Overview

overview

10

Static

static

7

main.apk

android_x86

10

main.apk

android_x64

10

main.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.apk

  • Size

    1.2MB

  • Sample

    220506-g67c8ahcf7

  • MD5

    611d013f927d031e4fcfff163bf70124

  • SHA1

    96bb1bb6b1e3770f14643c6c2ac51e99a5938d7b

  • SHA256

    c3c7df127552aa2594ad335d7cc955cb1274cc322455a89b1856a2adf9f83ded

  • SHA512

    efc42f24869575222d616f174f2cf00c1fd376d9d365cb38c3c61e6e871fb6b98be291792f3298be47490c6a174d94a4a57ded4b64f219eb90664209cc659a95

Score
10/10
teabotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

teabot

C2

http://51.38.166.150:80/api/

http://62.182.81.71:80/api/

Targets

    • Target

      main.apk

    • Size

      1.2MB

    • MD5

      611d013f927d031e4fcfff163bf70124

    • SHA1

      96bb1bb6b1e3770f14643c6c2ac51e99a5938d7b

    • SHA256

      c3c7df127552aa2594ad335d7cc955cb1274cc322455a89b1856a2adf9f83ded

    • SHA512

      efc42f24869575222d616f174f2cf00c1fd376d9d365cb38c3c61e6e871fb6b98be291792f3298be47490c6a174d94a4a57ded4b64f219eb90664209cc659a95

    Score
    10/10
    teabotbankerevasioninfostealertrojan

    • TeaBot

      TeaBot is an android banker first seen in January 2021.

      bankertrojaninfostealerteabot

    • TeaBot Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks