Analysis
-
max time kernel
29s -
max time network
32s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
22/03/2025, 00:13
Static task
static1
Behavioral task
behavioral1
Sample
07b114daff3e1edd5e7f1a2f813cd7dda6f3902cda03f1a8f4ecf230efa52ef9.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral2
Sample
07b114daff3e1edd5e7f1a2f813cd7dda6f3902cda03f1a8f4ecf230efa52ef9.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral3
Sample
deper.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
deper.apk
Resource
android-x86-arm-20240910-en
General
-
Target
deper.apk
-
Size
6.8MB
-
MD5
fb036e22c765cf7dfa625b25ed43b520
-
SHA1
bf36e7998e76f1b6d64b833fce4e2fbd2df67621
-
SHA256
0f0f6a50d4d96be437251a0029aebb34b53fdf4b3adb838dcffd217bd657e6d3
-
SHA512
aad2051941c707d8cbd2f2e26000d1835f11cc5ae503776213ca4e81c8d96c9fb0acbee0d46ddd3a687ef2ab8cd37df062500d29270519d27a4f60ad51c5d135
-
SSDEEP
196608:84NS+koOTZwleubHrPlCDruIexT2FDuxgey:5NpOissrlCvuIexiqxgey
Malware Config
Extracted
trickmo
http://traktortany.org/c
Signatures
-
TrickMo
TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.
-
Trickmo family
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/lansa.sis722.sers/app_dawn/ZldSO.json 4458 lansa.sis722.sers /data/user/0/lansa.sis722.sers/app_dawn/ZldSO.json!classes2.dex 4458 lansa.sis722.sers /data/user/0/lansa.sis722.sers/app_dawn/ZldSO.json!classes3.dex 4458 lansa.sis722.sers /data/user/0/lansa.sis722.sers/app_dawn/ZldSO.json!classes4.dex 4458 lansa.sis722.sers -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId lansa.sis722.sers -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener lansa.sis722.sers -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener lansa.sis722.sers -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule lansa.sis722.sers -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal lansa.sis722.sers -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo lansa.sis722.sers -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo lansa.sis722.sers
Processes
-
lansa.sis722.sers1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Listens for changes in the sensor environment (might be used to detect emulation)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4458
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.9MB
MD5c061bae620d91be24cb526c28bd172f0
SHA15b7d9ca0978aa2ecbddac34adbc1366d346298fb
SHA2568677bdce1bfa345d8d393ffd9b4495d0f11916c3e8b78e3c3a0e869fb1f50b26
SHA5127cabc200ca22bc0285a424ff8ba7a974ddcc86e0d7049e02b0f0819f141f4b31f6eabcfc55725c493c511caeace038bda82c3f271fae068020bdd5797525efe4
-
Filesize
4.9MB
MD57de90707f33dcd6b4c16c5030a7cb478
SHA1007c067a2a164d68b2a82eeb19fcaaa3633e0c1b
SHA2567d4b7850eba8e805a62f8de97fd8bf60e61d2da62425c34ae80adc635a3053f6
SHA5128370bba49ca500788beeacf0e895a103b9010db3b4de3098993853c70f2726a9615ec9f560ab8cc5eac01f7e196f834d04da31eb64029b552b590fcc59f5f5b1
-
Filesize
20KB
MD5e48ae2e98ea5b39dd12819b5cceb7dc3
SHA1219af8ebe9bb26b76eaa53356a613e5fbb806dea
SHA2566e954b8f3df47f2444f1877d8b714e7baa19a1fa4eeca749943eadee1661eac9
SHA512443960bd2d2d0c9a57fd5d2bd75d7efe78071ece69f020260065ae0fffae70e5559c31476156fff62b7f24f4e72b953885a0ea1a858d9205d658e9738bb181a1
-
Filesize
20KB
MD591af32c14839a2828ca58297e0861362
SHA1bd758cc0bb47b570da2061d4633aa998a87ed971
SHA2565d8e556cf9230390a2ea6e8fe0300bf0d3c28397a75d4d5d1138cf25713d5923
SHA5129810060201633366b6d13e9b81a2d9fe1adb61e027a215cd05454bbefaa7f6e1a17aae3781eedd8095a398a05f3c7cf03b589f29d1ac4789dfbf61bce25b9fb7
-
Filesize
20KB
MD5c1df6daa801ef0309e9be64164839a82
SHA1985b2ec6c5863dcd8817f98a7ee587dde6c44c86
SHA256e35aa76c50cac9543e74e5cd209998dd4750ff89fcb9b86a387efafef96d1640
SHA512c15fcd11fa2e0e11c8eb6888d1a8cccb62f8596ad7f68c26388c285439f868632bc2494206681942f57fea3f565bf20b2447ac4ad393b4f2a4f003ef28a4bf6a
-
Filesize
512B
MD5cbfefdcb1c3473df509912fdb0224141
SHA18dc7c250d8471166f56bd45d3721df7c512cf2b3
SHA256ad3b66e3e513b3301d544dc9e6ba0c7a7169a250ef7880e69b24b702539083f9
SHA5124720157f2ae6c11cb07cdc6552547cafab1ac0779ab49e1ce1857b8a5973664aa25e1997cce1b6e69ac366492448dce98fd33b26638bc1ca3696eb63c1faee53
-
Filesize
8KB
MD5fbce4aaf37f87c0207539cae5a0cff0a
SHA1e662547bd64f05f78d9a549e7238d48fca5304e4
SHA256bd0ddd989776887353815a5092d1bbb78ddb890a0d4431f95c2192bec7842b8c
SHA5124585c400afbb4f03aba2ef5003558ac8ed41ee7533efb1db7ab29013a1ebf2d106449c0a86367a4c33ee8f9763d27ad008dfb6bab865aac319cb72f5e712b5e2
-
Filesize
8KB
MD5c3110279fd946f9f3513f796a5df1887
SHA1470f2ed4905f95eacd566480f2a8698e8b26d1c1
SHA2565748b8a9cbf290aafa854bdac13bb4a7d216ad20bff4a9eac2c5237344207793
SHA51261d42a278075946befcebcaf107f6d67170f880dc754a8a07b14d9c2082a41eb9dbc69e9cdb94dda81d5a23e1c8e6d9418d625063455929d81bca86011925af1
-
Filesize
12KB
MD5daffee2b34e1805375f6988c33561579
SHA1277e05c734b68d100108bc5d0dc4b9630c60b8b6
SHA25667987869ef6ed34d4b0996d807cde16c7d95fcf3e6de252b2d231349c703f2c7
SHA5123932a53486d9fd5c033285832e3db31f4532a474e0ec9987129e5920824bb5fe8dc3fbd785ba4459f2c75a3c583ea06f21157e0e370674107ef2cfcb25b0a0c5
-
Filesize
256B
MD56184fa9a97443fbc55532b1e14c8a9a1
SHA16527d6c0bbdac74c4dde60611636001e34bba364
SHA2560c77100f394383414963aa61b7a45243f277513022ea74afa7ec24d214717d55
SHA5128804c542f5a4e1902d839e116eeb82c6c357caf9275a14e8e2dc967627221ec25b2c6491e65ec0f4dc33450e4de77832b63222361babf29cb16ae76a6de36c52
-
Filesize
4KB
MD50eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1fee434f784e73cc7916322e949f727caf8363102
SHA256b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8
-
Filesize
512B
MD554029dee2d8f32bea5f7fe17f37694f5
SHA1b86dadfdc7e32e9087f461caf864503594494dd2
SHA256fd073caf5fe516dc049f73d668bb6400bd325a1e0edd48f075795af0f745813d
SHA512bf38368346f41f0da5d1fd03d2a004c1335d68e306b6bbff7f8f76cb8eab69cac4fb6e87770b11c32321f3e1acd777ef1e86b070e8597ec59f0af8ea6cc145c4
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
173KB
MD5e1776dc78fe2277cf7a079c7f752ff3c
SHA1c710157acbd1920f852906bc72f3aaca2c01611f
SHA256758aba0718d29167790fc1442ae22180bc1baf7246e02f14999062ae579cd8d2
SHA5120ff13145985146772ad702cba44790bda4f590fb2325f8e39380643760ba7df0e660d47061ef8a1be9e915ccdf44afa639e2565118e80dd5eec5e5057aa8bd39
-
Filesize
16KB
MD5650992ce93900cd5de1b24aeddff0e46
SHA16dd98d211f42b6d585f4a3841dc465768ed20613
SHA25630cc03f1a5d50a2697923fbe52cade9653dfdeabcc492246baa09f117780c19b
SHA512329f5fd74a793ac2781e3c65e5f38cb775b5328ad65fa21e2a83433f1e7bc27d275e7fa7bfa3675cc2a23431b1d55c4923ed7ee82f2d8a4764f94c00749c0ba8
-
Filesize
108KB
MD544884c7195f1dad995acef3c07f5174b
SHA1b7bdaa97ca4254e5d7f932d9c37c92e5f787e72c
SHA2568be2134318885f98b2a9db71afa87d4b3774022f38ee7ae14e624bfbeb49e374
SHA512dabc0e07764eb67a2e7e7085c297e7b7849e59388bc87bcad67426340ad828bdd0b0711b16d0d984b2bc90a8e81002e346f83ba3e6aef4b1fcfd76e74e3df56c
-
Filesize
10.9MB
MD535d4cda95e19e9be467673c78e1e2fa2
SHA13868d4dda794c360f57ba650c332b39ce5c68d8e
SHA2566c84643bdddc36a15b515e72e8b768ba64ff6b8966492db9bce6660934f09746
SHA512577272d92633303f248c8545b67a5205489623ce44d746fcdc906ca29c0cdb26f83140f013510c356b709ead230da79fdd8b04654370a2c18275a3ac98344dd7
-
Filesize
308KB
MD55e58845043089ee3b37392fec0f23992
SHA15e8290a1e9b734ae423aaa5f49bef8041545ebbc
SHA256ad60aece05f500cada31b766831e2fa87aaf6fba58b9dca20c9152f16605faba
SHA51284387a9add5b7ea6220ecfab5773b62d9d0db6ebce799f5a090817a04d0862158e1acafccabbe99bc2dc7abb30b5ade111bd6b4769ef929f3d57e962bcb656a3
-
Filesize
265KB
MD5cc92d248d0c568e5351842d103bce7a9
SHA11d4950fe500f0789ca77fa4858ab8ebc3cb2441f
SHA2560201c5566b578cf5ec8237dc7970a5a3b63afd2e035d8e94ee82230c8a2a691d
SHA512a49aa848d7544e20d33de320faf7169c82669438394d861814fb832d8984fafe86c955484654d55cff7d5ff45e0c60d09b7b6e7c4602ef8ef312c0cafbacdfa7
-
Filesize
1.7MB
MD530465152db261852e3a226a666ec4304
SHA1442a188e07db85653022734d0a8537d4312aef38
SHA256c79795ea1d8f93d6471a6a10ae92f079fa7c79b0736de04edb53c5c5ae4862e4
SHA5123b9b75f7030fa9280130172a7b1f17766b3399270ec49b899d7f4223e68ce7ee728a0ccd5217b98d276da8f84968f4d436b4e61c7fcd378c3be0a57f906dfa63
-
Filesize
83B
MD5d9acd9c18bbb91b28199e86c0ed381fc
SHA1eb5666a071f2abad9ed69a5ab330930b5bd6aa5e
SHA25629cadc86f0f4a39d46cdae3d3dcf41872bf909aee7e0bb44de9ebfb179aca677
SHA5124fe98e4c3303c848e9e14ad6b764630cacbca5e1983d563383e71dda3d730672041861d4041342a0b8462dbdc3a1111afc2889030c547e84be9716bb5036ddca