Overview

overview

10

Static

static

6

353e47a046...72.apk

android-9-x86

7

353e47a046...72.apk

android-10-x64

7

353e47a046...72.apk

android-11-x64

1

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    21/03/2025, 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    deper.apk

  • Size

    8.1MB

  • MD5

    720c616bd3e4f7fadde344194a5cd7a4

  • SHA1

    001fea85badda450146082038c6a5ce8b9878fd2

  • SHA256

    42009a836376a2ca77ca8fc1dad73eca3634df7b6c5ac2091ee0ea53661dd725

  • SHA512

    282e2a9256318201caeeff668f4fcd1e93bae0b63d708ac99fb267369299b4b128338b727d55f2d7ef3460295b75e3be0dbd0710beca4c3d5bfdc9bc166ffd3e

  • SSDEEP

    196608:lyiCDijCX0oAES/KCmxU7UBnBsXmpF56Wf2GGUTx:q6dE8KRgUFBs2pF5bYUTx

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://mikejprdanorg.com/c

Signatures

Processes

  • landtual.pomf70.ta
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4799

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

2
T1628

User Evasion

2
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/landtual.pomf70.ta/app_suggest/EdZ.json
    Filesize

    4.9MB

    MD5

    7eda39fb990a24bac58f5d6e955ee667

    SHA1

    e90608e181ac701ddf0b7898a588a4788d62a2f3

    SHA256

    e1ac88df0be2b14ff34eab4e9150fcb075987e47cc3bc8b4660d5c7e43f5b328

    SHA512

    ce741115cc895767eba73712ca5bc82416cd16226a666611a623f1b4c876d19472c01289842ecaf74528763b8d8a61149fcca67da138b31cf42cf99b1ae5dee4

    Download Submit

  • /data/data/landtual.pomf70.ta/app_suggest/EdZ.json
    Filesize

    4.9MB

    MD5

    73b51fb51a7c1838642325dd9aa03732

    SHA1

    f1963286c4e4fae80593fa5555613bfce95c9f51

    SHA256

    a612724a99d62d5bce2470e91cb7d114ff90dea5c722fad0559eb3ab310b80cb

    SHA512

    c0d2201da10c0817b608c881263557432c88864fb97c5ce67d2d7ab7a257f3f7ca979555eaac33322c96e09f08ea1ed002c0ada0f624864ae01c7dd37f5141cf

    Download Submit

  • /data/data/landtual.pomf70.ta/cache/clicker.json
    Filesize

    17KB

    MD5

    d780f836fe54e51872bf31220a4dcb77

    SHA1

    5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

    SHA256

    32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

    SHA512

    62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

    Download Submit

  • /data/data/landtual.pomf70.ta/databases/a
    Filesize

    20KB

    MD5

    57baf3e42a94e8dd82e267b2f0619330

    SHA1

    76512dd29fbaf3cfd2efeae0ac2ab5108b81af19

    SHA256

    49a98902c1ffb97354f0e8f0f9208b84dfabaa826635f6ade1fc782169a3ec7c

    SHA512

    227f9d10a39fb0d8ae0a562e3b983fde44de62b3dbcd577172451e0e1f669e5721ba653c324af7c4d022032edd951cc417805a4eeafd5e84f28d378b9126a690

    Download Submit

  • /data/data/landtual.pomf70.ta/databases/a
    Filesize

    20KB

    MD5

    3299d825e05a9a17e6e272774ede938d

    SHA1

    56eff2000344124354df28c463a966f10222d80a

    SHA256

    f1dea8e34d83195166ea3279874a2e0b1f2175189fb3f1285572aa5d7bdc3975

    SHA512

    8e2d3c01ddc0a777d125dbdef30e8dede702896d5885db3b83acb9bb3419d4ef8d3e7ebf67aaed0e36ced86c01c6988c650c2ce275912888ccca8626d77670dc

    Download Submit

  • /data/data/landtual.pomf70.ta/databases/a-journal
    Filesize

    512B

    MD5

    94bfd35fc3b9a335c74bc1b03e9f786c

    SHA1

    e1b02af1a59744ed7a8da69dc30b7560619c5c25

    SHA256

    c32d684123763992aff69f71d8ce3631ca54ab197e997eab61d3b77e6d9996e1

    SHA512

    9feedd4e86579d9e91e13090130d09f3cbc8d099188e4ab98552d5835504155e97618ecb290630e08d4404fe81966aaddf17daa52be319771170ab613d56fafc

    Download Submit

  • /data/data/landtual.pomf70.ta/databases/a-journal
    Filesize

    8KB

    MD5

    250455289b4237a6413c538bdc7c26c4

    SHA1

    658a440a80bdfedc2317989ffe6854b3ccd60202

    SHA256

    5ba72561751f06a00fe39a94469e9c8a410c43cc6c647698fa1823ca61a124ed

    SHA512

    59a73c2aa21004f9f3ae034b757da973428141d4b5713c6874330329f82941695f9b9fad0236cc4b85c537da765f82ab9c6ca9d09b0d01f63accabf444ed8289

    Download Submit

  • /data/data/landtual.pomf70.ta/databases/a-journal
    Filesize

    8KB

    MD5

    89d4cda9c40ee2434471a81ef9f90237

    SHA1

    f0fd17583287559c9f6a18ae2fb6eb6328a476bb

    SHA256

    2cfd74c51d90c41cf1af0b3391e48d3eb362907319ba73fade9b940eef62b765

    SHA512

    c92a0ad3a49600b165879b3752cab0dfc35e4059278bedbf5a3947bac34552a4afcdd068ae4d299fced1dfaa0778933c0b1453f304ae48cb131338c4aa7a9c58

    Download Submit

  • /data/data/landtual.pomf70.ta/databases/a-journal
    Filesize

    12KB

    MD5

    10b235f4cd1f4aac17c6e5fe2524f2cb

    SHA1

    424fb8fdf1f1792575629fc8430bc40abf1e94d9

    SHA256

    6a55c9a512b1441ab7fe103fbaf9f73b13b3710694961a451b6668c4acd3815a

    SHA512

    b0a2a14a592f9c16ae65a95da9dc727ead50deed3d2ef343fd3e68751b4fb17e3c7accf5b919dc5ccff1d757d7ffa24752ac8fa05818f10a2cf5df623726ddb3

    Download Submit

  • /data/data/landtual.pomf70.ta/files/landtual.pomf70.ta
    Filesize

    256B

    MD5

    ac1c4cb09437433b4e50d3690118b7e6

    SHA1

    27a50fc071e2797aa3337a5a99f60e3b415bb27c

    SHA256

    41b806d1e79c72687aa0e26583939b376fde1728551a7b2e75f64a97fd421634

    SHA512

    c57f2ff516b6b06705666dfe76be58925096cc0358da94fd50c78db4773da4a7a309b176aab2865c0c73c01269a3e2aebdcede224f2e05129b48a1cee47c53a3

    Download Submit

  • /data/data/landtual.pomf70.ta/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/landtual.pomf70.ta/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    3e398cf1a0e8dcba61cc3b2af0bbc91e

    SHA1

    43b7eef728225b184b0497717f902438654c702e

    SHA256

    2ee747a74300cc5742726821ff1cbdd18fbe5c523016ff548ab3902fdf381d2e

    SHA512

    bb9eb3b6c962414e9e46b0c168d5b23fbcc726e18c7d19a83cda57e30a20c635d270856f3fda505d292eccd5adab7cf659e0d79c5e4ba72e2a9d94d37b9833e8

    Download Submit

  • /data/data/landtual.pomf70.ta/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/landtual.pomf70.ta/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    07a9928052c28c050a33ba327b687730

    SHA1

    a2deeb05d8a7ddebb50f6500a61edbf47a5d6459

    SHA256

    8f16b9b18a470d047a789deefffd5a664690045efc09fe72e5e8d76d8488b43d

    SHA512

    2915b215ef788fc35cd57d31eec7e7ed2b86216df610311feb6a04b038127ccd74f70aa2dad84aa4318accc9fc26ac1c5055cc0eadee476b1a052a126a209586

    Download Submit

  • /data/data/landtual.pomf70.ta/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    4ab9c9c1c889570a3af3bd037a3ca090

    SHA1

    76eaa5fd18a19868c75fe986e86e65119b898c70

    SHA256

    e8e4265948b8a6b132aa589af1e6b9d236d1b0be193a72853eb453b9096bd705

    SHA512

    2f8253846933880b23db4633f023aa06a6fb78dcda418524ee445c4071f8b39876f16095de8db53673a48e57499639f7af39a1fc210f96a92c8c278a01bed604

    Download Submit

  • /data/data/landtual.pomf70.ta/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    2e41c230258bba01b720dcf98d505a82

    SHA1

    3792aabe2aaf920abc7f692a95db867c9db3bfbd

    SHA256

    037248af3c9ee010f5593a0495f9fff9ed16456a22b15091a9b7f2697baeec5f

    SHA512

    c39851fea61ef04fd69c36d6de82ed6ca876e4dd649dbd847b08aab05db4ed9357bbf329d4cb4218a97a03318170a23e2dbadd3f1ca576e072563d46b569d6a2

    Download Submit

  • /data/user/0/landtual.pomf70.ta/app_suggest/EdZ.json
    Filesize

    10.9MB

    MD5

    35d4cda95e19e9be467673c78e1e2fa2

    SHA1

    3868d4dda794c360f57ba650c332b39ce5c68d8e

    SHA256

    6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

    SHA512

    577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

    Download Submit

  • /data/user/0/landtual.pomf70.ta/app_suggest/EdZ.json!classes2.dex
    Filesize

    308KB

    MD5

    7f553f50925945c7d7138227ae983377

    SHA1

    d7d3afcd10dd4e03daefa0e8e242c1a7b77a7162

    SHA256

    10d07387bd954b877c1d1205814d36bf526108b16f8fc55fe48398d350166637

    SHA512

    2202dad0a09b8359f4b07f2f5da2777f4d3a70931825440da3d4bb13639b981917616f6fe394dc093aab044bd6ec7e47e363d2665b47aea21a0540008083ec1b

