Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Expanding the Investigation: Deep Dive into Latest TrickMo Samples

Oct. 15, 2024, 9:46 a.m.

Description

This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mechanisms. The report also identifies the primary targets based on geolocated IP addresses and the most targeted application types, providing insights into the threat actor's operations.

Date

Published: Oct. 15, 2024, 9:25 a.m.

Created: Oct. 15, 2024, 9:25 a.m.

Modified: Oct. 15, 2024, 9:46 a.m.

Indicators

ff687eb2cad1bc2832d5d76ac2b4e82f5be19b6673a55cf1badeef3c8a10dd57

fc12d94573bb1a9f02ce8beec6d54c9e9da13407785a22f06c13aad510608239

f5133797791e31ea1ad07f8d332d49808ced951dfa7fbeb04f18a6ee0df3b25e

f1401e63b56fc8f013b5222139f8e2d663dfc03475d6f9cb5dd1c0a65466e598

edbef1be12821b7bcf37476dbd06e03171926c4c85791540d1e0385cfde53e4b

ebf99d6499753df9fbcc24f6ef48aef692d38cd7165b7418fef46eced7580683

ebaa8272ad57fe74a2c4d6176e5a411faad2da846a9692754e5e8d65d8830f39

e70071ccf0f45073158a2cea7beb5bd76d669f265c2112162c34b11f1e4e75c8

e81f26ac05a84b7178d029038851a07ac5f8e2c9867471ff96ff5d5526a24bb2

e67a0233f198c07cfe1a72537f5ddc1a48f344b47cc5232e4528f467d0fbc61e

e487220af118492bc69fffaf6755bcf89cc668ac9611956def38bdf8725643e4

e2ff976dc5db6a8b856d4c2a4f0b02d12bf31fa738b84df6ca504dbfac2bbd72

e27d8b356dcd516be1ac389019aa813261bb320d15fd3216857a98a0b8942c0c

e0f06bd5537fc0dd6e4c6a97310f74e60f04c6d8b1f4a7a9219221aafaf4f217

ddc65d96a0022ed640bdbe174582e337218fd4f7114254504952e5bb94ea1851

d4d5751f6b6e28f03cad4fafd9e2755af937535f4485d7ea43cd069e97429807

d300f7f268d3366df4ad6e616cbd4854635dafb393de8315aaf1cfa53d7d3db1

cbb64e62f4a63c40bf2a214353213381f9a8a1087b66f8adec741f075ab20df6

d074a8dc94c46bdf9567bf030f3674c93fd3b92e0c5ad59ee3494172dc006857

ba25744487f1f3b4b5a63aa93a0a38eefe6d502baf3f7eeeac53efe906006b1a

b999e1fba128507ff2a751d025b923f60801fe0f3011f31dd691b989e120ead0

b90923c0e5149b068faa19ef5c77128edd6c477d91e2fca6c1c9ab4d5179fc8f

b4b92db35c432ce3844c5772b60c082aa39ad2a2135490e4cc2f5dd4c2daada0

ad3ccf89fa7002f9af78a311f883ff35efd76c9f27df1146b216a8bb42552340

acc38e90e868a63795fe8ad44c5820b00f4b7661b5b488d5c29a8cfdc1ffe8db

a8aae68daa34dfaac611da07accca9d32d99242e3ed2b991f90d24e310b9fcff

a755cbfc1a25a54bc3d1d12d8a1d82f28b910b9cf870716529f32d5d02bc4c65

a03c968ed6f639f766cf562493a90ae7a61e909d99e098aea2abbbf607003337

9f81ceb2c6b512402f9d7d0998a9e210a780fd51e494170186794d69bbddb642

9dafc07911e018c9cd57556cfedd8b84b63adb7d20822186e3793a802a3dc146

9f69f3ae0c08df7d5d3a43a93d2089cafc5c05b65c5b87ea4aedbb2b9052adaf

961cdc6230979b53ad487026a246491ae0017f0a4d7a2d93c37d6c159a376044

90671084d9f1d8a0753c503b4e169b74f2b45a4d79df1a150c7290b710716ca4

8f5aed8982908dab0d140718121373ce197ec80d3f01d13adae9d6d268c16a2b

8e8470ed0fd881e9c7ad3db2bcb9515a9dc8fbbcf9fdf38169330514524059ef

89b2db4df443549bfb59063c4c9006a00971644f54d125cbf3b75e699221fbe8

8a4280d990833742707e00520fe91b7068bdbe752e5c16cde7f1758ddf7afab0

868614c4dc5d113ea6ed43f5a61fc71acd69f8bbd9a09235ae70f7bb6cca86c0

8500f75473db4ef0d70980463b324369b9320de20c59fb760522be16ea3cf3c5

829435ce15d2abc91275ff1686bd61f1cde62628587086914627616d57499a14

7e597539ac5121af48b247b98f0afada28e17ee2da12207b504f6946e8ca941d

7ab74bb3fd9aa60bd46901f52431edf436de2e6513bf69abb33d4fc12749bb9f

74b73b9ab9da905f6011975b3bb4c5a41bb1c8700c9aa116bef74cdf3d47f112

703aad69e1bf469dcf8d179e475c9145f32659874290a495f26ccf15b3eed928

6bc12a021142905c3875b614d8f99e693fbed3315b18024c36d4a38060cad10a

69958851f1caa8dc141cc9a427648daf3d659dceca1990b9fcd34aa8bbb36670

63ca6fc9b7278951b57a79ef6e39a94d1e0e88927be3b8478af1353091ffaca4

5a8d2f40f669b4e7f5edf90c687be33f5b537d2491687df49a4339976df483fb

59e2767c7158d60b990bcd97b0abcea00b1bdafc869e9c971179abef5e38b17f

555ff149d7a620b8eb7724939c5492a6285f417012476476c96b8630a64d17a7

55554c599507947c5eb96264a7db9acaa65d2b42742b39b15686836d0fac2ba0

4d9ce4cf54a66f1ac6d93071ea31bd861de67820f001e5d13535fdc3cf5faf45

4bdc30e872b879e2303e2f4ccbc73f0ce5335d9d3b98b165fc2b22fc8c3251e5

4a49fa1c16889fcebf1210e796a56001231351831bf4526fb00e6904197ab674

493b219932c105a9e2a8dd90dbbd0bb8ffc8bab3035c7353f9beba1747ef0d4e

43e19c7bbaf2d85c3952c4f28cb11ff3c711c3bb0d8396b2ac48a9d4efb955e8

42d25d50c5c1c137d59c7c32ec04906760f9a0b01ace4989ec7745a0634b560d

3f95b677291032ed516aaa7c0f741ee7fb5694e228aeb6be7e6f3e2fb7e7acae

3c52c96c8c8bddb4ff2165c9f2ffdefba23532f1c2b24c03fcf8049c84d613b6

37ac15f552aa23de08b0ab3ea6913306f1e1f9d62d93e59fb80cda7c9e5dc2f0

32e39963f71cdb20c59382aefb19b2cfa3fb2527f15e12dedf587a8329e30f95

2deb5aec5a8cc96638d22f02c6488bf58de581d0cbdf8ae20a71f1515dbeda71

2d70c9887d1c135d5b39739018742dae6423adb55a112a0a08bfcd98a98a862a

2cb4276b0532c45c11338ec84817657c32bed5ec15d7f693a945ce65649037fe

2bb8a7b172c3f83de65c68740ffeb76cfeef775d76e612b257ea788580941630

20c21a0bf466412118a8b79e890e2ce5dd068a9a2d354f43f6b4b7c94ee16509

1c6838f94b564285ac7af70906e5b0203d56628b7e932a26757c7ca8f272be2b

1a79fe2f64923f83d1042d2ffe86e6a77c00143bdc7b0c247e3d8753e36e699f

187c0e90c8b019e664f3919a5e6ba62e8dd5336eb38ea1b36376ba1456b91f35

11af0da9a7c5f65bb098ed52973e814b12eba492fb3615a5fada5d4cc390928d

0602db7aff8ef3a5d3a81a556390a24f96a6fc7b478470c57fdec01024e3fac1

035e236b3d236c78cfb27e4f35dd220c9668a28b923c8818338dd1c4e11d4554

014e2caf1cc8fa290319b41ae2cb245241bf4fba4ce13778ddbca72e21c809b0

00b6ecf73a690b40a4b22ce865f0a3df902516bd70bd6c13de8ec07f9a2b6937

http://shapr-3d.cn.com

http://paramed.cn.com

http://meshuggah.cn.com

http://exchange-secure.cn.com

http://adobtone.cn.com

http://au-logon-login-page.group

http://wicki-wicki.cn.com/c

http://starnow.cn.com/c

http://stagepool.cn.com/c

http://oxydant.cn.com/c

http://mikrotik.cn.com/c

http://gofirst.cn.com/c

http://chiggers.cn.com/c

http://letsencryp.at/c

http://keepass.ltd/c

http://itwww.org/c

http://dowhatyouwant.group/c

trustmode.at

everythingispossible.group

products-receiver.group

Attack Patterns

TrickMo

Additional Informations

United Arab Emirates

Canada

Germany