Overview

overview

10

Static

static

7

main.apk

android_x86

10

main.apk

android_x64

10

main.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.apk

  • Size

    1.2MB

  • Sample

    220506-hfrqhshch2

  • MD5

    c8793b4d4b5bedec055b8226358ed00a

  • SHA1

    945feae70d7f65d36b30f97fe3ad5c995bc37bfc

  • SHA256

    767c218be4e7d2c99ee9c8b36128ac932d2dac0e3792ce638b804083f75e1096

  • SHA512

    ee9bff8b99de34ef8e283bca0ff3acf74a02abe9bc24bcb48396d96f21871bc366dbdcce0912b2477286146ad1ff3dfcca549a6e3dfabc00b2a78efd6a4bbcdc

Score
10/10
teabotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

teabot

C2

http://51.38.166.150:80/api/

http://62.182.81.71:80/api/

Targets

    • Target

      main.apk

    • Size

      1.2MB

    • MD5

      c8793b4d4b5bedec055b8226358ed00a

    • SHA1

      945feae70d7f65d36b30f97fe3ad5c995bc37bfc

    • SHA256

      767c218be4e7d2c99ee9c8b36128ac932d2dac0e3792ce638b804083f75e1096

    • SHA512

      ee9bff8b99de34ef8e283bca0ff3acf74a02abe9bc24bcb48396d96f21871bc366dbdcce0912b2477286146ad1ff3dfcca549a6e3dfabc00b2a78efd6a4bbcdc

    Score
    10/10
    teabotbankerevasioninfostealertrojan

    • TeaBot

      TeaBot is an android banker first seen in January 2021.

      bankertrojaninfostealerteabot

    • TeaBot Payload

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks