General
-
Target
ec59004e19643019010888d239e3a0ea916788d6cafdd71392089d0b988c3048
-
Size
7.1MB
-
Sample
250322-addf4sxnt4
-
MD5
4db4d4e3debd26c9e7fdd841bbc1ecf5
-
SHA1
aeefacd157edeb48cc614ffc07d17089c3c9b3b8
-
SHA256
ec59004e19643019010888d239e3a0ea916788d6cafdd71392089d0b988c3048
-
SHA512
fe75702aa070a54126f92f3f2dd5e3c5a8d0b4a8c44e6b958b9e958978d3d3d9dcb001db8ecfdad8db8a0638344152d2685665cd9b2cdea43c0faee33ce55653
-
SSDEEP
98304:zuPfGhHxNIcEIjxZEloYr4lPcxbKLBOro1g09mBsF7hzhPjJ3lrmFagKHJBb6U9S:SGFIWTplnoFBsFtR19mEgKj+p
Malware Config
Extracted
trickmo
http://mikejprdanorg.com/c
Targets
-
-
Target
ec59004e19643019010888d239e3a0ea916788d6cafdd71392089d0b988c3048
-
Size
7.1MB
-
MD5
4db4d4e3debd26c9e7fdd841bbc1ecf5
-
SHA1
aeefacd157edeb48cc614ffc07d17089c3c9b3b8
-
SHA256
ec59004e19643019010888d239e3a0ea916788d6cafdd71392089d0b988c3048
-
SHA512
fe75702aa070a54126f92f3f2dd5e3c5a8d0b4a8c44e6b958b9e958978d3d3d9dcb001db8ecfdad8db8a0638344152d2685665cd9b2cdea43c0faee33ce55653
-
SSDEEP
98304:zuPfGhHxNIcEIjxZEloYr4lPcxbKLBOro1g09mBsF7hzhPjJ3lrmFagKHJBb6U9S:SGFIWTplnoFBsFtR19mEgKj+p
Score10/10-
TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
-
Trickmo family
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC)
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1