Overview

overview

10

Static

static

6

bbefddee16...d2.apk

android-13-x64

10

bbefddee16...d2.apk

android-9-x86

10

Analysis

  • max time kernel
    30s
  • max time network
    30s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21/03/2025, 23:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbefddee16638eedbea8c970dbf9f052aa4e42c5cc7cee59b8758788a27e98d2.apk

  • Size

    7.4MB

  • MD5

    b228cff097466d7a5077ef6ac94ac862

  • SHA1

    3405bbe0c7703dbb6e5829b90e25d0efebe6b9d7

  • SHA256

    bbefddee16638eedbea8c970dbf9f052aa4e42c5cc7cee59b8758788a27e98d2

  • SHA512

    f807fadd8e450c7b2a53ed387211059046cdd4fa030a0f7c6525e983e4fa3d263ce86bb9e4c9804fa239a0e57e016d703761b055e3dc0efd68327d5ca4e8b4ba

  • SSDEEP

    196608:8XBBT18xyoVgPdynjh9Z7qNK3zI7cS83nP4/nh7jTi72I+5FZzorwUWDV:+XT1Mcc9Z7wb7of4/h7jQ2jOrRM

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://techpoint.cn.com/c

Signatures

Processes

  • hinjohn.dad249.ta
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4430

Network

  • flag-au
    DNS
    appassets.androidplatform.net
    Remote address:
    1.1.1.1:53
    Request
    appassets.androidplatform.net
    IN A
    Response
  • flag-au
    DNS
    rcs-acs-tmo-us.jibe.google.com
    Remote address:
    1.1.1.1:53
    Request
    rcs-acs-tmo-us.jibe.google.com
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-au
    DNS
    techpoint.cn.com
    Remote address:
    1.1.1.1:53
    Request
    techpoint.cn.com
    IN A
    Response
  • flag-au
    DNS
    techpoint.cn.com
    Remote address:
    1.1.1.1:53
    Request
    techpoint.cn.com
    IN A
    Response
  • flag-au
    DNS
    techpoint.cn.com
    Remote address:
    1.1.1.1:53
    Request
    techpoint.cn.com
    IN A
    Response
  • flag-au
    DNS
    techpoint.cn.com
    Remote address:
    1.1.1.1:53
    Request
    techpoint.cn.com
    IN A
    Response
No results found
  • 224.0.0.251:5353
    2.5kB
     8
  • 1.1.1.1:53
    appassets.androidplatform.net
    dns
    75 B
     75 B
     1
    1

    DNS Request

    appassets.androidplatform.net

  • 1.1.1.1:53
    rcs-acs-tmo-us.jibe.google.com
    dns
    76 B
     76 B
     1
    1

    DNS Request

    rcs-acs-tmo-us.jibe.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    techpoint.cn.com
    dns
    62 B
     62 B
     1
    1

    DNS Request

    techpoint.cn.com

  • 1.1.1.1:53
    techpoint.cn.com
    dns
    62 B
     62 B
     1
    1

    DNS Request

    techpoint.cn.com

  • 1.1.1.1:53
    techpoint.cn.com
    dns
    62 B
     62 B
     1
    1

    DNS Request

    techpoint.cn.com

  • 1.1.1.1:53
    techpoint.cn.com
    dns
    62 B
     62 B
     1
    1

    DNS Request

    techpoint.cn.com

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/hinjohn.dad249.ta/app_love/By.json
    Filesize

    5.2MB

    MD5

    4fbb4028718532d32e22239261a76c29

    SHA1

    21291bfaab1fe037a003feaf8fd8ca01c800dd6a

    SHA256

    ad0581c6e1a840d93765648b854037e116402f247126ff01eaf6e37e6298c120

    SHA512

    92bde62f07d7953ed5f048acc0349ff6ffab105abf6dfcc1e4011873df7d649ddbbbd68bd0d6f47677f8ea08d6f1912e653ee274ba3895c07a70c9499c078979

    Download Submit

  • /data/data/hinjohn.dad249.ta/app_love/By.json
    Filesize

    5.2MB

    MD5

    02bb31370c476d5d188123d472930ccd

    SHA1

    41423584d5c1cc00ee94541e7a42c7b75d215079

    SHA256

    daed2788794875c06c74734d96fa2ce8de613defa13b7355f3be5033f66a1055

    SHA512

    17b5dbb3fa3dbed0e9bfa2702ec7c25b43794b7b70bed37810d8b45f0e4d1a50951f2c350fde2d5ecd7b77d961c20cc70e39d24ac7492e965d6977dd7b4741d2

    Download Submit

  • /data/data/hinjohn.dad249.ta/cache/clicker.json
    Filesize

    17KB

    MD5

    d780f836fe54e51872bf31220a4dcb77

    SHA1

    5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

    SHA256

    32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

    SHA512

    62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

    Download Submit

  • /data/data/hinjohn.dad249.ta/databases/a
    Filesize

    20KB

    MD5

    91af32c14839a2828ca58297e0861362

    SHA1

    bd758cc0bb47b570da2061d4633aa998a87ed971

    SHA256

    5d8e556cf9230390a2ea6e8fe0300bf0d3c28397a75d4d5d1138cf25713d5923

    SHA512

    9810060201633366b6d13e9b81a2d9fe1adb61e027a215cd05454bbefaa7f6e1a17aae3781eedd8095a398a05f3c7cf03b589f29d1ac4789dfbf61bce25b9fb7

