MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TrickMo

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e
SHA3-384 hash:	e1f2d2fa24e90f09c6be64819d42a4e6af0f0192e5b8a5f286189854f76e343eb8e7af20bd0ed0015913573fb39c3c66
SHA1 hash:	db165b084b44f98cd47540f4c73a8ab8feb05660
MD5 hash:	125591b1ba792dc40478fba12b09970c
humanhash:	carbon-november-lemon-echo
File name:	12.apk
Download:	download sample
Signature	TrickMo Create hunting rule
File size:	8'095'859 bytes
First seen:	2024-12-18 15:37:27 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	196608:egbAsJ3OmCt1AsyRLm5Mymhnl6m4955q45z+YK:d8sFYUsUm2yEnl6mmjqYzm
TLSH	T12A861273F759A66FC5F2833744794E726202BE168383D64B2854337869B7ACC0F52AE4
TrID	32.1% (.APK) Android Package (27000/1/5) 16.6% (.ZIP) Opera Widget (14000/1/2) 16.0% (.JAR) Java Archive (13500/1/2) 12.5% (.SH3D) Sweet Home 3D design (generic) (10500/1/3) 9.5% (.WIDGET) Konfabulator widget (8000/1/2)
Magika	apk
Reporter	0x746f6d6669
Tags:	apk TrickMo

Intelligence

File Origin

# of uploads :

# of downloads :

231

Origin country :

Vendor Threat Intelligence

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6762ec609ce6256fa2fe74f6/reports/ecfa84fc-dcda-4cdf-85c5-0d4ef3755fd8/overview

Score:

100%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e/

Threat name:

Android.Trojan.Generic

Status:

Suspicious

First seen:

2024-12-11 23:50:52 UTC

AV detection:

5 of 38 (13.16%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fzwhgvhxwtoolf2savess4y4kbk56fjqd3ijjaql3o6nlqgpuexa._file

Result

Malware family:

trickmo

Score:

10/10

Tags:

family:trickmo android banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Link:

https://tria.ge/reports/241218-s22gystmhs/

Behaviour

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Listens for changes in the sensor environment (might be used to detect emulation)

Queries the mobile country code (MCC)

Requests disabling of battery optimizations (often used to enable hiding in the background).

Loads dropped Dex/Jar

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

TrickMo

Trickmo family

Malware Config

C2 Extraction:

http://skyfrostweb.cn.com/c

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/cffb8a2a-c3f3-4e12-9032-505c42e88a3c

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2e6c7354f7b4dce59752054929731c5055df15301ed094820bdbbcd5c0cfa12e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Packer_Android Create hunting rule
Author:	R3R0K
Description:	Android.Packer_Android

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample