Expanding the Investigation: Deep Dive into Latest TrickMo Samples
Oct. 15, 2024, 9:46 a.m.
Tags
External References
Description
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mechanisms. The report also identifies the primary targets based on geolocated IP addresses and the most targeted application types, providing insights into the threat actor's operations.
Date
Published: Oct. 15, 2024, 9:25 a.m.
Created: Oct. 15, 2024, 9:25 a.m.
Modified: Oct. 15, 2024, 9:46 a.m.
Indicators
ff687eb2cad1bc2832d5d76ac2b4e82f5be19b6673a55cf1badeef3c8a10dd57
fc12d94573bb1a9f02ce8beec6d54c9e9da13407785a22f06c13aad510608239
f5133797791e31ea1ad07f8d332d49808ced951dfa7fbeb04f18a6ee0df3b25e
f1401e63b56fc8f013b5222139f8e2d663dfc03475d6f9cb5dd1c0a65466e598
edbef1be12821b7bcf37476dbd06e03171926c4c85791540d1e0385cfde53e4b
ebf99d6499753df9fbcc24f6ef48aef692d38cd7165b7418fef46eced7580683
ebaa8272ad57fe74a2c4d6176e5a411faad2da846a9692754e5e8d65d8830f39
e70071ccf0f45073158a2cea7beb5bd76d669f265c2112162c34b11f1e4e75c8
e81f26ac05a84b7178d029038851a07ac5f8e2c9867471ff96ff5d5526a24bb2
e67a0233f198c07cfe1a72537f5ddc1a48f344b47cc5232e4528f467d0fbc61e
e487220af118492bc69fffaf6755bcf89cc668ac9611956def38bdf8725643e4
e2ff976dc5db6a8b856d4c2a4f0b02d12bf31fa738b84df6ca504dbfac2bbd72
e27d8b356dcd516be1ac389019aa813261bb320d15fd3216857a98a0b8942c0c
e0f06bd5537fc0dd6e4c6a97310f74e60f04c6d8b1f4a7a9219221aafaf4f217
ddc65d96a0022ed640bdbe174582e337218fd4f7114254504952e5bb94ea1851
d4d5751f6b6e28f03cad4fafd9e2755af937535f4485d7ea43cd069e97429807
d300f7f268d3366df4ad6e616cbd4854635dafb393de8315aaf1cfa53d7d3db1
cbb64e62f4a63c40bf2a214353213381f9a8a1087b66f8adec741f075ab20df6
d074a8dc94c46bdf9567bf030f3674c93fd3b92e0c5ad59ee3494172dc006857
ba25744487f1f3b4b5a63aa93a0a38eefe6d502baf3f7eeeac53efe906006b1a
b999e1fba128507ff2a751d025b923f60801fe0f3011f31dd691b989e120ead0
b90923c0e5149b068faa19ef5c77128edd6c477d91e2fca6c1c9ab4d5179fc8f
b4b92db35c432ce3844c5772b60c082aa39ad2a2135490e4cc2f5dd4c2daada0
ad3ccf89fa7002f9af78a311f883ff35efd76c9f27df1146b216a8bb42552340
acc38e90e868a63795fe8ad44c5820b00f4b7661b5b488d5c29a8cfdc1ffe8db
a8aae68daa34dfaac611da07accca9d32d99242e3ed2b991f90d24e310b9fcff
a755cbfc1a25a54bc3d1d12d8a1d82f28b910b9cf870716529f32d5d02bc4c65
a03c968ed6f639f766cf562493a90ae7a61e909d99e098aea2abbbf607003337
9f81ceb2c6b512402f9d7d0998a9e210a780fd51e494170186794d69bbddb642
9dafc07911e018c9cd57556cfedd8b84b63adb7d20822186e3793a802a3dc146
9f69f3ae0c08df7d5d3a43a93d2089cafc5c05b65c5b87ea4aedbb2b9052adaf
961cdc6230979b53ad487026a246491ae0017f0a4d7a2d93c37d6c159a376044
90671084d9f1d8a0753c503b4e169b74f2b45a4d79df1a150c7290b710716ca4
8f5aed8982908dab0d140718121373ce197ec80d3f01d13adae9d6d268c16a2b
8e8470ed0fd881e9c7ad3db2bcb9515a9dc8fbbcf9fdf38169330514524059ef
89b2db4df443549bfb59063c4c9006a00971644f54d125cbf3b75e699221fbe8
8a4280d990833742707e00520fe91b7068bdbe752e5c16cde7f1758ddf7afab0
868614c4dc5d113ea6ed43f5a61fc71acd69f8bbd9a09235ae70f7bb6cca86c0
8500f75473db4ef0d70980463b324369b9320de20c59fb760522be16ea3cf3c5
829435ce15d2abc91275ff1686bd61f1cde62628587086914627616d57499a14
7e597539ac5121af48b247b98f0afada28e17ee2da12207b504f6946e8ca941d
7ab74bb3fd9aa60bd46901f52431edf436de2e6513bf69abb33d4fc12749bb9f
74b73b9ab9da905f6011975b3bb4c5a41bb1c8700c9aa116bef74cdf3d47f112
703aad69e1bf469dcf8d179e475c9145f32659874290a495f26ccf15b3eed928
6bc12a021142905c3875b614d8f99e693fbed3315b18024c36d4a38060cad10a
69958851f1caa8dc141cc9a427648daf3d659dceca1990b9fcd34aa8bbb36670
63ca6fc9b7278951b57a79ef6e39a94d1e0e88927be3b8478af1353091ffaca4
5a8d2f40f669b4e7f5edf90c687be33f5b537d2491687df49a4339976df483fb
59e2767c7158d60b990bcd97b0abcea00b1bdafc869e9c971179abef5e38b17f
555ff149d7a620b8eb7724939c5492a6285f417012476476c96b8630a64d17a7
55554c599507947c5eb96264a7db9acaa65d2b42742b39b15686836d0fac2ba0
4d9ce4cf54a66f1ac6d93071ea31bd861de67820f001e5d13535fdc3cf5faf45
4bdc30e872b879e2303e2f4ccbc73f0ce5335d9d3b98b165fc2b22fc8c3251e5
4a49fa1c16889fcebf1210e796a56001231351831bf4526fb00e6904197ab674
493b219932c105a9e2a8dd90dbbd0bb8ffc8bab3035c7353f9beba1747ef0d4e
43e19c7bbaf2d85c3952c4f28cb11ff3c711c3bb0d8396b2ac48a9d4efb955e8
42d25d50c5c1c137d59c7c32ec04906760f9a0b01ace4989ec7745a0634b560d
3f95b677291032ed516aaa7c0f741ee7fb5694e228aeb6be7e6f3e2fb7e7acae
3c52c96c8c8bddb4ff2165c9f2ffdefba23532f1c2b24c03fcf8049c84d613b6
37ac15f552aa23de08b0ab3ea6913306f1e1f9d62d93e59fb80cda7c9e5dc2f0
32e39963f71cdb20c59382aefb19b2cfa3fb2527f15e12dedf587a8329e30f95
2deb5aec5a8cc96638d22f02c6488bf58de581d0cbdf8ae20a71f1515dbeda71
2d70c9887d1c135d5b39739018742dae6423adb55a112a0a08bfcd98a98a862a
2cb4276b0532c45c11338ec84817657c32bed5ec15d7f693a945ce65649037fe
2bb8a7b172c3f83de65c68740ffeb76cfeef775d76e612b257ea788580941630
20c21a0bf466412118a8b79e890e2ce5dd068a9a2d354f43f6b4b7c94ee16509
1c6838f94b564285ac7af70906e5b0203d56628b7e932a26757c7ca8f272be2b
1a79fe2f64923f83d1042d2ffe86e6a77c00143bdc7b0c247e3d8753e36e699f
187c0e90c8b019e664f3919a5e6ba62e8dd5336eb38ea1b36376ba1456b91f35
11af0da9a7c5f65bb098ed52973e814b12eba492fb3615a5fada5d4cc390928d
0602db7aff8ef3a5d3a81a556390a24f96a6fc7b478470c57fdec01024e3fac1
035e236b3d236c78cfb27e4f35dd220c9668a28b923c8818338dd1c4e11d4554
014e2caf1cc8fa290319b41ae2cb245241bf4fba4ce13778ddbca72e21c809b0
00b6ecf73a690b40a4b22ce865f0a3df902516bd70bd6c13de8ec07f9a2b6937
http://shapr-3d.cn.com
http://paramed.cn.com
http://meshuggah.cn.com
http://exchange-secure.cn.com
http://adobtone.cn.com
http://au-logon-login-page.group
http://wicki-wicki.cn.com/c
http://starnow.cn.com/c
http://stagepool.cn.com/c
http://oxydant.cn.com/c
http://mikrotik.cn.com/c
http://gofirst.cn.com/c
http://chiggers.cn.com/c
http://letsencryp.at/c
http://keepass.ltd/c
http://itwww.org/c
http://dowhatyouwant.group/c
trustmode.at
everythingispossible.group
products-receiver.group
Attack Patterns
TrickMo
Additional Informations
United Arab Emirates
Canada
Germany