Overview

overview

10

Static

static

6

702d8ae90b...ab.apk

android-13-x64

10

702d8ae90b...ab.apk

android-9-x86

10

Analysis

  • max time kernel
    29s
  • max time network
    29s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    702d8ae90b3535bf923522cdce541922065fd31c23356474d04c29245ef153ab.apk

  • Size

    8.6MB

  • MD5

    1e601badb689ec4328e7206483f7fc8f

  • SHA1

    d103db4da641e5dad66226087c45a92f5a35ec3d

  • SHA256

    702d8ae90b3535bf923522cdce541922065fd31c23356474d04c29245ef153ab

  • SHA512

    91b042429caf3ec6709f816d80f95930fdf4bd81965ea7e4232b7d3bdf4560aba64e0e181d5186896dff49137644915381f166835863be2627928882bd77298b

  • SSDEEP

    196608:oOsWNIJ8HMmitHQfX1BSNlit0XvuYznJcTZBzhBfCR:/Ps01gNlit0Xv7zGLzh8R

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://somakeawish.com/hpuex9yu0lfad7pjoxcl

Signatures

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo
  • Trickmo family
    trickmo
  • Loads dropped Dex/Jar 1 TTPs 8 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • kegvi.nfec906.cyc
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4375
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/kegvi.nfec906.cyc/app_rice/oat/x86/ldWtltI.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4401

Network

  • flag-au
    DNS
    appassets.androidplatform.net
    Remote address:
    1.1.1.1:53
    Request
    appassets.androidplatform.net
    IN A
    Response
  • flag-au
    DNS
    appassets.androidplatform.net
    Remote address:
    1.1.1.1:53
    Request
    appassets.androidplatform.net
    IN A
    Response
  • 172.217.16.238:443
    312 B
     6
  • 172.217.16.238:443
    52 B
     1
  • 142.250.187.202:443
    364 B
     7
  • 224.0.0.251:5353
    2.5kB
     8
  • 1.1.1.1:53
    appassets.androidplatform.net
    dns
    75 B
     75 B
     1
    1

    DNS Request

    appassets.androidplatform.net

  • 1.1.1.1:53
    appassets.androidplatform.net
    dns
    75 B
     75 B
     1
    1

    DNS Request

    appassets.androidplatform.net

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/kegvi.nfec906.cyc/app_rice/ldWtltI.json
    Filesize

    4.9MB

    MD5

    6062a6cdd52269b087ea01359d8ffadb

    SHA1

    1234ab4afe8f84db845705885caa1ae47060872a

    SHA256

    f675c72b6fc408c95fd6c71e13fd3b650ba3dccc25482eb6514a84401ad0b4b0

    SHA512

    4fa560e886e567e8137ddc99d30426672aad6acec89c7fbd4be2068984483624611662968dee8feb23b6062ff2631de86f961ba921cdd3ba6f7510d528a3842e

    Download Submit

  • /data/data/kegvi.nfec906.cyc/app_rice/ldWtltI.json
    Filesize

    4.9MB

    MD5

    44df4ebbf927174833e43c712252f4b3

    SHA1

    2a8b7cc64b6ef8303c2edb7666b3eabf816f83a3

    SHA256

    9d98d41bf0c3bc1ad00bfde87d31d81654859436754a531328e7b718dcd2f396

    SHA512

    139e8ef82d16d15e2cc63b76969c16e387c67be8b3808c301e64059da3fe6cb2f8dbe897bfbe1578d83194848289c017ceff86985e2945bf4f41c34c345057d8

    Download Submit

  • /data/data/kegvi.nfec906.cyc/cache/clicker.json
    Filesize

    20KB

    MD5

    2a08aa3691d360c2ff0815d0b7812fde

    SHA1

    50c37f212fd78fb89ecb00f81656723ef28fd53f

    SHA256

    ec0eacdcb736f245853bb430a97dfcd3dbf0e6abf43733470db53fbebcdd0e2c

    SHA512

    d9243b6ea042f3d0014ecd1f1afc1e71e9da1fca40f36d3a3e0bcdcb91badc7e892a2944c994a267ad3efdd94e78c17db9afd461d2858d189f4b42c622897b89

    Download Submit

  • /data/data/kegvi.nfec906.cyc/databases/a-journal
    Filesize

    512B

    MD5

    5055a8fb72c6d7f1410346666ef8944c

    SHA1

    26bd424604dabc2bbce3c49f5783d4b8a15f7c54

    SHA256

    f6e5583209bfbd7a4997927d2fb17401ae309f1d80a99c0f12a4a9ea03c7de25

    SHA512

    f786538148725aca18495d9f1a9c65f3861d0f923c0468795c900babdbe7ac82ad8bb5ea1c767df1e247bff1ebbd0ea42fe2bd4b7291a964f57186eee86b5745

    Download Submit

  • /data/data/kegvi.nfec906.cyc/databases/a-wal
    Filesize

    32KB

    MD5

    1c3b64075686d82833e5f1cae19d6d9b

    SHA1

    f7d7f7553a3b8fd47bd31dd388bf91602bc8b731

    SHA256

    1d323a59457a2c74835702c5dd3821e200ddec59c9ad50d726b37e9f0c6d6b1c

    SHA512

    6d25ff18d3ee7cb7cf2386087e7bfff7c661079e8a3c6262a346cd46f5054f437cbbd39810e801366e39052a2e391dc95d50833fa06d3b43a94bf1e1851bb0c3

    Download Submit

  • /data/data/kegvi.nfec906.cyc/files/kegvi.nfec906.cyc
    Filesize

    256B

    MD5

    c954a5dabc1d0b087c903ebdc6841a24

    SHA1

    921a8219f92afbf4bdf25b7e3bf72025262a1f00

    SHA256

    8f5cbda8ebee97fa3c6874786ad94b528ee6607429e2e1e6c848de1cf0fc5ad0

    SHA512

    bedf7addf7d0362fb114da676d0148bb940a697418ef208aec6f066ea50f835fad01b1e90722bb1cef77974afc7c9ed7baac741f4d37c69965b0356d5bb4b6bc

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    816ac5096e0bf9464a2a7c3e2a08141e

    SHA1

    732933d0a7f7e1051c8d58c4c7236493b4137c4c

    SHA256

    f1a064c82e8185385673729dc1d6912fc01ee3ccc9db4ce634a421df418b97b9

    SHA512

    421f24ba0099af6bfb5adf27e11b1c6720864ef7214a3c27439053c7a6b1caa9465657a1972f922cf0c7bb96d9543e415f63719d3d8055b03273f1204a36017c

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    f3db44d5f02a6f6f3d5d68ea6e58603d

    SHA1

    32e3114a0905fb272558f8b10e1411f0eadf628e

    SHA256

    107b0c415df40fd26d3734b0bac2c1f0f18143b4c0f257504e5310e8f906f552

    SHA512

    d18b0b460dff116d4981fbb7b9342d510ce9406bd945f6bf4581a4a9eab63e019d45e463f98fa901fda41d8f061a070c06ac3a3fb12aa7ac4c65f7c3e39ebc74

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    c6624ad3afd69c70e674f436422c1ce0

    SHA1

    c9bee26364b37a534bbf6efbb36613db736b502e

    SHA256

    0f75c43c7bbeeaf7234d593b8af2d75b00f111761be29b3fc6de37ef29b0386f

    SHA512

    71356f4be48a68b639b84a999d99766e66c665636b87c190f98a1f38cbeaaccba4f3f4e0a37aeb4359dab581a0dd9c53ad1be55125184fbcb88c8b98d02fe1cd

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    cc050b85aa7980cd661dfd551e4f54d1

    SHA1

    4a82251ad2750db86b5aca09aac09fbea65858cf

    SHA256

    050a34dfbaecf775803b03011800a27c08c889ad370bd9bc451498bd8fdccb75

    SHA512

    35ec44b6a6649fcbeb4ba9f4eeb1be79b4e7fd1c288c62c183e051bbd89997b325c9d856d500eac3a6a6482acfea5793b4b82c2855be8c23b0b0faac94569f8f

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json
    Filesize

    10.9MB

    MD5

    35d4cda95e19e9be467673c78e1e2fa2

    SHA1

    3868d4dda794c360f57ba650c332b39ce5c68d8e

    SHA256

    6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

    SHA512

    577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json!classes2.dex
    Filesize

    308KB

    MD5

    c4f1bf1c779a21a25c3dbf5a15efedc5

    SHA1

    e525c2e12234f6eca7690f2bf0e29ae48f958e33

    SHA256

    410e18df84f39a134073269b355ae5e6473f689ed9bf3f9903a6eb38af2fcadd

    SHA512

    ab612b7ef8de98b3943600cc39c26149e520ede008366a2efcf9d1e76e17ca53068c9f4699e6b5e40aa8f99b5339bc8e35091fb264bcf3ec640fbf68c465476a

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json!classes3.dex
    Filesize

    265KB

    MD5

    c6abf8a6dbc7699cb23c034ae965fb05

    SHA1

    1a420d700e47d712acc84641fad51a4b40041cfe

    SHA256

    c3cd0d23cf49de955c9bcd893cafb62ef3396c0e2d52b631eaf78726913bf958

    SHA512

    9061fda1a71959cbfbf9effc673213c0678ef91b4958a4674c11e1ababcd433541f0298852b785cc66cff1c945816230309111127923ea21795ed2ad31ddb287

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json!classes4.dex
    Filesize

    1.7MB

    MD5

    30465152db261852e3a226a666ec4304

    SHA1

    442a188e07db85653022734d0a8537d4312aef38

    SHA256

    c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

    SHA512

    3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

    Download Submit

  • /storage/emulated/0/Android/data/kegvi.nfec906.cyc/cache/logs/log.txt
    Filesize

    83B

    MD5

    2af29a228fb060a4151488316fd84ee5

    SHA1

    529182dc70cd88ac11ec4e1fa5e60c6bf7e4d9bb

    SHA256

    8913abb2574fb47886e27b6b45bdfcd2a9518cc32758f07d27130fda23b00f8b

    SHA512

    c91ff5303a0c3d30b5376c1058108a4e23a1410b94ce57093a45b222b0561d3511cd9e3e3bae152c3cc85b06d9177dd81696f3f8eced2638056042474b04ac57

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.