trickmo | 81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804

Analysis

max time kernel
126s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
24/02/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

deper.apk
Size

7.0MB
MD5

29759b117a6ecbb109eb13b61eacc875
SHA1

e43ca6077982d51cac30cd400c667e9f49265945
SHA256

b35d3b94968603813ae26c35442b7d254c4d670aa299cb7439f083d46ff50bc9
SHA512

a21c4265b91fecc60886c3ebe48c47dd15890b6f451e4450e3ba2cc8ba595b3d2f4d8ef4864883d41cef65217f44e2d6a5d34df4bba69832ff77e0413673c0be
SSDEEP

196608:WJnJLjXIH/aMTuMkqM6rwii11a6mOt9XkRsCA/gex:EJv2aMT4qM0wiG15mOfis94ex

Score

10^/10

trickmo banker collection credential_access defense_evasion evasion execution impact infostealer persistence trojan

Malware Config

Extracted

Family

trickmo

http://regtoyou.com/amvgaghabjvlamkmms

Signatures

TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
trojan infostealer banker trickmo
Trickmo family
trickmo

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/anen.perd715.lia/app_south/oT.json	4597	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex	4597	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex	4597	anen.perd715.lia
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex	4597	anen.perd715.lia

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	anen.perd715.lia

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	anen.perd715.lia

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	anen.perd715.lia

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	anen.perd715.lia

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	anen.perd715.lia

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	anen.perd715.lia

anen.perd715.lia
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4597

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/anen.perd715.lia/app_south/oT.json

Filesize
4.9MB

MD5
df041a8b4b8be53cfcc72536c6d96a92

SHA1
489c40b44337ec4734e6cb9c90b82e62725f8ef2

SHA256
37ddcf18c9c2b6f9985027831046eee204c33e2ecb629d4495acfdd95b0497c6

SHA512
4600203722bd25cbef3a9f3810230f9f57ff54cf424c773ea433d11a489d875a0367b8ed724a03a5731e41a3fb62badc6b4bc9d1a96cf2a61395aa76627db1ac

Download Submit
/data/data/anen.perd715.lia/app_south/oT.json

Filesize
4.9MB

MD5
5689572b41191ff3f4bfc5b9bdd86733

SHA1
21f9eb38562b198ef29663f900c1fe092b535b0e

SHA256
49bff12769e22bbfe99d4a369ab3b7e20ed2b7b6783a1585c2bb551b28e202e8

SHA512
94a058a2d53f5ba59317eac25bb295b12ad4159f484322cef203dd4413a5b474bfee5536e4a9e185484d76a6ad4ac5bd51b12656dc77f3846eb7427179a1a2ab

Download Submit
/data/data/anen.perd715.lia/cache/clicker.json

Filesize
17KB

MD5
d780f836fe54e51872bf31220a4dcb77

SHA1
5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

SHA256
32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

SHA512
62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

Download Submit
/data/data/anen.perd715.lia/databases/a

Filesize
20KB

MD5
57baf3e42a94e8dd82e267b2f0619330

SHA1
76512dd29fbaf3cfd2efeae0ac2ab5108b81af19

SHA256
49a98902c1ffb97354f0e8f0f9208b84dfabaa826635f6ade1fc782169a3ec7c

SHA512
227f9d10a39fb0d8ae0a562e3b983fde44de62b3dbcd577172451e0e1f669e5721ba653c324af7c4d022032edd951cc417805a4eeafd5e84f28d378b9126a690

Download Submit
/data/data/anen.perd715.lia/databases/a-journal

Filesize
512B

MD5
65a94dacea1a63c37e5e8d5b363460d3

SHA1
7e61e479e1ea3c455a69b0e246e10f1b4bc924f2

SHA256
e1882e9a443977be0b00e398fc8832d5c9c8dfff35c18165c4efd9c53d2e9302

SHA512
f65b35665354d87c07dad721bf4576d601b028f4e20ea5a82458bc21595ed7872273ea607669ecd53696dbba5938ddffed5fbf74b139953928d64d196c60954e

Download Submit
/data/data/anen.perd715.lia/databases/a-journal

Filesize
8KB

MD5
41a10c4dcbde5ee7bd95579a1f266792

SHA1
ca7aaf1823966a58f296d85d1e27afb4c3009840

SHA256
e7ff7df091d62ff97783ab7e0b4425afa32fe73a3d017dc6b7ab6f81b3e87c58

SHA512
94f75796e398d4af54b00d43bbd8b4c5e9741c373ac3c2e63f45ba21a46b725473c49812904355564655b232f5d47e203004e8bfeb3264da6441c44395072e28

Download Submit
/data/data/anen.perd715.lia/databases/a-journal

Filesize
8KB

MD5
007a79360321350b95db2dfdfd555968

SHA1
175a39542b26794b42e7f1b668be31cd86ba89b1

SHA256
f8b8281cb59b3c566319df3a57a834339f3d2696c32cde62bdd84beba5c75cc0

SHA512
7f4b6591ef14c9268d01ee8709593d0a78f8e5fe6e75311107edb22a66562772d8a0d9674bbe6ab52909595d23af91dd551789eb1a223bd698e0fdac12e71b3e

