ET MOBILE_MALWARE Android/TrickMo.Banker POST Request

SID: 2057141Rev: 110 views
Sourceet/open
CreatedOctober 29, 2024
UpdatedOctober 29, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/TrickMo.Banker POST Request"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"|22|id|22|"; content:"|22|imsi|22|"; distance:0; content:"|22|imei|22|"; distance:0; content:"|22|phone|22|"; distance:0; content:"|22|operator|22|"; distance:0; content:"|22|aid|22|"; distance:0; content:"|22|model|22|"; distance:0; content:"|22|brand|22|"; distance:0; content:"|22|version|22|"; distance:0; content:"|22|build|22|"; distance:0; content:"|22|battery|22|"; distance:0; content:"|22|wifi|22|"; distance:0; content:"|22|w_time|22|"; distance:0; content:"|22|smsApp|22|"; distance:0; content:"|22|smsAppPackage|22|"; distance:0; content:"|22|clickerConfig|22|"; distance:0; fast_pattern; content:"|22|signal|22|"; distance:0; content:"|22|installedApps|22|"; distance:0; reference:url,www.cleafy.com/cleafy-labs/a-new-trickmo-saga-from-banking-trojan-to-victims-data-leak; classtype:trojan-activity; sid:2057141; rev:1; metadata:affected_product Android, attack_target Mobile_Client, tls_state TLSDecrypt, created_at 2024_10_29, deployment Perimeter, deployment Internal, deployment SSLDecrypt, malware_family Android_TrickMo_Banker, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_29; target:src_ip;)

References

urlwww.cleafy.com/cleafy-labs/a-new-trickmo-saga-from-banking-trojan-to-victims-data-leak

Metadata

affected productAndroid
attack targetMobile_Client
tls stateTLSDecrypt
created at2024_10_29
deploymentSSLDecrypt
malware familyAndroid_TrickMo_Banker
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_10_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!