Expanding the Investigation: Deep Dive into Latest TrickMo Samples
Oct. 15, 2024, 9:46 a.m.
Description
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mechanisms. The report also identifies the primary targets based on geolocated IP addresses and the most targeted application types, providing insights into the threat actor's operations.
External References
Tags
Date
- Created: Oct. 15, 2024, 9:25 a.m.
- Published: Oct. 15, 2024, 9:25 a.m.
- Modified: Oct. 15, 2024, 9:46 a.m.
Indicators
- ff687eb2cad1bc2832d5d76ac2b4e82f5be19b6673a55cf1badeef3c8a10dd57
- fc12d94573bb1a9f02ce8beec6d54c9e9da13407785a22f06c13aad510608239
- f5133797791e31ea1ad07f8d332d49808ced951dfa7fbeb04f18a6ee0df3b25e
- f1401e63b56fc8f013b5222139f8e2d663dfc03475d6f9cb5dd1c0a65466e598
- edbef1be12821b7bcf37476dbd06e03171926c4c85791540d1e0385cfde53e4b
- ebf99d6499753df9fbcc24f6ef48aef692d38cd7165b7418fef46eced7580683
- ebaa8272ad57fe74a2c4d6176e5a411faad2da846a9692754e5e8d65d8830f39
- e70071ccf0f45073158a2cea7beb5bd76d669f265c2112162c34b11f1e4e75c8
- e81f26ac05a84b7178d029038851a07ac5f8e2c9867471ff96ff5d5526a24bb2
- e67a0233f198c07cfe1a72537f5ddc1a48f344b47cc5232e4528f467d0fbc61e
- e487220af118492bc69fffaf6755bcf89cc668ac9611956def38bdf8725643e4
- e2ff976dc5db6a8b856d4c2a4f0b02d12bf31fa738b84df6ca504dbfac2bbd72
- e27d8b356dcd516be1ac389019aa813261bb320d15fd3216857a98a0b8942c0c
- e0f06bd5537fc0dd6e4c6a97310f74e60f04c6d8b1f4a7a9219221aafaf4f217
- ddc65d96a0022ed640bdbe174582e337218fd4f7114254504952e5bb94ea1851
- d4d5751f6b6e28f03cad4fafd9e2755af937535f4485d7ea43cd069e97429807
- d300f7f268d3366df4ad6e616cbd4854635dafb393de8315aaf1cfa53d7d3db1
- cbb64e62f4a63c40bf2a214353213381f9a8a1087b66f8adec741f075ab20df6
- d074a8dc94c46bdf9567bf030f3674c93fd3b92e0c5ad59ee3494172dc006857
- ba25744487f1f3b4b5a63aa93a0a38eefe6d502baf3f7eeeac53efe906006b1a
- b999e1fba128507ff2a751d025b923f60801fe0f3011f31dd691b989e120ead0
- b90923c0e5149b068faa19ef5c77128edd6c477d91e2fca6c1c9ab4d5179fc8f
- b4b92db35c432ce3844c5772b60c082aa39ad2a2135490e4cc2f5dd4c2daada0
- ad3ccf89fa7002f9af78a311f883ff35efd76c9f27df1146b216a8bb42552340
- acc38e90e868a63795fe8ad44c5820b00f4b7661b5b488d5c29a8cfdc1ffe8db
- a8aae68daa34dfaac611da07accca9d32d99242e3ed2b991f90d24e310b9fcff
- a755cbfc1a25a54bc3d1d12d8a1d82f28b910b9cf870716529f32d5d02bc4c65
- a03c968ed6f639f766cf562493a90ae7a61e909d99e098aea2abbbf607003337
- 9f81ceb2c6b512402f9d7d0998a9e210a780fd51e494170186794d69bbddb642
- 9dafc07911e018c9cd57556cfedd8b84b63adb7d20822186e3793a802a3dc146
- 9f69f3ae0c08df7d5d3a43a93d2089cafc5c05b65c5b87ea4aedbb2b9052adaf
- 961cdc6230979b53ad487026a246491ae0017f0a4d7a2d93c37d6c159a376044
- 90671084d9f1d8a0753c503b4e169b74f2b45a4d79df1a150c7290b710716ca4
- 8f5aed8982908dab0d140718121373ce197ec80d3f01d13adae9d6d268c16a2b
- 8e8470ed0fd881e9c7ad3db2bcb9515a9dc8fbbcf9fdf38169330514524059ef
- 89b2db4df443549bfb59063c4c9006a00971644f54d125cbf3b75e699221fbe8
- 8a4280d990833742707e00520fe91b7068bdbe752e5c16cde7f1758ddf7afab0
- 868614c4dc5d113ea6ed43f5a61fc71acd69f8bbd9a09235ae70f7bb6cca86c0
- 8500f75473db4ef0d70980463b324369b9320de20c59fb760522be16ea3cf3c5
- 829435ce15d2abc91275ff1686bd61f1cde62628587086914627616d57499a14
- 7e597539ac5121af48b247b98f0afada28e17ee2da12207b504f6946e8ca941d
- 7ab74bb3fd9aa60bd46901f52431edf436de2e6513bf69abb33d4fc12749bb9f
- 74b73b9ab9da905f6011975b3bb4c5a41bb1c8700c9aa116bef74cdf3d47f112
- 703aad69e1bf469dcf8d179e475c9145f32659874290a495f26ccf15b3eed928
- 6bc12a021142905c3875b614d8f99e693fbed3315b18024c36d4a38060cad10a
- 69958851f1caa8dc141cc9a427648daf3d659dceca1990b9fcd34aa8bbb36670
- 63ca6fc9b7278951b57a79ef6e39a94d1e0e88927be3b8478af1353091ffaca4
- 5a8d2f40f669b4e7f5edf90c687be33f5b537d2491687df49a4339976df483fb
- 59e2767c7158d60b990bcd97b0abcea00b1bdafc869e9c971179abef5e38b17f
- 555ff149d7a620b8eb7724939c5492a6285f417012476476c96b8630a64d17a7
- 55554c599507947c5eb96264a7db9acaa65d2b42742b39b15686836d0fac2ba0
- 4d9ce4cf54a66f1ac6d93071ea31bd861de67820f001e5d13535fdc3cf5faf45
- 4bdc30e872b879e2303e2f4ccbc73f0ce5335d9d3b98b165fc2b22fc8c3251e5
- 4a49fa1c16889fcebf1210e796a56001231351831bf4526fb00e6904197ab674
- 493b219932c105a9e2a8dd90dbbd0bb8ffc8bab3035c7353f9beba1747ef0d4e
- 43e19c7bbaf2d85c3952c4f28cb11ff3c711c3bb0d8396b2ac48a9d4efb955e8
- 42d25d50c5c1c137d59c7c32ec04906760f9a0b01ace4989ec7745a0634b560d
- 3f95b677291032ed516aaa7c0f741ee7fb5694e228aeb6be7e6f3e2fb7e7acae
- 3c52c96c8c8bddb4ff2165c9f2ffdefba23532f1c2b24c03fcf8049c84d613b6
- 37ac15f552aa23de08b0ab3ea6913306f1e1f9d62d93e59fb80cda7c9e5dc2f0
- 32e39963f71cdb20c59382aefb19b2cfa3fb2527f15e12dedf587a8329e30f95
- 2deb5aec5a8cc96638d22f02c6488bf58de581d0cbdf8ae20a71f1515dbeda71
- 2d70c9887d1c135d5b39739018742dae6423adb55a112a0a08bfcd98a98a862a
- 2cb4276b0532c45c11338ec84817657c32bed5ec15d7f693a945ce65649037fe
- 2bb8a7b172c3f83de65c68740ffeb76cfeef775d76e612b257ea788580941630
- 20c21a0bf466412118a8b79e890e2ce5dd068a9a2d354f43f6b4b7c94ee16509
- 1c6838f94b564285ac7af70906e5b0203d56628b7e932a26757c7ca8f272be2b
- 1a79fe2f64923f83d1042d2ffe86e6a77c00143bdc7b0c247e3d8753e36e699f
- 187c0e90c8b019e664f3919a5e6ba62e8dd5336eb38ea1b36376ba1456b91f35
- 11af0da9a7c5f65bb098ed52973e814b12eba492fb3615a5fada5d4cc390928d
- 0602db7aff8ef3a5d3a81a556390a24f96a6fc7b478470c57fdec01024e3fac1
- 035e236b3d236c78cfb27e4f35dd220c9668a28b923c8818338dd1c4e11d4554
- 014e2caf1cc8fa290319b41ae2cb245241bf4fba4ce13778ddbca72e21c809b0
- 00b6ecf73a690b40a4b22ce865f0a3df902516bd70bd6c13de8ec07f9a2b6937
- http://shapr-3d.cn.com
- http://paramed.cn.com
- http://meshuggah.cn.com
- http://exchange-secure.cn.com
- http://adobtone.cn.com
- http://au-logon-login-page.group
- http://wicki-wicki.cn.com/c
- http://starnow.cn.com/c
- http://stagepool.cn.com/c
- http://oxydant.cn.com/c
- http://mikrotik.cn.com/c
- http://gofirst.cn.com/c
- http://chiggers.cn.com/c
- http://letsencryp.at/c
- http://keepass.ltd/c
- http://itwww.org/c
- http://dowhatyouwant.group/c
- trustmode.at
- everythingispossible.group
- products-receiver.group
Attack Patterns
- TrickMo
Additional Informations
- United Arab Emirates
- Canada
- Germany