Overview

overview

10

Static

static

6

ec59004e19...48.apk

android-13-x64

10

ec59004e19...48.apk

android-9-x86

10

Analysis

  • max time kernel
    29s
  • max time network
    29s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    22/03/2025, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec59004e19643019010888d239e3a0ea916788d6cafdd71392089d0b988c3048.apk

  • Size

    7.1MB

  • MD5

    4db4d4e3debd26c9e7fdd841bbc1ecf5

  • SHA1

    aeefacd157edeb48cc614ffc07d17089c3c9b3b8

  • SHA256

    ec59004e19643019010888d239e3a0ea916788d6cafdd71392089d0b988c3048

  • SHA512

    fe75702aa070a54126f92f3f2dd5e3c5a8d0b4a8c44e6b958b9e958978d3d3d9dcb001db8ecfdad8db8a0638344152d2685665cd9b2cdea43c0faee33ce55653

  • SSDEEP

    98304:zuPfGhHxNIcEIjxZEloYr4lPcxbKLBOro1g09mBsF7hzhPjJ3lrmFagKHJBb6U9S:SGFIWTplnoFBsFtR19mEgKj+p

Score
10/10
trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

trickmo

C2

http://mikejprdanorg.com/c

Signatures

Processes

  • butttots.plum676.sai
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4505

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/butttots.plum676.sai/app_wedding/jdgnHyW.json
    Filesize

    4.9MB

    MD5

    9bc28fa2f41c876f1ba4a481a0c4fb58

    SHA1

    4beefc8e05143cb11ce823618e90f41d8e9ca0fd

    SHA256

    90a3b75e1d99da9263ebf0d1bb18c3138106d0ec8739bbf52f7511f2cf432516

    SHA512

    89ff353b74ebfa5b3de4704ce4ac844ed32e6331f536af033be29b4fa74d855a4fc7e701a23fdce9b9196495a1dd21cd9bc7b8db7218896e3bdbabf778641434

    Download Submit

  • /data/data/butttots.plum676.sai/app_wedding/jdgnHyW.json
    Filesize

    4.9MB

    MD5

    406f2d1eb0cc6751866e3a0ebf788061

    SHA1

    5e4f6a97d26c1b2a7e2be6ae30852b114622e002

    SHA256

    6bed575fdd0782b35e71de40519f2413f4fa926784cff0af32d4360c92ef090f

    SHA512

    06c5866ca3066d07e4b08f1b2e2e29442226daa964f5d36b6e3f2014730476428b95a1be3105767d4b4829a3f28899bae7f97b0d25b7cc02371ce630171bef85

    Download Submit

  • /data/data/butttots.plum676.sai/cache/clicker.json
    Filesize

    17KB

    MD5

    d780f836fe54e51872bf31220a4dcb77

    SHA1

    5136aa7fe35fb70c9bf0ab00bbe7f79cf65705ae

    SHA256

    32abf05fd8eb1edb10fd93e2c0bd9b308d109e5686c06b39f4d173847a0efe17

    SHA512

    62842bd62ea2f1a71880415d84501bc2cde8eb857d4baec4e357f3c4c4a74d2d0418bfcc6431789cce207d5290ceb4b1fee31f206ac527a8727176523c0bc635

    Download Submit

  • /data/data/butttots.plum676.sai/databases/a
    Filesize

    20KB

    MD5

    91af32c14839a2828ca58297e0861362

    SHA1

    bd758cc0bb47b570da2061d4633aa998a87ed971

    SHA256

    5d8e556cf9230390a2ea6e8fe0300bf0d3c28397a75d4d5d1138cf25713d5923

    SHA512

    9810060201633366b6d13e9b81a2d9fe1adb61e027a215cd05454bbefaa7f6e1a17aae3781eedd8095a398a05f3c7cf03b589f29d1ac4789dfbf61bce25b9fb7

    Download Submit

  • /data/data/butttots.plum676.sai/databases/a
    Filesize

    20KB

    MD5

    8905897a269384e62d84bb90870ef34b

    SHA1

    4f4b6714169ed3afcf7a02d9d4cd457b2b125eaa

    SHA256

    80b80afdc9dac99a2731b0fbb56488a006472b150e27f1ae5254955d7f499436

    SHA512

    18b279f3b37ea1db2b4b3f31bc39bcbfac0f5cc908fa9b900c1062367a1ca4296d59695df4e9b1345d2cad91156abc617954865818401fdd4766c83914562d4f

