trickmo | 81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804

Analysis

max time kernel
6s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24/02/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

deper.apk
Size

7.0MB
MD5

29759b117a6ecbb109eb13b61eacc875
SHA1

e43ca6077982d51cac30cd400c667e9f49265945
SHA256

b35d3b94968603813ae26c35442b7d254c4d670aa299cb7439f083d46ff50bc9
SHA512

a21c4265b91fecc60886c3ebe48c47dd15890b6f451e4450e3ba2cc8ba595b3d2f4d8ef4864883d41cef65217f44e2d6a5d34df4bba69832ff77e0413673c0be
SSDEEP

196608:WJnJLjXIH/aMTuMkqM6rwii11a6mOt9XkRsCA/gex:EJv2aMT4qM0wiG15mOfis94ex

Score

10^/10

trickmo banker evasion infostealer trojan

Malware Config

Extracted

Family

trickmo

http://regtoyou.com/amvgaghabjvlamkmms

Signatures

TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
trojan infostealer banker trickmo
Trickmo family
trickmo

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/anen.perd715.lia/app_south/oT.json	4922	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex	4922	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex	4922	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex	4922	anen.perd715.lia

anen.perd715.lia
1⤵
- Loads dropped Dex/Jar
PID:4922

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/anen.perd715.lia/app_south/oT.json

Filesize
4.9MB

MD5
df041a8b4b8be53cfcc72536c6d96a92

SHA1
489c40b44337ec4734e6cb9c90b82e62725f8ef2

SHA256
37ddcf18c9c2b6f9985027831046eee204c33e2ecb629d4495acfdd95b0497c6

SHA512
4600203722bd25cbef3a9f3810230f9f57ff54cf424c773ea433d11a489d875a0367b8ed724a03a5731e41a3fb62badc6b4bc9d1a96cf2a61395aa76627db1ac

Download Submit
/data/data/anen.perd715.lia/app_south/oT.json

Filesize
4.9MB

MD5
5689572b41191ff3f4bfc5b9bdd86733

SHA1
21f9eb38562b198ef29663f900c1fe092b535b0e

SHA256
49bff12769e22bbfe99d4a369ab3b7e20ed2b7b6783a1585c2bb551b28e202e8

SHA512
94a058a2d53f5ba59317eac25bb295b12ad4159f484322cef203dd4413a5b474bfee5536e4a9e185484d76a6ad4ac5bd51b12656dc77f3846eb7427179a1a2ab

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json

Filesize
10.9MB

MD5
35d4cda95e19e9be467673c78e1e2fa2

SHA1
3868d4dda794c360f57ba650c332b39ce5c68d8e

SHA256
6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

SHA512
577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex

Filesize
308KB

MD5
5e8b8d85e4b5abf31857c6618050164e

SHA1
e9c800a10f757e519187af91dc443734a1d538f5

SHA256
6f8a442a4a28ce83261fd78fb45cf3d1e129b5055fb15f55b07135e9dbf326b8

SHA512
ba5eb4209cad4d7208df6508b6f895bc17afcea33bb61fcfbfb273a68bf6ba2caab7bf022882f609de826efaceb8ae2cbdb3cc900c6ed9dd2616ec18b8d239a0

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex

Filesize
265KB

MD5
f8d81c318c06e43a94f0c0408dcfa62b

SHA1
fba0a337aa78cbc76d4dc67d39afb6008d512f8b

SHA256
57f3c23be7d15bc7593643e92a13aa631bc86d60a29939d3c04370059287c616

SHA512
5421d7bee46dbfa37d886f8baf16822536cc46236034575d3f93d25687c57c116403244eb294f44212df2b1436ca9129f9d743626fa02d12f90ba6195a61d97a

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex

Filesize
1.7MB

MD5
30465152db261852e3a226a666ec4304

SHA1
442a188e07db85653022734d0a8537d4312aef38

SHA256
c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

SHA512
3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

Download Submit