    Download Submit

  • /data/user/0/landtual.pomf70.ta/app_suggest/EdZ.json!classes3.dex
    Filesize

    265KB

    MD5

    9be81be1b34d2c5b45f8ca690fbcdfb6

    SHA1

    10300ac02fd9b57f4de8edda3f68ccc1bfab9e6f

    SHA256

    a9081622945a79c3a4209e8d84c8cdeeb30a6b4ac5e8c4c80703d04fd1841b04

    SHA512

    6969fd501aedfce16d2f1d3c2381765687f8f978072a7fa81ead3e1d9e5dec3cf98bcf6403fec47772fd01d137232fd645deddf8c7d640af887f896c2087658d

    Download Submit

  • /data/user/0/landtual.pomf70.ta/app_suggest/EdZ.json!classes4.dex
    Filesize

    1.7MB

    MD5

    30465152db261852e3a226a666ec4304

    SHA1

    442a188e07db85653022734d0a8537d4312aef38

    SHA256

    c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

    SHA512

    3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

    Download Submit

  • /storage/emulated/0/Android/data/landtual.pomf70.ta/cache/logs/log.txt
    Filesize

    83B

    MD5

    f72d8325ad18c7f6525d1a9fc0dbc316

    SHA1

    e8172e2a3b3d35247dfe38a91d101ce9b17b7c33

    SHA256

    527cc2a72bef03873ec1e00097c701de03d181d5f12a01dda0170bfb04ecd082

    SHA512

    1279044877e1512af8f5bc8d2555540adefd25d3e6b0d20ff5f8c3433bda363085a8242194529b96b228c677ee240ef5b96c181b2305360f7e66ad7eb9601034

    Download Submit

  • /storage/emulated/0/Android/data/landtual.pomf70.ta/cache/records/com.android.settings_2025-03-21-23-52-40.txt
    Filesize

    73KB

    MD5

    08ca664c9201c358a5e52f717362cabb

    SHA1

    da69b930a7494c778a9883beba20002adb36883d

    SHA256

    d839bbb84770f134f43a5c7bc3bd57f98273b5e3ed6abd375397dd8d710d94ac

    SHA512

    1441678313b1528bc8d6774c8b275be6c081c071c7658c11a782361122b8097d5a3473927978f5158544fd411b8a942ac2d64b373f5cb78ae8384efee19b754e

    Download Submit

  • /storage/emulated/0/Android/data/landtual.pomf70.ta/cache/records/com.android.settings_2025-03-21-23-52-40.txt
    Filesize

    146KB

    MD5

    b77d2e577ed32a33ff92d3031d789fd4

    SHA1

    93c14cdb5c2b1460487fe4f2e71d084dbf19567d

    SHA256

    08274fa21a1ad9554de0cddabc5b7c275530f1f2ff35afe72a43540b5a0442bd

    SHA512

    fe28e4c740d8bed0d70abc06a9666e65256fec815072d9c54981d646d90e7ec638c483a16ec4a6e0f8755b49bb30d82ede238d5a4a89f60de8d7e390435fe31f

    Download Submit

  • /storage/emulated/0/Android/data/landtual.pomf70.ta/cache/records/com.android.settings_2025-03-21-23-52-40.txt (deleted)
    Filesize

    1001B

    MD5

    1c56b419f043be564ccf85c040ba4758

    SHA1

    28c97c81599d098b2034aa18abfc72c6c26ea956

    SHA256

    e37f82553044557524cb0b7d2de8623384e03ba01d61cf1de79b2335577c00e5

    SHA512

    ccdc36a1535485c1b62c64ed3ab1f1ae630494e4590506147468bbf0cddd5f5aad538a576a124da28637cd6e138c25ef91433d048ae8422b0d40772d6ae6fd24

    Download Submit

  • /storage/emulated/0/Android/data/landtual.pomf70.ta/cache/records/com.android.settings_2025-03-21-23-52-40.txt.zip (deleted)
    Filesize

    5KB

    MD5

    f342208ad59a72146cbc7cff54a1b1af

    SHA1

    13eb0bc62f6d857886aa4845807d73e7d745cd58

    SHA256

    89d661c44804123cbc2dc5873c84303dfc20c4f524f231a7768c20746cf507b1

    SHA512

    28621fe7e11366bdc24c980ca6109088a5ddc3e6e29fa9f6ac41575bd4694a88c082064b629bebd7c52123c33565c7d24579e26d0f0bd73cfb02150a9091cd4d

    Download Submit