    Download Submit

  • /data/data/butttots.plum676.sai/databases/a-journal
    Filesize

    512B

    MD5

    0c117910c67480fc9052493d944d725c

    SHA1

    f181efdc766eb32b63d49d5dbea2ea1c961942d1

    SHA256

    a3714beca64e163a04fee083f407b25637e5c1ca2086d97b1663453cf5d4be22

    SHA512

    af7c26eaa51a19831923c7cee7928f92326f9512da98d1782c08f8f55ac7004acbf372f0629e3fb2fda97f6721f67c62b6909a012b29856ef31c860ca319d2ad

    Download Submit

  • /data/data/butttots.plum676.sai/databases/a-journal
    Filesize

    8KB

    MD5

    060cd65316964ca8bb9a6014d113eaea

    SHA1

    8f133c51a95d84ee7b22a3084b18b0429d35f3a1

    SHA256

    6946caff1ffb8a7db398777f6b4d403001e98e09defdc067e504005d7aac84fe

    SHA512

    06646db7d607f84f1d70ea975aee5960f056adc07a74df87b7e81a93f79c1337deed9197fc154dedc1f9f50e9e15be895bf93b16ff240ab4f465f7d4cbfd56bb

    Download Submit

  • /data/data/butttots.plum676.sai/databases/a-journal
    Filesize

    8KB

    MD5

    a3bf165e0b732b4ec1397a4abfe4a2ab

    SHA1

    349aadca88fe5320e067b5068d33242b09bca0ec

    SHA256

    a1fe6d276ac997ce35677812a7cd53ecb2c048a973f9c182e3d9ab7a18bc3027

    SHA512

    e01032990ae96a423ea56940ba36895eda95840e18f84cda5a7e42d434482cca2e282e816e21f33a581c85ab937ffea1ab7edf780bd6b76b7d0f962d0dc4f584

    Download Submit

  • /data/data/butttots.plum676.sai/databases/a-journal
    Filesize

    12KB

    MD5

    867cbcb14e13e9424051c35f2ffad49e

    SHA1

    b1c3d8207b2a8826930dab5b04ce011e4fc3b5c3

    SHA256

    d4f9a5e92f31da9df2975f5298a3895dd2093ffed618d73744e621b8c3943119

    SHA512

    c36632619e29d3eca5a03d25cb069f135318ab81a747b0a545ed1dd63e15afdf9777ad2e339c7c6d680fb71e4691b73e18a610e1e5548b64c096905bf65326c4

    Download Submit

  • /data/data/butttots.plum676.sai/files/butttots.plum676.sai
    Filesize

    256B

    MD5

    ab02e3a81f1dce4c150ed01d468ceb56

    SHA1

    9859a3138d3e9db215d57f367dded859f374209c

    SHA256

    462010decf9540fc1d3d880a3044d3ac8716b0e6f89b5e2d1c6ad3e7d66b2cbb

    SHA512

    7c0c0d3798ec63f3cadafae1a7422886506c15cf53d70aa7dc107b9ae7babfa1a6686329eb8ec56b7747ea2a89d4b9cdd5c621910473c8ee3532fb91d842225e

    Download Submit

  • /data/data/butttots.plum676.sai/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    0eb157e1a86d4d00aa601dd2f6ff3ee3

    SHA1

    fee434f784e73cc7916322e949f727caf8363102

    SHA256

    b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

    SHA512

    b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

    Download Submit

  • /data/data/butttots.plum676.sai/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    ffaf6a3de8da9032c1b09a58c9946fe5

    SHA1

    f162d9826fdc4176f2a01f89a1dd6c986d29923b

    SHA256

    dbad97671ff5598ac07a992cef9fea8c09cd36cf8bbbeaab0f3e3a4ac3fb66f9

    SHA512

    1c2628f2a8538310e34d62e0ac59e82c21a93092e9083488cfa14c83c56b7cac3b957adfe378dbeb0276666c31403f46d63bca1e6e165abc7345748c53abfc0b

    Download Submit

  • /data/data/butttots.plum676.sai/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/butttots.plum676.sai/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    56166a49c2f134f9a2616caa6353fa03

    SHA1

    6f1fd6ea545dc7091fb8da1bf42a7fe5bb9df3f4

    SHA256

    5b3a55afc5b3c5561bbf748679aecab05c9c128c40f2df8e2ef3cdea02d2f2c0

    SHA512

    1cd924656672177e56933fe095abeec606a84118f6a9579352493543ba7b3e4dfeea5a444293e54e538e7b77ada857110f2d43379eb17559491cb11c19bb7d2d

    Download Submit

  • /data/data/butttots.plum676.sai/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d5cca53fe79820b9862a13aad51af30d

    SHA1

    dc60ebe23fb914a42ff4e1deb562caec8477ddb0

    SHA256

    519b88bdeabd6f99e3dbc9c09780edb3dc7c54b501200bce95ccadc26d2d1f9c

    SHA512

    6b44e7dffa2a0ede3ab8a9768d3ed74176b2715716b616e2e346139c726bf8028f73dd82775430587d0faffc31ace433f04ca04b773b70e996142eba6dba5b77

    Download Submit

  • /data/data/butttots.plum676.sai/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    d0c20e083135382be2ab60bc1eda867a

    SHA1

    0384e5691a43a01b142dc913c062dacf14a52954

    SHA256

    71b17131d9bf9498f7e9852ca500cc1358b703461d02c7fa455967652788042a

    SHA512

    48f030d539762c3cb4801679e2bbe537b6c97293dc4c591b59a36dfd58bdf0b0266a01de8a2106190923996c15f2cd1a639db6a49bee9e44b4439422e5f4b601

    Download Submit

  • /data/user/0/butttots.plum676.sai/app_wedding/jdgnHyW.json
    Filesize

    10.9MB

    MD5

    b6c3becbe6aeeb86cc3690035eae8e29

    SHA1

    b9a508864a6dffe3eb80b3eb2ccd4ae510cd62cd

    SHA256

    0a82df303a40ec841716f73afc41ae8083f5b4d0775eee7f3ed421884c71723d

    SHA512

    ce00cb27ebf00fec2a8ed8cb3f8eeab0a9c55c10cb3c8bb4ff5b49e4c7123248b96a784a3124cb71f7cc24c60b6801e2048eb179a1a5bb41809f3c67088b95ec

    Download Submit

  • /data/user/0/butttots.plum676.sai/app_wedding/jdgnHyW.json!classes2.dex
    Filesize

    309KB

    MD5

    d1e6566482927131289b625099f039ba

    SHA1

    5fddac3b2e8da86f56284989f7907beb3388463b

    SHA256

    16caf3fdf72c434d49cf7ecbcedffaf7c979306af2b85d658cf99c45319f401e

    SHA512

    40bed350b98ab8ca53e99d800bc255632379835d2ae4bf26b8a45ea174b4aa280f0e7fe086148316d485e6ea94cbd4c588d8f511ef0c1d76e98709f72f1cb504

    Download Submit

  • /data/user/0/butttots.plum676.sai/app_wedding/jdgnHyW.json!classes3.dex
    Filesize

    267KB

    MD5

    d2cd609fb19e6b18227f994cf893813b

    SHA1

    a9ba8d38cc657616cc7f9833e900340e253d1495

    SHA256

    e91a92cbc28b5459a4a1aa25deede9437439c7d577fdff17cd374fd871cd4798

    SHA512

    cbeeb12c7d296d1ded6c5a305c123d31533ed188ecd05dcbc1c08f2fa77b05466ac7ecb511e9d6c1e153c1ae105cbd7524e4bedf664c169e936c42ba578ef8ab

    Download Submit

  • /data/user/0/butttots.plum676.sai/app_wedding/jdgnHyW.json!classes4.dex
    Filesize

    1.7MB

    MD5

    30465152db261852e3a226a666ec4304

    SHA1

    442a188e07db85653022734d0a8537d4312aef38

    SHA256

    c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4

    SHA512

    3b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63

    Download Submit

  • /storage/emulated/0/Android/data/butttots.plum676.sai/cache/logs/log.txt
    Filesize

    6KB

    MD5

    bdb8466b70e7a1b49f92379acee294a9

    SHA1

    8dbc39b9f9263307560d7ced87f99056ca5736a6

    SHA256

    f37ed9c1bff0692ee3ce6fde3efe94e3d710dfcdd04c1f0af5c305a6eb4e4617

    SHA512

    a7950eb77675af4fd558da844817b3e8851d409f9888c8e07ff78921f88916cf5086f5f4666375a03068864b28e5ffd8c28d5b9e67f982d5af8e16837d3721d8

    Download Submit