General
-
Target
base.apk
-
Size
3.2MB
-
Sample
220316-pth4vsbheq
-
MD5
bf2ddaf430243461a8eab4aa1ed1e80d
-
SHA1
29c497dc416d903917e92ae347371b15009eaee1
-
SHA256
47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd
-
SHA512
b50735a2d58e19038f56baf62704b4d7af726e812758ea7c43b4c5155828b93ea5d9284ec89ba8ce9704e4b8945bb832970fd7601bbdcd039972bdac78ab4739
Malware Config
Extracted
teabot
http://195.201.70.80:8000/api/
http://92.63.97.204:8000/api/
Targets
-
-
Target
base.apk
-
Size
3.2MB
-
MD5
bf2ddaf430243461a8eab4aa1ed1e80d
-
SHA1
29c497dc416d903917e92ae347371b15009eaee1
-
SHA256
47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd
-
SHA512
b50735a2d58e19038f56baf62704b4d7af726e812758ea7c43b4c5155828b93ea5d9284ec89ba8ce9704e4b8945bb832970fd7601bbdcd039972bdac78ab4739
Score10/10-
TeaBot
TeaBot is an android banker first seen in January 2021.
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-