Extracted

• • Target

    353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372

  • Size

    11.9MB

  • MD5

    c100cda619b394ecf318e3d80556888b

  • SHA1

    9bf027d77c6f45d3c2584328632904305954b168

  • SHA256

    353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372

  • SHA512

    20fcd9cabf26ed23ade2a8484f05ba8e74c80dce05aeb7e0d0671084c19e4d3e19bbf6e36efdc60248f34aee33c95960ad214d82c926cdb78485c89fd235eb7a

  • SSDEEP

    196608:bGEVF4vuZsY95KB7cpKlpCROxCadC4eLdG/CSsz61IPXNS5MNVPgoba4843C:bxL4mZXWcpKWV4YdoCleIvNSqNVPbe4y

  Score

  7^/10

  evasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2behavioral3

• • Target

    deper.apk

  • Size

    8.1MB

  • MD5

    720c616bd3e4f7fadde344194a5cd7a4

  • SHA1

    001fea85badda450146082038c6a5ce8b9878fd2

  • SHA256

    42009a836376a2ca77ca8fc1dad73eca3634df7b6c5ac2091ee0ea53661dd725

  • SHA512

    282e2a9256318201caeeff668f4fcd1e93bae0b63d708ac99fb267369299b4b128338b727d55f2d7ef3460295b75e3be0dbd0710beca4c3d5bfdc9bc166ffd3e

  • SSDEEP

    196608:lyiCDijCX0oAES/KCmxU7UBnBsXmpF56Wf2GGUTx:q6dE8KRgUFBs2pF5bYUTx

  Score

  10^/10

  trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo

  • Trickmo family

    trickmo

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    defense_evasion

  • Listens for changes in the sensor environment (might be used to detect emulation)

    defense_evasion
  behavioral4behavioral5behavioral6