    Download Submit

  • /data/data/hinjohn.dad249.ta/databases/a
    Filesize

    20KB

    MD5

    e710fb7ac2f6a76e8042470ba6a1a29b

    SHA1

    75420a982aa14ab66f7843ba6eaaa8d76c155e23

    SHA256

    d891c1df64540b0c984a7969734cb2611a70304218f7906bc9ca714115c87ef3

    SHA512

    54cb8e641eb2867c5df26d91a410671adbdfe554a996205b81eac4fdd5f2632e15e810bceafd5f1690dbf8f7d47b9c6fb3c89404c395481e0a94823a13c25dc2

    Download Submit

  • /data/data/hinjohn.dad249.ta/databases/a-journal
    Filesize

    512B

    MD5

    25200bcdc57fd2e4b4e0d1f5e849d6a6

    SHA1

    fae7d91d4c608cc99ac8eff2d33e485e82a8cd3e

    SHA256

    dece1d80bb627bdfed1e13cc34ec76bf42c60d834fa43ad9d8828f15bfbb22bb

    SHA512

    0a2c83277487dc0045e7b7a9ed5b26c603ecd234feefde50b807634a4cacda252f7c133e45b2b29f45f13e620a15e10a9d5b17cdbbe8f29db2a3e84cf62c5455

    Download Submit

  • /data/data/hinjohn.dad249.ta/databases/a-journal
    Filesize

    8KB

    MD5

    064d6c78e997c4b14012155dfb6e6415

    SHA1

    a2a3af190d3925992d0d661bc005e069be7cca4b

    SHA256

    16932c338561913b67db06b199770b8e3bacd1ee55241bb2c19c0e2cacdd064c

    SHA512

    bf7ef31d72a4174556712178b6f8d6ff9cb323df6e7e8231c56fe359444e600cb3675024268e7a135cfd4d72ffb70ae897a19e94c85de0629d4624418dc85596

    Download Submit

  • /data/data/hinjohn.dad249.ta/databases/a-journal
    Filesize

    8KB

    MD5

    20725a62e56f85e3c3425a3e63838aac

    SHA1

    6025ce56941d1026632284849483943314154a89

    SHA256

    01ca00d1a423552605457bbca85ebd8c6cab28ec016d21e4903768a8c5afbef1

    SHA512

    fbeab6de8d265b1dc1f87a395321a463a6ff33228e3bad801e5ae461b47397dd093a43966b488fe269ab106eaf244a4c54407e9ed57a49dd38ae184a8a463409

    Download Submit

  • /data/data/hinjohn.dad249.ta/databases/a-journal
    Filesize

    12KB

    MD5

    cf06a5af6fac612440fc85b3aec54d62

    SHA1

    d12a24c3f98eae57bd71e1dd22e5b8249899efa3

    SHA256

    ca4b45ab392f19b5cda1db52eb780f813dbb333248ec5cbb563c5fb81e447b70

    SHA512

    b3f0a17b2ce9f154889ce7f72dbc12afb400c19fd9d68df3d62ea3e8e5f21f921f8c8676fff692c9d38d0aaf07dd2de2381aff78934aa2e8d18997877862bf9b

    Download Submit

  • /data/data/hinjohn.dad249.ta/files/hinjohn.dad249.ta
    Filesize

    256B

    MD5

    96b30a32041606fe9b5028834401a3c4

    SHA1

    f1c40e5b19e6b2772b3c89d0d06b25cabb5ed70d

    SHA256

    87eabdd8695960ea75f8b610eb9f9f1f7d0b82ce190a848c51b3093f0d7bacad

    SHA512

    385a59d7672828684675846d0d33f6a6413e0e581d76d3e1f5ea88089595059a18a1d0655d7274254b92685103bdb47f7f9da7fcaa6c795c6ca05164869e4bf5

    Download Submit

  • /data/data/hinjohn.dad249.ta/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    0eb157e1a86d4d00aa601dd2f6ff3ee3

    SHA1

    fee434f784e73cc7916322e949f727caf8363102

    SHA256

    b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

    SHA512

    b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

    Download Submit

  • /data/data/hinjohn.dad249.ta/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    4c696cee28a6d9ef5308302ec652243d

    SHA1

    c7e9aa372b49a31ef88167bd540c2ee851ec1291

    SHA256

    d3de5c5f752b84e6bf18726add7e4857590e778631be193ca4cd7ec83fb69e2d

    SHA512

    0e76c001624ab773c834a9870bfb44f1ecc8aa8e7fc2b2d51239f4148a9e921be233f8dd9a25add6eadcf136fcd00e6a455bc9a6837557153935297c9b086660

    Download Submit

  • /data/data/hinjohn.dad249.ta/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/hinjohn.dad249.ta/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    25ef9cf0b4b234799309ef40ae2fd7fc

    SHA1

    7d4a19ab82b97a52d7991059c91ff6fc88a589da

    SHA256

    b61b040a18438fa0de3a583942ee28a10be1ac9e46697d24384acc50a4ae5415

    SHA512

    cdda7b7af582eaf4d72f4d7e198d7f313b6e07ce6eceed9f0693d35ab3345924ba871b117ba9ece1d05a1ef630f87d254ed11d2de1facd0ebafedd0b716a1f9d

    Download Submit

  • /data/data/hinjohn.dad249.ta/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    87ce576684a735af64688915deac53fa

    SHA1

    7f71ec3a02ef316f7d969456ebfbd183b87afc74

    SHA256

    c83b82c46f3d3a072a340ecd767a553ac28ecfa252bc62c1295b322e41d95daa

    SHA512

    5fe60db76a901a5d7ba8d20e706edda7361c4007c51b354dc5a3dc18f546e48684157be6bfd0d89940c85a9bd3c36c01900f159814f5109a156bb3fd81efe8e4

    Download Submit

  • /data/data/hinjohn.dad249.ta/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    8bd75fe92d3531c01be02b2310979125

    SHA1

    02587a73e7e99f56db49d7979f09be231cf3f38e

    SHA256

    ea9c985cffc95884e8c714c6d33d77ad6cfe34d35003aba530ddbf47aa955d42

    SHA512

    cef3cf78cba4f2e2321782fbfdfe1f3f4734a9717ec4c45bdecda455868b9ee7bb3bfb51269ad4dcedfec081038bafe0a33ff741548574bcebe8ad8c86c4c19a

    Download Submit

  • /data/user/0/hinjohn.dad249.ta/app_love/By.json
    Filesize

    11.1MB

    MD5

    28041432b0c51e3e887643272629c83e

    SHA1

    fbea5dfc62f03e1ff784b410ec0d547de0e8156b

    SHA256

    85c845feaa13eb5b0d02b64a996bf1a84b3aa77b6cf616f3db8ae5b4c70e9902

    SHA512

    7e69a4dffce031e990827d655b83ce66bfca72ecdc5bba4a264f877e0a3788953c41e2f6766e8327127d1b68b63775569648340fda09b4ce13684f0aaca6438f

    Download Submit

  • /data/user/0/hinjohn.dad249.ta/app_love/By.json!classes2.dex
    Filesize

    351KB

    MD5

    5a6c21c97564f9a1e87f8d7f10c4a768

    SHA1

    1e5f3c0425f58d762043761315dbe272245a6be6

    SHA256

    0560c1387efd41865f075e176b7d4875340db043d943c95f0ad11f0f684fc519

    SHA512

    e823cfa4c5dd345e9f68aeeac384d42797ed1419eb70ea99d122a6c20a066a97fb94ce7dd6037b743d82eaa21bab2974213027c5e3a03af95c6c8ec513b7ec6b

    Download Submit

  • /data/user/0/hinjohn.dad249.ta/app_love/By.json!classes3.dex
    Filesize

    257KB

    MD5

    b9c73c4d9fcf118ac64a47bdfb8bb561

    SHA1

    f74dec2bb9dc1c5050ad66937ecb844b915a06b9

    SHA256

    31b28132c9fac2f1062b7eeb45e2c281d65d19dc03805a7e4e4122fa492ffb1c

    SHA512

    750c57fa2798de21de00d20cd86cab0c12e4e7d5d3c8978f6c674fec404b6aacfa9b3bdf03d0da0f0bb16fd62928dc625e3ccb135699757bd16ec3e7e379d375

    Download Submit

  • /data/user/0/hinjohn.dad249.ta/app_love/By.json!classes4.dex
    Filesize

    1.9MB

    MD5

    2d73c5997273e3910c1ac1d8db7ba145

    SHA1

    25737e75ed15863e69d02a14efa781370dfec798

    SHA256

    411c3194c11f6254e4bb6cdbf247518a4696ce9bffc6d373ba7e949889db9965

    SHA512

    7adca729d74394232c26ee76272a85342fd88c9101d417ba3a0b1018f29cdbe4a852a3458548e4e333db55520cf8b0a7700f6bcb3cfee77a12ec3d272c4dc13a

    Download Submit

  • /storage/emulated/0/Android/data/hinjohn.dad249.ta/cache/logs/log.txt
    Filesize

    4KB

    MD5

    15c8a9c724e29c11d0fed2b90bf43164

    SHA1

    720064b4df4204ddb8d9376e997754ab192da4db

    SHA256

    255d55e30f913ac99ecf58d50b23a0433b94894f49c11526ead060e1c15af1e9

    SHA512

    ebd4abe8f50c5862e07b843a6181f87f5d00b5ed6954b768831863fabc2754796180c00ba68be584c765001e245996101dfa02653a0b2a127f8a7540c3e6a612

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.