Analysis
-
max time kernel
140s -
max time network
153s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
21/03/2025, 18:17
Static task
static1
Behavioral task
behavioral1
Sample
90cb5d17c0ce8cc794bdc4a6b03382dd56e7ec9b831a290764035b794c7a7495.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
90cb5d17c0ce8cc794bdc4a6b03382dd56e7ec9b831a290764035b794c7a7495.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
90cb5d17c0ce8cc794bdc4a6b03382dd56e7ec9b831a290764035b794c7a7495.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
90cb5d17c0ce8cc794bdc4a6b03382dd56e7ec9b831a290764035b794c7a7495.apk
-
Size
9.2MB
-
MD5
8a58d7aa7729a84e4ee0ef963caa5be3
-
SHA1
87e933bec88b736f1de6f70cec42a81e9e36e9a1
-
SHA256
90cb5d17c0ce8cc794bdc4a6b03382dd56e7ec9b831a290764035b794c7a7495
-
SHA512
589cb13f9cbd044f14f910ffce806d8c8df05ed54fdbd6062ab0705162df4863cfce187db6ddfa757e6eef365e3c4459f218de65932431dd85ad63d497d6960d
-
SSDEEP
196608:OBO3phigDUUVdYknQNPLJTlbE/ZdYwr0PMCx0jv5LtE:OI5YEJnYVTlbQZdYURLtE
Malware Config
Extracted
trickmo
http://b-fulltime.org/u3n6hcu6te3b46gc
Signatures
-
TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
-
Trickmo family
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/efja.fast805.touchs/app_yard/IJ.json 4785 efja.fast805.touchs /data/user/0/efja.fast805.touchs/app_yard/IJ.json!classes2.dex 4785 efja.fast805.touchs /data/user/0/efja.fast805.touchs/app_yard/IJ.json!classes3.dex 4785 efja.fast805.touchs /data/user/0/efja.fast805.touchs/app_yard/IJ.json!classes4.dex 4785 efja.fast805.touchs -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId efja.fast805.touchs -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener efja.fast805.touchs -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule efja.fast805.touchs -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal efja.fast805.touchs -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo efja.fast805.touchs -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo efja.fast805.touchs
Processes
-
efja.fast805.touchs1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4785
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.9MB
MD545039e907203a7f1bfd2a46c495d678d
SHA10a946711f6738db293680968bd05ee77d9c9c7b8
SHA25670ca8442c5c04c35f4c341e4d91492356a70a9e435233ad955e9374b9e2945da
SHA512f3aa051af7bf4e77f6a62eb0acd2a68fc79d12b61f2f2e98a1cea6c1e700b9dafc9287d9c37957653298c3ec29a88c2ba7dc56aa2e05a379cd87010f98181523
-
Filesize
4.9MB
MD5569de88fc6ba465b63b734683daa8af7
SHA1ae8b7054ed78707c8eeb295889b102c02689f985
SHA256abd9619c98bcf1ef70811daf2f1eeed2f8f7291b685dcaa4e09dc1008207d38c
SHA512d09c3f136c512089569867146e634d1126d039bd319ebbe160b547736994cea3ff372abf411b6c5cd7afae9a97c043b0d98bca5ad254041d6be2c61ee0a5312f
-
Filesize
17KB
MD5d780f836fe54e51872bf31220a4dcb77
SHA15136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae
SHA25632abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17
SHA51262842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635
-
Filesize
20KB
MD557baf3e42a94e8dd82e267b2f0619330
SHA176512dd29fbaf3cfd2efeae0ac2ab5108b81af19
SHA25649a98902c1ffb97354f0e8f0f9208b84dfabaa826635f6ade1fc782169a3ec7c
SHA512227f9d10a39fb0d8ae0a562e3b983fde44de62b3dbcd577172451e0e1f669e5721ba653c324af7c4d022032edd951cc417805a4eeafd5e84f28d378b9126a690
-
Filesize
512B
MD5d4fdaa72d067c7f56ff54895e9ffcd6e
SHA1382b7b52b9cdb0eb132e884730273f3b6c2d7dd1
SHA256724593b9e06bff643fb5cf4be16958df6d4f77e5f4620291118ed4b9848aae50
SHA5129671bf56c3878f464be32fa1a5b61a766e88e6ec969ea6a30947863085e2cfdc10e7fd1880a1b4dca5b8337513ba17516d567b54a96f9f838d91bfd83bfac40d
-
Filesize
8KB
MD5ed8b72ce50c38c8ec7780838b380539a
SHA1da861bd6d48af22baee722de317dab86828ab432
SHA256a2c24883114f796fb67be65d330e3b81ce7d744b815a895809ebeebdcddfd830
SHA5128f4ce1b89f847c6923bd857cde6e2f7510d6d9f71a4ef91a00c25f434bef44b6015cb411ea0af0639cf1ef1f8d991d9ca0a28213af6c5707d4e0d88f5437e85e
-
Filesize
8KB
MD53996c0d781b235638e8a2ec6d095f0ed
SHA129cbc5fb9ad3d8ed11920601e8053607328aea09
SHA256ce0dac8b52119c127b90c325cc78196ead14faa0e50207e7bab8d3914591d744
SHA512d8de058841f762fffb024ab8b4d48a7ef3c299342458cb3bd757c9de1367b3c49c5646513c660ae9e7d323dc556bdbb5196250682ecf53a541d0960af498ed4b
-
Filesize
256B
MD5b7648be00acddf9c063a5ebd8049b39a
SHA1fe577f726b43db4e71cc47b75c5457e6a1c946a3
SHA256658f3c0e06fcbc8138684e04c657bf2f55b6f57bfeffe9c116f6e3c605b22cb1
SHA512eacac8734c0904bdc0cd5182587abfa144764888126f5408469c9e075b7dd830b9ffa2500976793cdaa910c22006aa2d59187b1f3a978d1a6fa39265ac92fba9
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD54dfc4aa9af0f81ac43507f9e9de12631
SHA162e161a2af428192fcf460dee0b2582ca352e994
SHA2564c2aa50d7f0d080abd7bfddf658b06e4fa039f795578de09a206bc03eca55776
SHA5127f599a7ff01b02235d80718fb781ef378977e4bb6ba3df7fd6bb3b6ab4b1cbc6187fd20c6ba69b7119e5ca08c0e7bd534543f2b67dfd08759af8b6b990698f67
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
173KB
MD50e0722273a92988174d1d09622d40130
SHA16b6f2764802f2516d48d9e2f5027ef4131db3167
SHA256d3fe4db3b0440725cf263bf1a2ed39fd614323dd04bddce3ecf30f01e3fc42e1
SHA512d3f64fa7231e4d651476742784f9979ac81f3c078f24bfe8230fba4d6b9a950958366dc9ede2b48d8fc24fcf032f7af8f8a6949b6ee4af98f7bf729d3baadd97
-
Filesize
16KB
MD5564e33a257c31c4c59039ccb50fddae0
SHA198bb409bbd3e607719ccafc8e55a16ec7d26d07f
SHA25684068f105bcfce065ff7881a3ddbab174314876cf18075c7f7f0650a91b6378d
SHA5123d53447a3a344b35768586fb67b5a2dad72e25b5b28b05d52676b938f3444d712cfe060d34d2c40e927a8b8d1d42bd597f41320090c8dd010e6eec0072ad43de
-
Filesize
108KB
MD5970b0325dc026e82d43207190efab57d
SHA116b9eb7a5167902542c866abf345d9ed3273068f
SHA256b6223de2df335523109eb7d5eeed6165dfa22a836b0577e29938481611107fa6
SHA512505bb1153bebcf525df45d2ac8fa82515c36375632085de54b51e7c0c65d3eb3941e8db7b5b477c19d2d725c793f14fba6caf50ac2fdd41b2ac382eea32ff7fd
-
Filesize
10.9MB
MD535d4cda95e19e9be467673c78e1e2fa2
SHA13868d4dda794c360f57ba650c332b39ce5c68d8e
SHA2566c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746
SHA512577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7
-
Filesize
308KB
MD5af76bf112a1486f959993ab101d1dfb3
SHA1d38bd79b0d58135807b7e9038f35e099bc8b18ac
SHA2569a149d4662611b4d051f7b4c53b4581f840ee6494eca90cc29bef8bef4b8c326
SHA512de3a977a5167c361a46516739e8e18ea064749e51a72eedaa0470064c8577c8d7b72d5a5bb7fc83208c1f6a6d462aaf2014d4ca46a3c2ba95063f25afa337825
-
Filesize
266KB
MD50c7e31c4fa49c111285906ca8c2e0672
SHA1b1b42dfa3d36dbc0a1a0f1cb69616022ff635891
SHA256a9381cbba32fbad21246ea5f933317f0577abbc1c1d0451ea80b079763f77389
SHA5126d3fa945dc48f48d322161d17771f459f8e80b2ef5760b460bd1ee70b5b339e8981421bd50983ef6d810983a4381be3c7a0227cabb9f74241a32b3f7f284e2ab
-
Filesize
1.7MB
MD530465152db261852e3a226a666ec4304
SHA1442a188e07db85653022734d0a8537d4312aef38
SHA256c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4
SHA5123b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63
-
Filesize
83B
MD5c210254e66e53faa3581a676e264ae30
SHA1d28058b61cd25e35ec710cb6c167de538ff3a291
SHA256705c451ea13f95bfcf1d3d814c219773f3fd405ca5cadc2189e040aa312c172d
SHA512c6ce34858e1c5a6b8e20ab45fea8c3b70ca1f7d2cb6b090cbf3fe58fc41405c8ae2d7c5ac86da4133d90b6e4fe800efbe4e6ad4e61d7d73a3881e9411cd25b56