Extracted

• • Target

    16019bccb869e2c1db792b41955b14c6a0ffe4f3dda0d44c077c75e230040e07

  • Size

    7.2MB

  • MD5

    9426cc5ac88d93aa4453a4dad3a3e707

  • SHA1

    54b24c5bd029e111635fee3030c8271e706709a3

  • SHA256

    16019bccb869e2c1db792b41955b14c6a0ffe4f3dda0d44c077c75e230040e07

  • SHA512

    15904ff60802ec1d88ca759b3bc21aa4ae2c18514992f9482d7fe321f5b66db05e36bd659255e76f42ac9ec2d20c6e853560d7f891aaa824554be4d7f08a431a

  • SSDEEP

    196608:jWbdzLLW2X11knMvQbhLi3K+JvZCeJ5bjn/0+57L:SbZW2l1kMmT+TCeJ1Qq

  Score

  10^/10

  trickmobankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencetrojan

  • TrickMo

    TrickMo is an Android banking trojan with the capability to intercept 2FA codes first seen in September 2019.

    trojaninfostealerbankertrickmo

  • Trickmo family

    trickmo

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Listens for changes in the sensor environment (might be used to detect emulation)

    defense_evasion
  behavioral1behavioral2