Overview

overview

10

Static

static

6

8e771c7415...94.apk

android-13-x64

7

8e771c7415...94.apk

android-9-x86

7

deper.apk

android-13-x64

10

deper.apk

android-9-x86

10

Analysis

  • max time kernel
    29s
  • max time network
    38s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21/03/2025, 17:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    deper.apk

  • Size

    8.0MB

  • MD5

    59fc7c31e72d195d01724fb5bd83ce76

  • SHA1

    d534d35c519c3741e9b809b4127d9acf1fad77a6

  • SHA256

    726286d62c75677400e56e05e12231a9ed157c618425e591757872ac8a04c86f

  • SHA512

    1e084e2598132587648212df471f2378279458fd3531764764e35eacd3faf1eba5bf47442dffc0496a34044323d3277f97f748db2753f34ed8b16a6a833c9e56

  • SSDEEP

    98304:w3eJMz2g+RqU7FWiIsoE7NKA0yOpwS11slxBuwE15LI+cSUU29Hr1X1YvVA6KHCk:/8XU7FR7rO5LwiQSg9XYv9qCtk8hFbmL

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://mikejprdanorg.com/c

Signatures

Processes

  • terpnetf.plac292.nan
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4485

Network

  • flag-au
    DNS
    appassets.androidplatform.net
    Remote address:
    1.1.1.1:53
    Request
    appassets.androidplatform.net
    IN A
    Response
  • flag-au
    DNS
    rcs-acs-tmo-us.jibe.google.com
    Remote address:
    1.1.1.1:53
    Request
    rcs-acs-tmo-us.jibe.google.com
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-au
    DNS
    mikejprdanorg.com
    Remote address:
    1.1.1.1:53
    Request
    mikejprdanorg.com
    IN A
    Response
  • flag-au
    DNS
    mikejprdanorg.com
    Remote address:
    1.1.1.1:53
    Request
    mikejprdanorg.com
    IN A
    Response
  • flag-au
    DNS
    mikejprdanorg.com
    Remote address:
    1.1.1.1:53
    Request
    mikejprdanorg.com
    IN A
    Response
  • flag-au
    DNS
    mikejprdanorg.com
    Remote address:
    1.1.1.1:53
    Request
    mikejprdanorg.com
    IN A
    Response
No results found
  • 224.0.0.251:5353
    2.5kB
     8
  • 1.1.1.1:53
    appassets.androidplatform.net
    dns
    75 B
     75 B
     1
    1

    DNS Request

    appassets.androidplatform.net

  • 1.1.1.1:53
    rcs-acs-tmo-us.jibe.google.com
    dns
    76 B
     76 B
     1
    1

    DNS Request

    rcs-acs-tmo-us.jibe.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    mikejprdanorg.com
    dns
    63 B
     63 B
     1
    1

    DNS Request

    mikejprdanorg.com

  • 1.1.1.1:53
    mikejprdanorg.com
    dns
    63 B
     63 B
     1
    1

    DNS Request

    mikejprdanorg.com

  • 1.1.1.1:53
    mikejprdanorg.com
    dns
    63 B
     63 B
     1
    1

    DNS Request

    mikejprdanorg.com

  • 1.1.1.1:53
    mikejprdanorg.com
    dns
    63 B
     63 B
     1
    1

    DNS Request

    mikejprdanorg.com

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/terpnetf.plac292.nan/app_mystery/Dgqe.json
    Filesize

    5.2MB

    MD5

    2b24f0dde8685dad2f2ebdd2392146af

    SHA1

    d8b8f6d3df8f51ecddee6be5b06842c2ff9061b7

    SHA256

    291cea72f104212fd27741a44d589e0fe09a23984e6a95972bac4547069f2748

    SHA512

    a2845b0c06f5c6819d7eef62a7cf334611e9212a14b19f303cc7264debe3d9bed31f357c85784d1c2b5bec8bec8af2165f87bfbae3d46d758de2fd1e2509733c

    Download Submit

  • /data/data/terpnetf.plac292.nan/app_mystery/Dgqe.json
    Filesize

    5.2MB

    MD5

    d4ebd024d695d6860a72000ec2d5cc03

    SHA1

    aed4284dd4e3655fbbe468f819452d9095e3cbcd

    SHA256

    6a92f157b46d0ddadcb3a05d5a427230fbaff40ee6bd6cd9f3a0a4865d2ca7c6

    SHA512

    0d6905d12b4a063a00e2805342ae2f2982846444a7afbd115a89b170ae3c782feb6788d6e294ca9afe4618f8cdc96da64d76dcce527ec5b19a8edd3f7edcbde6

    Download Submit

  • /data/data/terpnetf.plac292.nan/cache/clicker.json
    Filesize

    17KB

    MD5

    d780f836fe54e51872bf31220a4dcb77

    SHA1

    5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

    SHA256

    32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

    SHA512

    62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

    Download Submit

  • /data/data/terpnetf.plac292.nan/databases/a
    Filesize

    20KB

    MD5

    91af32c14839a2828ca58297e0861362

    SHA1

    bd758cc0bb47b570da2061d4633aa998a87ed971

    SHA256

    5d8e556cf9230390a2ea6e8fe0300bf0d3c28397a75d4d5d1138cf25713d5923

    SHA512

    9810060201633366b6d13e9b81a2d9fe1adb61e027a215cd05454bbefaa7f6e1a17aae3781eedd8095a398a05f3c7cf03b589f29d1ac4789dfbf61bce25b9fb7

    Download Submit

  • /data/data/terpnetf.plac292.nan/databases/a
    Filesize

    20KB

    MD5

    7812eb8f845814ec90c125d51a3561e1

    SHA1

    2c879bad6932a0591b5cf4a686002d3437d4efcd

    SHA256

    6137a2cfdd6c07183193cdecddb2ddd6c4400df5f50fde8eef2f8bb6bee3cad0

    SHA512

    01eb449b84cd212103cfadd308f17579beb18991d23bbf35a2620c046c2390dc18913db99fcd8f8830ca9064012070114eb7150f245ae44e173845dc1b15efee

    Download Submit

  • /data/data/terpnetf.plac292.nan/databases/a-journal
    Filesize

    512B

    MD5

    86dec208796d7e03a905ea80c2c6d8b7

    SHA1

    4dbf63b4c3518c940d28fa4120c7dba1aaa81716

    SHA256

    0e135586fe7d873d644d112f34fe64afdc28b3348fdf6d7e87d53589b06ad61a

    SHA512

    e0b1b1c3a7b38b4e150d780c675a3df566ad157feb0c72a82e55db59afc00e30abeaeaea84f3f4542532db4bd63f5b2bd086c20853f4b9ff5191c0159789ddc1

    Download Submit

  • /data/data/terpnetf.plac292.nan/databases/a-journal
    Filesize

    8KB

    MD5

    de0262f014953cfccc86ea8ba72b1956

    SHA1

    11107b11c7c04a0bf8a84b7c79c88dca9e85a2d4

    SHA256

    0bcc7705f5b9a5f4adda920cc0125ff6b9c728ecd37fc5804a0dd008076d785d

    SHA512

    e3868b35c9a12cd523ccf67a5a0c75ae92864e41cf31426b21634a64ce2a3af04b3220552d7e9f4c5454b4342ad0db63b2c17cdd38b20661a3e729bea9fd3dc3

    Download Submit

  • /data/data/terpnetf.plac292.nan/databases/a-journal
    Filesize

    8KB

    MD5

    50aca829ea66b3e970e6417d2adc8c01

    SHA1

    0060dd18be515e001a8e30448ee317df9b3f28c9

    SHA256

    9d00820bc6dd44985ada33f632d3ff1d200a77dec517260159ccaf1c02716e52

    SHA512

    62dc5a8c6a6313fdcd4028f4ebf60c711ce463c4da779e17fa16b97b078d3b136468d859c08f7aff5c5ee9caa16aaade205d585b8efe5d261123d5b84004c24c

    Download Submit

  • /data/data/terpnetf.plac292.nan/databases/a-journal
    Filesize

    12KB

    MD5

    24dcca2ef7d699175aba09225a9abdc3

    SHA1

    f6b8c6adccff40e968996be3066dba747201ec3c

    SHA256

    e7a71af29302e3584324c0de11ead50b0e32b5a224519d5bf8cf95024bbf3cec

    SHA512

    0a6e02f64e963264574d17b984ba355634a840d40255ccde01763dc58beb596653ef6c7e85bb3ee43bb56774b0f0de1be19a6e1a75c2d87c9c922b1d8c33ed9b

    Download Submit

  • /data/data/terpnetf.plac292.nan/files/terpnetf.plac292.nan
    Filesize

    256B

    MD5

    f3b60860ab7f910485e25fd60f9deb4a

    SHA1

    16e7f8021d19e61be0383454c7e4844a2e955dfb

    SHA256

    4baacc644dde8bd9488c2c64c5b893ec8e99ba1b0795f95bb7427f1841f86410

    SHA512

    3e391be0b3eed1fd37acb19218ec3058a4614630c8d818a7a5856a4d83641928e1ba52ead5f9e10102f2594491852f17848248678d0218cdff1c28a8e64825d9

    Download Submit

  • /data/data/terpnetf.plac292.nan/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    0eb157e1a86d4d00aa601dd2f6ff3ee3

    SHA1

    fee434f784e73cc7916322e949f727caf8363102

    SHA256

    b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

    SHA512

    b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

    Download Submit

  • /data/data/terpnetf.plac292.nan/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    dd06207512474cc3a3870ecafa3cb630

    SHA1

    266d32c1d03856e01531542c9933ce5176bbcd2b

    SHA256

    9106aa03c23ed3e2046a1ea0348e76d346a2cf2bbe9bea0fd6ff5345cfa82730

    SHA512

    cc6cf59276783003cf63c916fa3c79c77c4c5b477b929db7d7f9c7fb1ce210bdaddea253e6ceea3018c8cb89c1591a59dcf1fcdaf9f63bf7490c49fb214b9815

    Download Submit

  • /data/data/terpnetf.plac292.nan/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/terpnetf.plac292.nan/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    531552a60045e977f00b9367adeda0a1

    SHA1

    a075158f41138de0d018e8a746f3c952df12745b

    SHA256

    5223ec54bdaecffedb73068a25ded2a74dfd8509dace7930e0f7c58d028633aa

    SHA512

    30469340783181e2773f5f6f843bcf20ba54437f4294ed7318bec5054d3f92a71d901d1795fd09406e34c09c896be7b8e1c59be0155b31db1c8a2a6899391526

    Download Submit

  • /data/data/terpnetf.plac292.nan/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d5e901db997ce82d3489177ea6dc9f68

    SHA1

    180cb1d15d9a457718d05207e4f58b5efcfc443a

    SHA256

    c25b8a203fed55d8cc8e0c2b6216ed709669961deff7b792ebbb46f7af9b8731

    SHA512

    4d3f94ef246bc6c010db82c6e9c19a638f64a251b8829ec26f4728a1387d2e38d395f8ad2459dcb5831ab40f460e6d536747b2005e5c16cf2d16d9b877817f44

    Download Submit

  • /data/data/terpnetf.plac292.nan/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    af8c435db05be0e5b1177a49b2164beb

    SHA1

    f3ee223c2c2c02cae561861ad6d4bc05c2699540

    SHA256

    2ed923fe06e606def832fe28b52f506a52343a1d33a40717d4cbef832c25d9f7

    SHA512

    b8d26cd114872f8c60bfe0c71e3f1dc5b892690847e795b217d10fa7a28e154fb3f5ff44f5d6d7ae5f8c756e47b9db8cc3efc812f957838cea51ba634b5d2c5e

    Download Submit

  • /data/user/0/terpnetf.plac292.nan/app_mystery/Dgqe.json
    Filesize

    11.1MB

    MD5

    28041432b0c51e3e887643272629c83e

    SHA1

    fbea5dfc62f03e1ff784b410ec0d547de0e8156b

    SHA256

    85c845feaa13eb5b0d02b64a996bf1a84b3aa77b6cf616f3db8ae5b4c70e9902

    SHA512

    7e69a4dffce031e990827d655b83ce66bfca72ecdc5bba4a264f877e0a3788953c41e2f6766e8327127d1b68b63775569648340fda09b4ce13684f0aaca6438f

    Download Submit

  • /data/user/0/terpnetf.plac292.nan/app_mystery/Dgqe.json!classes2.dex
    Filesize

    351KB

    MD5

    385d6a4bd9e2e5a8931dac986b19482e

    SHA1

    656b7ac0491f176eac076d2ce557324834477b9c

    SHA256

    e11016a53aa7e04ca148ebcfe61bf27c3eac1378e4e1dfad9b10ded6198ae6fe

    SHA512

    4364e40766a5bb6eea0929bac6383a7e4e203c69fafd83f78f212f6d8674c894f7515db0df2a988098b9eefdf5a3cabf7ab3dc1f292d8c50d7be0491716daced

    Download Submit

  • /data/user/0/terpnetf.plac292.nan/app_mystery/Dgqe.json!classes3.dex
    Filesize

    267KB

    MD5

    77ac30d0255ca3fead968cf078c9a7f5

    SHA1

    f56ffbf1bbc90409f162f0eab8cfe25b2340238b

    SHA256

    2eb45ed98b52c10f0828daff543def5d0e4b4956284dc9524fd78ddea844c025

    SHA512

    b545d68184dba8a535677378c9215d3c23bc1ffd41a2b1d3c95be48e81405f7febb2a4dccb0b7525cb72dac72583b8dfadc057a8f9a88f22d81c06e31518d915

    Download Submit

  • /data/user/0/terpnetf.plac292.nan/app_mystery/Dgqe.json!classes4.dex
    Filesize

    1.9MB

    MD5

    2d73c5997273e3910c1ac1d8db7ba145

    SHA1

    25737e75ed15863e69d02a14efa781370dfec798

    SHA256

    411c3194c11f6254e4bb6cdbf247518a4696ce9bffc6d373ba7e949889db9965

    SHA512

    7adca729d74394232c26ee76272a85342fd88c9101d417ba3a0b1018f29cdbe4a852a3458548e4e333db55520cf8b0a7700f6bcb3cfee77a12ec3d272c4dc13a

    Download Submit

  • /storage/emulated/0/Android/data/terpnetf.plac292.nan/cache/logs/log.txt
    Filesize

    4KB

    MD5

    5360ca2be1badfd912303da15779650b

    SHA1

    b5009fc1b513d3974816fb3ed1c329b25978446a

    SHA256

    6ec5b974f64d75229b7567d5a5646f74a27ca7f561e56f60b1441824ed7b3cf3

    SHA512

    27a0fa55a342e73105794d9f425b4cf469c6361060cf90253d14d8b51ffadfc826a15a9d26d83e3ce181d918c5aa41b5b80d32c9fb9e4c7d92c070e55a17b7f8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.