Analysis
-
max time kernel
670951s -
max time network
161s -
platform
android_x86 -
resource
android-x86-arm-20230824-en -
resource tags
-
submitted
24-08-2023 14:38
General
-
Target
5413aa7824e00c2773031ca26b238e9a.apk
-
Size
2.2MB
-
MD5
5413aa7824e00c2773031ca26b238e9a
-
SHA1
e83c48e09e8bc75d9b1c10748b6ea6913ce48508
-
SHA256
201d1e0492232be2f34bf699a08e516bd4d433a1071291f673a15b846216a7ce
-
SHA512
824c931eb212bec4ddf9cd1afc30364c3076ea8458dc1f95ac261ce99d3c70ff4e959c185c8203a86a7a01767291819e4da786d1f34f356521833fc226f0e36b
-
SSDEEP
49152:TiRU48uqFdL40DDKHY2tqzfAJio30O7Y8b56j6NQV:eRUhdL3fAY2tr30O7xb56s4
Malware Config
Extracted
teabot
http://91.215.85.55:85/api/
Signatures
-
TeaBot
TeaBot is an android banker first seen in January 2021.
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
Processes
-
com.kwfsrkyv.nkvjzgom.chapljek.lkmmgrrq1⤵
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kwfsrkyv.nkvjzgom.chapljek.lkmmgrrq/rwurrebwrt/grwrfkkobvgowjr/base.apk.ttefr9f1.fgw --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.kwfsrkyv.nkvjzgom.chapljek.lkmmgrrq/rwurrebwrt/grwrfkkobvgowjr/oat/x86/base.apk.ttefr9f1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kwfsrkyv.nkvjzgom.chapljek.lkmmgrrq/rwurrebwrt/grwrfkkobvgowjr/tmp-base.apk.ttefr9f6884690405414828133.fgwFilesize
317KB
MD54aff80b7f8db95ead994b39eccb5c88d
SHA13da64d417047ad013fa59e7ea7e036e61918c4ea
SHA2565d2c6492860c1185134d56896f4974da5db9adcf5ffeb1f2a53e090ff621cf39
SHA5128155c21a0468abe498e3d32edd82b5f38eb1825a873fc2b8c7cc8e750be79da0a139cb4997dd2ae3258e92c7f72b8f125972050d64eb5d9f9997732bbd86c305
-
/data/user/0/com.kwfsrkyv.nkvjzgom.chapljek.lkmmgrrq/rwurrebwrt/grwrfkkobvgowjr/base.apk.ttefr9f1.fgwFilesize
751KB
MD53c6d7b768e4fbb1b5f7a9727412a63ca
SHA10ce5aa330561d119853dec0f213ecb4c6d1e1343
SHA2560e833cb986ea9c723b0848a50c170346cca006da3b1eb22d6c8ca491405da885
SHA51244cc0ab80439a9356e3d53eb31c13a02fd14b02122cc68ef20bbbb2eed89766241c2e79e973aa05603652fc8d249f8846824c88dcebb1c8a3e70148cc492a211
-
/data/user/0/com.kwfsrkyv.nkvjzgom.chapljek.lkmmgrrq/rwurrebwrt/grwrfkkobvgowjr/base.apk.ttefr9f1.fgwFilesize
751KB
MD594da31768475580aa793a92629b8214c
SHA13fdeba0b556dfb4fb818e060f65b8bac34a6f144
SHA2561a5fc28b86b1c8b0e0bb202b0d7a8be37d968f33d162fe33a892b5476b0934aa
SHA5126afa597eeda3580ee930e46f302bf4c5a949f037330d932f023b254cabcbcf9242db051930d08f670a7bb5afa4abace29efc10208cdfaa776f356b76c68d5347