Download Submit
/data/data/anen.perd715.lia/files/anen.perd715.lia

Filesize
256B

MD5
acea3246a31835bc6df0413f0120adbe

SHA1
0dcf0d16270e30efb6c2a1a53315d6922df8e98c

SHA256
9c08af60a7a0c5ca9afc8398b86bd91497eaba2961528eeadf1c7ba1081e3900

SHA512
bda4c8111410004f078d724163c18ec0f4c20c6d51ea92e37aed33b14ad5aa26b4466429efd39def78bd062812d37cb34446763c86845bc52940318ea90ed6ca

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
47ae682e192bb4543347840c4fc81974

SHA1
f98827d519ed79c5d6ee03f5df22ca40740d872e

SHA256
532d7264a4fee82914f74795d2faba3da87eaf9b3b1ea186228f622c503f14fd

SHA512
87b4158360c553ebdf3f41fd1ac0c873d259b137ff9e11202584427f402e6cd297385fadbe6b2a2b27a0dde94d66cf102dec4044505a35ab6fe1a8556dffc96e

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
9b08c83b2fa9c52494c8d012121aec45

SHA1
0f9378845c3647369109123ab5c357006b5c1ece

SHA256
6bc703c6d68c073605933d0e32cac03daf18e65b03422e55a125e7c3cdb72456

SHA512
0066ef7743e6c35cd818a3c31eef3503737ddcba800a1450c3b5c595ae9265bf365c70990df7f0c83032450becec591f779b84c8759b738997283ac5ef926f3c

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
db1b614a0e8cc0f6fbf0a489d4d14796

SHA1
3f2efb4c334fd1cfcd96a9a7538e9cebba89cd76

SHA256
04320b3ed52b5c98d295ae90a650327ceb3c9da1c7de1245fb3e0e928d75eb35

SHA512
a37cab23aa1b1a9205266a4169f931c605458b1cdf4af1cb7b44c147d127a4492e968e1eaf53afcfe6b571848a3884d7c410d9538a01f72094932ba7ce171886

Download Submit
/data/data/anen.perd715.lia/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b8e0b508592c63e3402382e7655ec4a9

SHA1
a7454f4906199a3fc93fabf2049bfcb685f003c5

SHA256
bfaf174cd56031b8cd1e50f16595bb17b4acee9c15f06109cfaab166368041b9

SHA512
77f28e9fb976b0831d60fc5e5ea90a426e8643415137fe33a0fbcb468752378d30b0ca7655e51a79dcba2ce4c76eba633d3c0c2758d88eaeb2e128156368ee7e

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json

Filesize
10.9MB

MD5
35d4cda95e19e9be467673c78e1e2fa2

SHA1
3868d4dda794c360f57ba650c332b39ce5c68d8e

SHA256
6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

SHA512
577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes2.dex

Filesize
308KB

MD5
5e8b8d85e4b5abf31857c6618050164e

SHA1
e9c800a10f757e519187af91dc443734a1d538f5

SHA256
6f8a442a4a28ce83261fd78fb45cf3d1e129b5055fb15f55b07135e9dbf326b8

SHA512
ba5eb4209cad4d7208df6508b6f895bc17afcea33bb61fcfbfb273a68bf6ba2caab7bf022882f609de826efaceb8ae2cbdb3cc900c6ed9dd2616ec18b8d239a0

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes3.dex

Filesize
265KB

MD5
f8d81c318c06e43a94f0c0408dcfa62b

SHA1
fba0a337aa78cbc76d4dc67d39afb6008d512f8b

SHA256
57f3c23be7d15bc7593643e92a13aa631bc86d60a29939d3c04370059287c616

SHA512
5421d7bee46dbfa37d886f8baf16822536cc46236034575d3f93d25687c57c116403244eb294f44212df2b1436ca9129f9d743626fa02d12f90ba6195a61d97a

Download Submit
/data/user/0/anen.perd715.lia/app_south/oT.json!classes4.dex

Filesize
1.7MB

MD5
30465152db261852e3a226a666ec4304

SHA1
442a188e07db85653022734d0a8537d4312aef38

SHA256
c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

SHA512
3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

Download Submit
/storage/emulated/0/Android/data/anen.perd715.lia/cache/logs/log.txt

Filesize
83B

MD5
10abc0120875e0bacc1f9501306a128a

SHA1
fc48fa8f0c29bc27084e7c0d5bbaf89d8561535d

SHA256
27605912b3d592c684e2e92af2a76c3ef46830e75efddf0f4be513585f999e9b

SHA512
dcc91b7d1f3a9287d5b9c745563d1c2730a1e3be52da78a0f14765c6f2b3f11a30c11424042648e93c57975be09e658f00157f8c16ffd3855c5f5dab1c31e5f7

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads