea1593c4d21b7e4e11b3d1cf746ec0759ca00eeaa4aa91f9f218cdf53f3

Download Submit
/data/data/anen.perd715.lia/databases/a-wal

Filesize
32KB

MD5
66550e505df2257b89481868d9347387

SHA1
7e9155ab3bfeecdef35538081e6e15bf89e143e3

SHA256
f5775568d7bdc445849bf42e15af3ef991f3291d39f73d229917368fa69742b6

SHA512
e939e97f6b79dd54b5f191a9bf819a415458bd9107d18e0288fae4852519c6524f59b9bed1d261dfcaeaf1578fd86376aa435734ba1c6bca11891f80ee99a864

Download Submit
/data/data/anen.perd715.lia/files/anen.perd715.lia

Filesize
256B

MD5
81929a5caa7cd2cdf95b6af68593408a

SHA1
c8da9ada8d7139571555cda42ef992cd2973397e

SHA256
fe2e3d0282417245730de0eb77c197d83656d63e1fa486152c54f0739cbfcfb4

SHA512
1769b3eab34464f9a965123eb1961f6799eb8ee68c6441e9928633e07cf5523a07f908f62f11c50a9597d9ae33e5b16bbbaba98ec1d18f199db100e8542c89de

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
13014099689dfe838aa8d6aaf12ee84d

SHA1
0192779aa3e15e2d3160e2ae1dc22d1bed491f9e

SHA256
4545fb06d8e01561f22e27e978e7d1da92bf3fe098b589cd875678b0756ea5d4

SHA512
349e2dcddfb4fe57818060c6d0586ad09da0a328ac37f55e4443365d4ff584b79ebb4709676711c785f72f15731766158cf84d1f205cdf4fae4a2c13ebfcbc0f

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
29bd5a0bf73d3fb0f72ecbad7621869f

SHA1
f505d34c1f9a083bd82f8efaf4f6c96f7c813cb2

SHA256
dcaa0deb85fb2d3517ef2cb929505ed049c4d0b87f12c1c0b75c05e99f3d7405

SHA512
3f97db798b6ac0ae12ffe2cd9afa3da2fdea8fc83087ed184c20f42baaf1f88e46ac11b2d519bcce2d87a032124a7fa51c9ea76533334a394887d5898bdf64d3

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
b91a36fb9abe11cdf065662016626043

SHA1
e4b8e858c8e32efcbe2c4ae7dfba61464b65c58b

SHA256
3f3b095ed9f932bad0aefcf4ea1b0b0014eb2a39187c9d2f4a9370e4593d3a43

SHA512
95260d43e292e0b125f3b9a953645c7e64d57e748041b07d786ee13db803f9bc043de683d27d57dd39eefa40b26e2d0628d273bdcac846ab2792f249e41d8760

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
272ce063c65ea1359b00be50bc0fc9ff

SHA1
555f84cf7f655a3c2dc8c156580f004acad3c7cf

SHA256
f81e988a15208492fa18d60ee372984545d0d4dfcd2408bca4694f8862c9d77a

SHA512
8795b20b6f730a858ffa534d716ec298874dcf99432d3c484f3403034300f0c3ccdb07106293a340267979613b7ba2268b3c3790687da793618f0648b6859560

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json

Filesize
10.9MB

MD5
35d4cda95e19e9be467673c78e1e2fa2

SHA1
3868d4dda794c360f57ba650c332b39ce5c68d8e

SHA256
6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

SHA512
577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex

Filesize
308KB

MD5
5e8b8d85e4b5abf31857c6618050164e

SHA1
e9c800a10f757e519187af91dc443734a1d538f5

SHA256
6f8a442a4a28ce83261fd78fb45cf3d1e129b5055fb15f55b07135e9dbf326b8

SHA512
ba5eb4209cad4d7208df6508b6f895bc17afcea33bb61fcfbfb273a68bf6ba2caab7bf022882f609de826efaceb8ae2cbdb3cc900c6ed9dd2616ec18b8d239a0

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex

Filesize
265KB

MD5
f8d81c318c06e43a94f0c0408dcfa62b

SHA1
fba0a337aa78cbc76d4dc67d39afb6008d512f8b

SHA256
57f3c23be7d15bc7593643e92a13aa631bc86d60a29939d3c04370059287c616

SHA512
5421d7bee46dbfa37d886f8baf16822536cc46236034575d3f93d25687c57c116403244eb294f44212df2b1436ca9129f9d743626fa02d12f90ba6195a61d97a

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex

Filesize
1.7MB

MD5
30465152db261852e3a226a666ec4304

SHA1
442a188e07db85653022734d0a8537d4312aef38

SHA256
c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

SHA512
3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

Download Submit
/storage/emulated/0/Android/data/anen.perd715.lia/cache/logs/log.txt

Filesize
83B

MD5
c00a5852d7827befdfe356b0372ffb28

SHA1
557c7428e3b86553e1fde93ebfcf60a5e3c632ab

SHA256
5a7e1efd56061f3abf921935e91ffd1b3922d4073bad1d7bede4666b8ad2d1e6

SHA512
4223673b61d40b0d6e1cb14de4f3682fb544f2ce08da511e1bc2ea0fe0b78306f338bee46f302796b034b67398b0321168f5ae83dd6338a87b716df3e7c83635

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads