Overview

overview

10

Static

static

6

702d8ae90b...ab.apk

android-9-x86

702d8ae90b...ab.apk

android-10-x64

10

702d8ae90b...ab.apk

android-11-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    150s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    22/03/2025, 00:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    702d8ae90b3535bf923522cdce541922065fd31c23356474d04c29245ef153ab.apk

  • Size

    8.6MB

  • MD5

    1e601badb689ec4328e7206483f7fc8f

  • SHA1

    d103db4da641e5dad66226087c45a92f5a35ec3d

  • SHA256

    702d8ae90b3535bf923522cdce541922065fd31c23356474d04c29245ef153ab

  • SHA512

    91b042429caf3ec6709f816d80f95930fdf4bd81965ea7e4232b7d3bdf4560aba64e0e181d5186896dff49137644915381f166835863be2627928882bd77298b

  • SSDEEP

    196608:oOsWNIJ8HMmitHQfX1BSNlit0XvuYznJcTZBzhBfCR:/Ps01gNlit0Xv7zGLzh8R

Score
10/10
trickmobankercollectioncredential_accessdefense_evasionevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://somakeawish.com/hpuex9yu0lfad7pjoxcl

Signatures

Processes

  • kegvi.nfec906.cyc
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4793

Network

  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.14
  • flag-au
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    216.58.213.14
  • flag-au
    DNS
    appassets.androidplatform.net
    Remote address:
    1.1.1.1:53
    Request
    appassets.androidplatform.net
    IN A
    Response
  • flag-au
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.178.8
  • 216.58.204.78:443
    tls, https
    1.4kB
     40 B
     1
    1
  • 142.250.200.14:443
    android.apis.google.com
    tls
    2.6kB
     6.0kB
     13
    11
  • 172.217.169.78:443
    www.youtube.com
    tls
    2.1kB
     8.4kB
     18
    15
  • 142.250.200.14:443
    android.apis.google.com
    tls
    2.7kB
     6.2kB
     13
    11
  • 216.239.34.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 142.250.178.8:443
    ssl.google-analytics.com
    tls
    1.4kB
     6.3kB
     10
    9
  • 142.250.187.193:443
    tls
    436 B
     6
  • 216.58.204.65:443
    tls
    135 B
     40 B
     2
    1
  • 216.239.34.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.14

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     319 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    172.217.169.78
    142.250.187.238
    172.217.169.14
    172.217.16.238
    216.58.204.78
    216.58.201.110
    142.250.200.14
    142.250.179.238
    142.250.180.14
    142.250.200.46
    142.250.178.14
    142.250.187.206
    216.58.212.238
    216.58.213.14

  • 1.1.1.1:53
    appassets.androidplatform.net
    dns
    75 B
     135 B
     1
    1

    DNS Request

    appassets.androidplatform.net

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.178.8

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/kegvi.nfec906.cyc/app_rice/ldWtltI.json
    Filesize

    4.9MB

    MD5

    6062a6cdd52269b087ea01359d8ffadb

    SHA1

    1234ab4afe8f84db845705885caa1ae47060872a

    SHA256

    f675c72b6fc408c95fd6c71e13fd3b650ba3dccc25482eb6514a84401ad0b4b0

    SHA512

    4fa560e886e567e8137ddc99d30426672aad6acec89c7fbd4be2068984483624611662968dee8feb23b6062ff2631de86f961ba921cdd3ba6f7510d528a3842e

    Download Submit

  • /data/data/kegvi.nfec906.cyc/app_rice/ldWtltI.json
    Filesize

    4.9MB

    MD5

    44df4ebbf927174833e43c712252f4b3

    SHA1

    2a8b7cc64b6ef8303c2edb7666b3eabf816f83a3

    SHA256

    9d98d41bf0c3bc1ad00bfde87d31d81654859436754a531328e7b718dcd2f396

    SHA512

    139e8ef82d16d15e2cc63b76969c16e387c67be8b3808c301e64059da3fe6cb2f8dbe897bfbe1578d83194848289c017ceff86985e2945bf4f41c34c345057d8

    Download Submit

  • /data/data/kegvi.nfec906.cyc/cache/clicker.json
    Filesize

    20KB

    MD5

    2a08aa3691d360c2ff0815d0b7812fde

    SHA1

    50c37f212fd78fb89ecb00f81656723ef28fd53f

    SHA256

    ec0eacdcb736f245853bb430a97dfcd3dbf0e6abf43733470db53fbebcdd0e2c

    SHA512

    d9243b6ea042f3d0014ecd1f1afc1e71e9da1fca40f36d3a3e0bcdcb91badc7e892a2944c994a267ad3efdd94e78c17db9afd461d2858d189f4b42c622897b89

    Download Submit

  • /data/data/kegvi.nfec906.cyc/databases/a
    Filesize

    20KB

    MD5

    57baf3e42a94e8dd82e267b2f0619330

    SHA1

    76512dd29fbaf3cfd2efeae0ac2ab5108b81af19

    SHA256

    49a98902c1ffb97354f0e8f0f9208b84dfabaa826635f6ade1fc782169a3ec7c

    SHA512

    227f9d10a39fb0d8ae0a562e3b983fde44de62b3dbcd577172451e0e1f669e5721ba653c324af7c4d022032edd951cc417805a4eeafd5e84f28d378b9126a690

    Download Submit

  • /data/data/kegvi.nfec906.cyc/databases/a-journal
    Filesize

    512B

    MD5

    d834994a703bb4cc2b17f007e512d3da

    SHA1

    0a66bc47d50e1ea1ba8b7e1103a7addc98be71cd

    SHA256

    6fa9ad7a2bc7c453653c6a65585892ff62e1e8c69f1db22f0105c1b4a99f42d9

    SHA512

    30f657ac9bde0ba6b10a01f67358d1f7408010762312155de48f49dc1c63d10db1f2ab84946e313eed2c3f8a3dc9116aa793a04a35154f4401e1bd65982e6eac

    Download Submit

  • /data/data/kegvi.nfec906.cyc/databases/a-journal
    Filesize

    8KB

    MD5

    4abb1ee3a34cfa28f04d066840235ca1

    SHA1

    ad43a82f59f0afa50f33e2be4fee3ad95d436847

    SHA256

    b89c1aa65f1e7c925ea1efbc2fe9f98021948ee6fdea1bc27fa88cfe5af143cf

    SHA512

    85d57cdc0daa241fbd7fdcaeb7b5585b88a43d34ae7ca1a414809e920fade42731bfcc56a8acf8c6f931cf86c51580403620a1d3a6291826387a163fb266807d

    Download Submit

  • /data/data/kegvi.nfec906.cyc/databases/a-journal
    Filesize

    8KB

    MD5

    2dc2a0b12e13d5e6ae6a2b0d18dd1c9c

    SHA1

    dfa8a93e1c15ac52d479ccf277c8d5095a6b79a9

    SHA256

    3c52edd3da8ef5c572a3beea8e0860feb0d865974c79cbc30d87f87c4c4f9a41

    SHA512

    3ae9f43fdd77892181ac4991b2e76131fac8a59b1a30d730662f08c9797293a1409958f11333a6309f5acd86a381decb0de2ef3d64d610a3fbdccd1761a26351

    Download Submit

  • /data/data/kegvi.nfec906.cyc/files/kegvi.nfec906.cyc
    Filesize

    256B

    MD5

    b25edb788a9f19878d8fc530699a475a

    SHA1

    318fdc64db442649faac4c46eeb105e13899233b

    SHA256

    71e7f7c1b2db6a90214033105cbf9136754e427d6bc10f7832bbf53acc8d40ae

    SHA512

    7d8a5484ae6c2416658c71d4d04f5b8ac14901ab29912271a8aa143ba589b0dc11c9dae49bc1f6bf47cc4dd4ca72790f9c4bf8859e935b436be6b69d191852a7

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    10e10d6da66de06639cabaacf5b73ef4

    SHA1

    d8a56b82f6d33bcb04d90216b1a3ac6420ad3e7d

    SHA256

    6401f6625ddf5cd67dd7802501875bf46f551ffcde80952dcb0dc010b9c39dd5

    SHA512

    2850bb55947381bc95ee46af249350bfa8e2d8cc5921f3992a716699b09b5e0e55e74c78b3c510af0b198fc84b5b667cb47767d4e8fa1d7cd952f660e84144f2

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    63538a7557a8fbafd3fc69d079f4e85a

    SHA1

    985bf2d5a1da7c906bdb78b1ee79ec7784bd39dd

    SHA256

    a2814263d51d52f43b16403913421bf925a5a3825200d868c89e354cfc8ef9f2

    SHA512

    a45f78eef022659f4455abfad2511822489c21b223d9f01022d26280d801a7d35e419f8fa7e15f95d433de9ac6f4f8a5147005abd5fa5b3d160c3d02f4b363b9

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    6968f315d084a2e20b1f4b2f04675a29

    SHA1

    85e45ad9201c8404427b8eaa6d1fbbc0a8933b85

    SHA256

    8a7beb9b1fb1ea2d2d0d54fbbe06acff5ee4030bc41d5627c8df79cf357861e1

    SHA512

    158e5c9d3e39edccb8c329d8682e71b74aa1c308c3336f3e1d6a6a743348863e1c353511d9f4af40aacfe7b086986b6962d63d7c82d978fbd4ce6cd65eb48745

    Download Submit

  • /data/data/kegvi.nfec906.cyc/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    1d3b700381aa2dcdff3488e7579fa66c

    SHA1

    f17cd12d05f1124335e96a9c096ad87990d8bf4f

    SHA256

    773cc9ed5bf7e0dcb680193f03ca8b36869062cb42720eea06c3946785690a00

    SHA512

    8533f8b32d429dead89877b7f019e1fb4bf240ddea42e77c3c128069494a2cfdd262a41f8593d45ae659e681a2338aba66a7e4497d38060dee91346d8b87b1d0

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json
    Filesize

    10.9MB

    MD5

    35d4cda95e19e9be467673c78e1e2fa2

    SHA1

    3868d4dda794c360f57ba650c332b39ce5c68d8e

    SHA256

    6c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746

    SHA512

    577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json!classes2.dex
    Filesize

    308KB

    MD5

    c4f1bf1c779a21a25c3dbf5a15efedc5

    SHA1

    e525c2e12234f6eca7690f2bf0e29ae48f958e33

    SHA256

    410e18df84f39a134073269b355ae5e6473f689ed9bf3f9903a6eb38af2fcadd

    SHA512

    ab612b7ef8de98b3943600cc39c26149e520ede008366a2efcf9d1e76e17ca53068c9f4699e6b5e40aa8f99b5339bc8e35091fb264bcf3ec640fbf68c465476a

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json!classes3.dex
    Filesize

    265KB

    MD5

    c6abf8a6dbc7699cb23c034ae965fb05

    SHA1

    1a420d700e47d712acc84641fad51a4b40041cfe

    SHA256

    c3cd0d23cf49de955c9bcd893cafb62ef3396c0e2d52b631eaf78726913bf958

    SHA512

    9061fda1a71959cbfbf9effc673213c0678ef91b4958a4674c11e1ababcd433541f0298852b785cc66cff1c945816230309111127923ea21795ed2ad31ddb287

    Download Submit

  • /data/user/0/kegvi.nfec906.cyc/app_rice/ldWtltI.json!classes4.dex
    Filesize

    1.7MB

    MD5

    30465152db261852e3a226a666ec4304

    SHA1

    442a188e07db85653022734d0a8537d4312aef38

    SHA256

    c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

    SHA512

    3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

    Download Submit

  • /storage/emulated/0/Android/data/kegvi.nfec906.cyc/cache/logs/log.txt
    Filesize

    83B

    MD5

    8d87968489bc6072858b29457a72f824

    SHA1

    1ae8048471095f4b12dab47977d6fd17ad8550bb

    SHA256

    7c276c291d1e977d77d3d50be7b9fdf78eaa707d6888905aecf2f2e4fe3afa7e

    SHA512

    69f5cfac2eef566144873a6d8e902e9232c5853811603b8b718f4fbf8c7da0069c64e4feda3f9bc1e597f989d618c91ecce53f7fc18a7d1f21257b046d96b437

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.