Overview

overview

10

Static

static

7

47bb7f855c...cd.apk

android-9-x86

10

47bb7f855c...cd.apk

android-10-x64

10

47bb7f855c...cd.apk

android-11-x64

10

Resubmissions

27-01-2023 07:24

230127-h8ld7she43 10

25-04-2022 13:47

220425-q3kjqaccd4 8

23-04-2022 16:23

220423-tvtdfadcc3 10

22-04-2022 08:33

220422-kfyj6sgbam 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd.zip

  • Size

    3.2MB

  • Sample

    230127-h8ld7she43

  • MD5

    c3c8d26fe476948be33d6aca0b231d18

  • SHA1

    0ee923a9665c0f993a87b5075c0e55d7d1788896

  • SHA256

    13e34ee48550c03e90008bace2279b3206333905c9b3de05756551c83674ce70

  • SHA512

    79a354402b9581b285c39685ca510db89d38725bd8a45779a2d7a137e16fc618cd10fb43b012982d5716b14e838f6a9e3af6962f90509745de20686ba7fb5913

  • SSDEEP

    49152:sT9EyDllo0K8fTbCcmbf6hGCLuNEbyMiQrgfFTUKLX2eugAyBTRhI4fS+FhQ0UL/:mSszHCDf6UCqebZ69cQrtNS+s0Mb8s

Score
10/10
teabotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

teabot

C2

http://51.38.166.153:80/api/

Targets

    • Target

      47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd.apk

    • Size

      3.2MB

    • MD5

      bf2ddaf430243461a8eab4aa1ed1e80d

    • SHA1

      29c497dc416d903917e92ae347371b15009eaee1

    • SHA256

      47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd

    • SHA512

      b50735a2d58e19038f56baf62704b4d7af726e812758ea7c43b4c5155828b93ea5d9284ec89ba8ce9704e4b8945bb832970fd7601bbdcd039972bdac78ab4739

    • SSDEEP

      98304:ylxgweICNV+mN24ElmQjE9LBcGDIXAOthoV:ylxgBImV+mCmQjMLBarrc

    Score
    10/10
    teabotbankerevasioninfostealertrojan

    • TeaBot

      TeaBot is an android banker first seen in January 2021.

      bankertrojaninfostealerteabot

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks