trickmo | e66fc71e6214d06c4f6a927a81dff67832400b96e13db009554fbb76c3a7e8c3

Analysis

max time kernel
6s
max time network
21s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
22/03/2025, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e66fc71e6214d06c4f6a927a81dff67832400b96e13db009554fbb76c3a7e8c3.apk
Size

8.1MB
MD5

39ed4c523ff7821c169ce57c444ba726
SHA1

bad2cba58358b58db890e56116077f28ec55a744
SHA256

e66fc71e6214d06c4f6a927a81dff67832400b96e13db009554fbb76c3a7e8c3
SHA512

6a6f6f2ae61a92fcc6b0e3099e4c489b719974d6b9f5b2bac3c99b920ef8fe04cc0a4701286b0310ef5c775d551c9e81ee90f5a1fc3f9e0d7910b372204e8d64
SSDEEP

196608:kcMcwnozila1aKuENgN0ZdxQx/KnlqEarojri:bMDozia1bjvaW3arojm

Score

10^/10

trickmo banker evasion execution impact infostealer persistence trojan

Malware Config

Extracted

Family

trickmo

http://ultramarketplace.eu/c

Signatures

TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
trojan infostealer banker trickmo
Trickmo family
trickmo

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json	4502	wheelsfu.lei842.dac
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json!classes2.dex	4502	wheelsfu.lei842.dac
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json!classes3.dex	4502	wheelsfu.lei842.dac
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json!classes4.dex	4502	wheelsfu.lei842.dac

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	wheelsfu.lei842.dac

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	wheelsfu.lei842.dac

wheelsfu.lei842.dac
1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4502

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/wheelsfu.lei842.dac/app_neutral/wl.json

Filesize
5.2MB

MD5
2fda7227b94ea648be8eac1b6f5b231e

SHA1
36fea9a8d21ba25b8892ac1b44cbd82473ce7b11

SHA256
88922ea3b86716af617087783f3dd53853a51e8670a38837cd15c983a6a859ab

SHA512
40b08732746cd8d8eed45eda3f618b0de659f29a07fa29da67dd400f4ee0baf00b76df109292e12ab75cf1e70662599c00ae575b14d55c2576c0956ace59c112

Download Submit
/data/data/wheelsfu.lei842.dac/app_neutral/wl.json

Filesize
5.2MB

MD5
33135887b3b8a5be270d9d263445d511

SHA1
7acb0203b565c9c50931c6819e3df0ff259335d7

SHA256
bd7d103d34c21f24c2e4a2c8f5e3c9418b9848ed12c0acc7d00a3dd80927de12

SHA512
f96c315cd3ecbed8b52ec7d4ea0f9fa8ed5104cb05e15884634886123a3e156d8ab63f6f577efe6f0fd4f7797f9211ff3befce14617e469fb5446c2f10f897bb

Download Submit
/data/data/wheelsfu.lei842.dac/files/wheelsfu.lei842.dac

Filesize
256B

MD5
6a27793fdde1c8f78f012d56c960e3a6

SHA1
7fa017b5e4a44444cd76dc597e5d4a1403a433e9

SHA256
26e0440f5f4c8867cae7e56dd041467bfabe99aee997977ae5248a8b4fe018b8

SHA512
9a4870be9c3fd2a2a5a684b50aa30b7031215e9040b6123bc68dc9280ecc561317e4a4a7d35047612b61ca9dd2314681bcdf593aa1fd9293302044621704334a

Download Submit
/data/data/wheelsfu.lei842.dac/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/wheelsfu.lei842.dac/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
66012b2062af474cce280539cf307653

SHA1
13222cf79f5865bcbd2fcccb7d136ee3fab9c966

SHA256
75b10151ec28a47ea3d5b766f6ec5daa78e78e90038769966c25d796c34f8c53

SHA512
2aac153123d9b8f8836f49f05e3f891afb6bba7c5a5e6eb32eccdeace19826b31ff46780deaaa20b43d63ce3b5e00ac7d8c5c00ffbbe3b5ea8a02754bd5b1f3e

Download Submit
/data/data/wheelsfu.lei842.dac/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/wheelsfu.lei842.dac/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
b02b770e5d2429a59bd5f4f7cf866d9d

SHA1
5a2448c088be61aff5aad8be0035386cb5f1fb8e

SHA256
8a623e04ea63b54a8d2f3fb5e4c653085dd2a9c0dcc21e1b810b97b517532f7b

SHA512
b08468ec3039f997bbe859a2b9386bde6b2bea8fc50fabe051d76e19799c1ed80469c4fdbddcf21a7254377844dbb36ec5e4681cdf935168cfda7200586de077

Download Submit
/data/data/wheelsfu.lei842.dac/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
01a17404cb9ea4d97b34e44602fe2015

SHA1
c9c802d06af90c9d0e551d23705928108835d8f7

SHA256
961736c2ca88fac41c3a1365a96e378e041d26184324e3696fc15af48d3cea51

SHA512
386cb5314a1566e78750ba8bd71917904b5b944228a6632e373b6338e69b5d0e386408227da6f0d48ecd7a53cacba846ffbbb530c625c5538144ad1958415800

Download Submit
/data/data/wheelsfu.lei842.dac/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
7a4d1ef3d07db9172fac376aadca30e2

SHA1
ef00c4bdbad6e30a704c1e520eb1f6be3740e2ff

SHA256
4106422a2017922d264517b7c1fbb294fea3640e8048d704475e72cfed695b40

SHA512
32418b10878aa5cc95ca85b475c9bd81b5ff7c680ab57dbaa48b4656607f391c15b4421d35618edef335336b6f16c90683a9865e435a9c0d385ecb79b75c5db1

Download Submit
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json

Filesize
11.1MB

MD5
28041432b0c51e3e887643272629c83e

SHA1
fbea5dfc62f03e1ff784b410ec0d547de0e8156b

SHA256
85c845feaa13eb5b0d02b64a996bf1a84b3aa77b6cf616f3db8ae5b4c70e9902

SHA512
7e69a4dffce031e990827d655b83ce66bfca72ecdc5bba4a264f877e0a3788953c41e2f6766e8327127d1b68b63775569648340fda09b4ce13684f0aaca6438f

Download Submit
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json!classes2.dex

Filesize
351KB

MD5
363f342e2147f6274c7a5bb4832f766e

SHA1
bfbd1edff46a5e6eabad6f1b5626b2e72a3e4d64

SHA256
248015ba8bab69b2e80f395ba7a5eda2fa361a8b0b70c8567d0101dd100792dc

SHA512
da083f0cf07e6fa6be0927a3b38ef1dfd31aa05eb9950963510d7095047338c0f91cb7ac559416b08314b04a7611c87f4b54e83416d3b32254c6040b51f0ce03

Download Submit
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json!classes3.dex

Filesize
258KB

MD5
1d8438d54441f884dbf04da00f9848c7

SHA1
cf0da73b1bf6e5c1e8691ac1394812f2442efa52

SHA256
f1979778a580bbdcef2dd40b266b87182e87adfdf83839bd551377c587cdda6b

SHA512
3bf487da3977ca39c5b8177b17d78bb2718f9021133b62d126f1c380e9d862bfb3c8f705a3423eb4f263f391de41e2799b4509d343713d703d1c536eadf88614

Download Submit
/data/user/0/wheelsfu.lei842.dac/app_neutral/wl.json!classes4.dex

Filesize
1.9MB

MD5
2d73c5997273e3910c1ac1d8db7ba145

SHA1
25737e75ed15863e69d02a14efa781370dfec798

SHA256
411c3194c11f6254e4bb6cdbf247518a4696ce9bffc6d373ba7e949889db9965

SHA512
7adca729d74394232c26ee76272a85342fd88c9101d417ba3a0b1018f29cdbe4a852a3458548e4e333db55520cf8b0a7700f6bcb3cfee77a12ec3d272c4dc13a

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads