Overview

overview

10

Static

static

6

345e172356...f0.apk

android-9-x86

10

345e172356...f0.apk

android-10-x64

10

345e172356...f0.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    22/03/2025, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    345e172356ee2b29eb4d9a0f7b6ee7dd726e8795e1dbd245b4be5e2b7796b0f0.apk

  • Size

    8.9MB

  • MD5

    80d89d1f2000ec6e41ec686e6c2499b7

  • SHA1

    97517bde058bbd3d1a785edc1a55a76573bd8925

  • SHA256

    345e172356ee2b29eb4d9a0f7b6ee7dd726e8795e1dbd245b4be5e2b7796b0f0

  • SHA512

    eafae525d54ca46be783c8398848651c43bd5136f62eb54f50996d149ee1274f6aa6c33b74627733a0af76370b4bf75e8041268c47c9070d090d60c4a07c7e71

  • SSDEEP

    196608:Sjcvj4HDaHNva2kIbcHJcUyOJNy6Uo5Zkajv5LQy:zr4Hutvazc8J9zT5ZnRLQy

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://b-fulltime.org/u3n6hcu6te3b46gc

Signatures

Processes

  • bakeph.dist292.blog
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5071

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/bakeph.dist292.blog/app_traffic/MctgTq.json
    Filesize

    4.9MB

    MD5

    956ec6d809a6e35ddd3155b0a2a93bac

    SHA1

    560a650bb0055c4d11f008d2aa8c6abde9146987

    SHA256

    e24376abaa5c9c55a63480ab7c274b9d678abf4a08b9ab83106d43dad05d0d11

    SHA512

    2ab03b754c3595c537f06268d5043a7311ba2cb272de2533410a5e53c9d234b9316fb2c8ac012ac1e217457bf714dfbcd43ab70d7c88dbf107210a8f5bcf1c42

    Download Submit

  • /data/data/bakeph.dist292.blog/app_traffic/MctgTq.json
    Filesize

    4.9MB

    MD5

    73102177b62492c2a7935c4417376461

    SHA1

    fa32afcfae2593c05099b15876b567477ee91d7e

    SHA256

    914f1fc352b3b866fe36e776775484208ff7eef2a20a63e171e82c3c80c68c45

    SHA512

    a1ecba1e72774fb153e60a5fbf24b86e82c7567256da412d517ac11963c874d9b88f355843d1ac774dc8edad2bdcc9000134244708101b5399edfde52ac25b59

    Download Submit

  • /data/data/bakeph.dist292.blog/cache/clicker.json
    Filesize

    17KB

    MD5

    d780f836fe54e51872bf31220a4dcb77

    SHA1

    5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

    SHA256

    32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

    SHA512

    62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

    Download Submit

  • /data/data/bakeph.dist292.blog/databases/a
    Filesize

    20KB

    MD5

    93e7f88ba7fd4f0152e8e5dc56f1acc0

    SHA1

    f29883585567a32fe4d487e5df14173c39c09e65

    SHA256

    dc6bc98e7f294d8994b3120cb87c0ed1d998e559daab810a68323a8968c60c2c

    SHA512

    be40cb85f75181627e2e4f7fb01e371ad4ce5051416d7e931ae45479a1357526e89a017aa461de03076c0b650eb5c851c239e88556677e859bb9b7c28e48d745

    Download Submit

  • /data/data/bakeph.dist292.blog/databases/a-journal
    Filesize

    512B

    MD5

    bc557b287050399415746500e917f72a

    SHA1

    5902f2cb38894ce8c949ee5787b34f6638383f73

    SHA256

    9a273bc0fa2941c8984d0862a23d0be5cabb5346e6f92ad3cbf26157a4477d52

    SHA512

    426f9496af1275bde1c5e44b6f7105ce9a6e5339f7e747c060291ca663e3a77a6913f45c9f0874b48d24b1e301e20a926d9240c8148821b3a28eabc704b851cd

    Download Submit

  • /data/data/bakeph.dist292.blog/databases/a-journal
    Filesize

    8KB

    MD5

    4d4a0732a70c3b09a315e159e6d2fb80

    SHA1

    dcf5d0a970ddf8eaabff4b1492f444e14bf85a24

    SHA256

    54f2ca88db8c2f42329d020cc6c7e1e35de6aba020aa65ce41d6dd65b9657e76

    SHA512

    b5e0933569939e4d265a6e804c5f42dcce6ee695eebf97faa7b4f083c3d34e1a8bf87c15f6fdc8408e0fb66b8aa658c561123b7cccc241737e56c5eab9956e06

    Download Submit

  • /data/data/bakeph.dist292.blog/databases/a-journal
    Filesize

    8KB

    MD5

    b4b03891237a5ac6d78c9e1abfcce914

    SHA1

    7e4020bf2b534925309eeeed3bf9e9f0866e7166

    SHA256

    84c67a3c42e9edd851ae8fc69857c97a57584d5dc2450366b1d4fe0ba8e52e46

    SHA512

    95df4e021c8ea5f5d402385ea3d7a6975aa588eb1b04683c39c3105b825a0dd72774b78e4d176e72ac1b502e7de907c2e9236c9b5f7a78ab2e8d27040a60a28e

    Download Submit

  • /data/data/bakeph.dist292.blog/files/bakeph.dist292.blog
    Filesize

    256B

    MD5

    baad3b19528cabe4953c054b55a441d0

    SHA1

    dd100dd0d0158b77b07626b4996ba636f62e5cb6

    SHA256

    040c1e0f5d3db0241a49d3a0fecb7d9eefcab6212eb78c66dd6569d4fa17c176

    SHA512

    6de0a98864ef582024b46637c9a0251b161831fbc451f78987078626b914a25c92a041b821f3ee8cd2657001da70114b3a4d11fa111e3d643d5207685589026f

    Download Submit

  • /data/data/bakeph.dist292.blog/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/bakeph.dist292.blog/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    d80947409d8398d00164ae4439e91e33

    SHA1

    18c37552c68fe47ed4ff9778efc5c1ee2f13e21b

    SHA256

    2a5507df98a99b87a54dee1fdde5b1745ba3a40204d8361737c8d675a7897007

    SHA512

    991feb349790028fed3b5c2c08780462f248a0812e28f08cc0388185b4043abb7fea260d53d8b58bb6f348e3985547f092dc62efa7182cc0b79a5fba11c73708

    Download Submit

  • /data/data/bakeph.dist292.blog/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/bakeph.dist292.blog/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    9d3a9596e8b95f349fd2c3a09c3ed75e

    SHA1

    ded7aa77ebc65121ce2b96f19034d180bc1f4931

    SHA256

    b757fdb04ccec12a4385e58cb8a382e035d71d4c5de7fe4c2a5e8fae358d2924

    SHA512

    3182d643acfe2e5424011b3499a4587843255b34afb16d6de89ff0f31e4ef4e6b29a9cd18b534a6455bb751fb5f739cd58984cdbd1478cefd3e82e17bd0e89cf

    Download Submit

  • /data/data/bakeph.dist292.blog/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    cd6f95afd62362174f8ecf06509fc1d7

    SHA1

    0460ce682548dbe86d81958103e5edae8c111459

    SHA256

    94d3a529e78b7bf34e28cf369e937a107ae9ef7d3c0f15333d52282b4135d304

    SHA512

    0f0bed14d8111e256414ac7064f577e9f32a02eacbad7a21737301f8683ea6f7e93240b211cb2e1f2be49db70fc2f0fdbb33aa2f632972ab172e3dd94f104eee

    Download Submit

  • /data/data/bakeph.dist292.blog/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    8c652d40bfdb6284e1a700439bdfc2ff

    SHA1

    6f15a2103fe360f30f2ce4054594d5b414c364d1

    SHA256

    5899d6c8a9d1a491e3fcb95258677fd8e23f451913c004e234e3223b941e24e6

    SHA512

    b90bc0e0608bbb59753510eb3ddacb08c125b531c20b3832a46debae3cf930c292f5ca35a47f0f9e9e01d0a5302ed2f087b418fb603ff4883e3854ca5c88bc31

    Download Submit

  • /data/user/0/bakeph.dist292.blog/app_traffic/MctgTq.json
    Filesize

    10.9MB

    MD5

    35d4cda95e19e9be467673c78e1e2fa2

    SHA1

    3868d4dda794c360f57ba650c332b39ce5c68d8e

    SHA256

    6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

    SHA512

    577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

    Download Submit

  • /data/user/0/bakeph.dist292.blog/app_traffic/MctgTq.json!classes2.dex
    Filesize

    308KB

    MD5

    f6b89acc1728c7d64be4b042fb787711

    SHA1

    a1839b0bbfe36db9e1de750895093a41872dee58

    SHA256

    e38f1a99e3b77b0d416161420651ed11a069de45e9cfae7e41585a3c9ddde806

    SHA512

    ad74d6dcbea2ee263d451353b773701165d6334dafde8b4254fad369eb544996bbf64d5db2b2423932751fbfd9d7e42faec67dd552384e1d6a00a89c0ecdd7e2

    Download Submit

  • /data/user/0/bakeph.dist292.blog/app_traffic/MctgTq.json!classes3.dex
    Filesize

    266KB

    MD5

    53410124d4dbd239d7962deabcce6d8a

    SHA1

    85f8e02449fdb7eb7a4a7d6f95603c0c381bd135

    SHA256

    1b5a77a13977c67a4bfe73584e22103aa7656a5750abdb3c7bcc302269b72073

    SHA512

    59b2796a1d1b7ccc6f7887e4d674d9bfd0cc4c4b851265e7fed0839d754a0058008cd622062c610471e5ff7eab0f269da16a9e0d5d75c19dbbfb16c05bbb4d7b

    Download Submit

  • /data/user/0/bakeph.dist292.blog/app_traffic/MctgTq.json!classes4.dex
    Filesize

    1.7MB

    MD5

    30465152db261852e3a226a666ec4304

    SHA1

    442a188e07db85653022734d0a8537d4312aef38

    SHA256

    c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

    SHA512

    3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

    Download Submit

  • /storage/emulated/0/Android/data/bakeph.dist292.blog/cache/logs/log.txt
    Filesize

    83B

    MD5

    6b50c9439c0ac8e6d0f04421ce8086af

    SHA1

    cf4e86c995de60225f5370910a5ef3ae54e2d590

    SHA256

    6df9df646103ac0ba59c7cd689dc119c304da99ad7d09338b0bb32187fcf2132

    SHA512

    486c69b21225f0d1bcd5cf4b758884ee5016a83a223602478fcb3c41a5017b035e30d36354d8b0aee627150624946c816d31624d96ad6b7a1edac298cd2ac890

    Download Submit