teabot | d277aa53a7b51eb15b31f0cb7893f63eff695def94c61102c219003c34785670 | Triage

Sharing

General

Target

d277aa53a7b51eb15b31f0cb7893f63eff695def94c61102c219003c34785670.apk
Size

3.3MB
Sample

231005-vz9rnafb56
MD5

5ebb07b6637f81fbdce0040f780dffa7
SHA1

aa5062769a8f855daf410de53cfd85ef6fdcf1bb
SHA256

d277aa53a7b51eb15b31f0cb7893f63eff695def94c61102c219003c34785670
SHA512

0f6de475da0c41097a9f9fea49ed2c6ef13d63a6635267a1c710793811f62237a5a78653160b36832261d5c13ce4a2de24c9e84d1e297bcc6f56a1b6b6d96271
SSDEEP

49152:gF29DLLIbAAGD603nJvCL2yB2M5a5+yrqL7C5WtPbsN0IfD2a+qoR/kENawqo:gyDL9AGD6cJ6LDBjwrq/C5wo0O2dTcu

Score

10^/10

teabot android banker evasion infostealer stealth trojan

Malware Config

Targets

- Target
  
  d277aa53a7b51eb15b31f0cb7893f63eff695def94c61102c219003c34785670.apk
- Size
  
  3.3MB
- MD5
  
  5ebb07b6637f81fbdce0040f780dffa7
- SHA1
  
  aa5062769a8f855daf410de53cfd85ef6fdcf1bb
- SHA256
  
  d277aa53a7b51eb15b31f0cb7893f63eff695def94c61102c219003c34785670
- SHA512
  
  0f6de475da0c41097a9f9fea49ed2c6ef13d63a6635267a1c710793811f62237a5a78653160b36832261d5c13ce4a2de24c9e84d1e297bcc6f56a1b6b6d96271
- SSDEEP
  
  49152:gF29DLLIbAAGD603nJvCL2yB2M5a5+yrqL7C5WtPbsN0IfD2a+qoR/kENawqo:gyDL9AGD6cJ6LDBjwrq/C5wo0O2dTcu
Score

10^/10

teabot banker evasion infostealer trojan stealth
- TeaBot
  TeaBot is an android banker first seen in January 2021.
  banker trojan infostealer teabot
- TeaBot payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  en-US.pak
- Size
  
  114KB
- MD5
  
  7dbef52250b1c0b085d942188bab2a1a
- SHA1
  
  a70f00cb92bcdf7f939b3341f588d9927e42f8ea
- SHA256
  
  88b49b3f989709c5bd5a538f34b87b51e69027942f9fd67e34a686894e17aa87
- SHA512
  
  2659b42a19e4f0e92bd7819eff2ff41bea911607c1299a5eac5303432a3aee10f0e1564e818bff1cb7cfc1588f62e7d1884def74e458bc8e8ce06b0d1ae5ea00
- SSDEEP
  
  3072:ymv7sSF/kziROKy7eJP6yYtEpygAFBxUgglkWSH/wN:ymvfkziROKy7eJP1ck6wN
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  libanw.21.so
- Size
  
  9KB
- MD5
  
  060002f05125408f172e08f415736375
- SHA1
  
  9c86f4a911f7af25d79d16ba22549af0527efc98
- SHA256
  
  9ef9b42bfe2aa6c77714036537a29218e3e89a4a1e7057cc188deafbecd43566
- SHA512
  
  356cb79baddffacf00d7cb6cc6c84640bcf27b7c99a8fc186c47c9bdb21f1ee61c85ffaf354e319d1002a35a144f02bb7826962bba41f3193eb78e6d81dc9888
- SSDEEP
  
  96:ERb1j+G2Fc3bK5OGwarSRlFQxXEcMjzaaheEMxoB5kR:ERbN1T4wQSn2vgznwEMxoa
Score

1^/10
behavioral7 behavioral8 behavioral9
- Target
  
  libavutil.so
- Size
  
  334KB
- MD5
  
  cba1711acd2b427c0e640d8d26134da6
- SHA1
  
  168bf81a092d5a9a905f3fa13aea59c4fffb10f9
- SHA256
  
  2aa1bbea28a9f901f5ce758458778d20f8db6dfbc155318edc565d90780c0cfd
- SHA512
  
  183a8f829221053f4dc8c5eb39905e3a011b0e3f524930a4ee8f09659c0145f21e16f2255f3fd52168d7e2dd2d13c43c0365d352cb0393db9ed88e087f724ca3
- SSDEEP
  
  6144:eCjf2h5ULY6fgCUuJ4xdBbJhlU75IOSAihyoLa6kAQKE1yXgi5ftzQ7mCgdhVGHq:Nf2h5UHrUn7bJhmohHOstBh6S6W
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  librsjni.so
- Size
  
  62KB
- MD5
  
  5fe420ae8660271f3cac56b2d2686a17
- SHA1
  
  3f4b2695ad63144da5a3312ab91800276603ef07
- SHA256
  
  f6c63abd281b6b4b0add808e7e4b0adab2c375ff87be1de9a3994ca667c202f2
- SHA512
  
  30d8d953ffb5339cceb25987e316c72668669bf607af325d93c20d3d50e4e291239954517066341c0ff1f8f79f9231ab7fd8929f4551967a724d76ae83b89a65
- SSDEEP
  
  1536:f0jLMSkj9jQ4YgsAP01S6dhlgEi6PZ9N08TaAVCW:8jx8WgseAi6+xAVR
Score

1^/10
behavioral13 behavioral14 behavioral15
- Target
  
  libvlcjni.so
- Size
  
  57KB
- MD5
  
  6227da23c0e814d52cc3a1ec31fb3ae0
- SHA1
  
  2eaa49a0187f48b714f5d8004f1de426a500c232
- SHA256
  
  60eb1f7ba80e728d7e746bd4707e1349f6778a3e45462c564c6babed09fe1c4c
- SHA512
  
  dbca6f4fac55e9d894e3ee0297d5a7808a86f84a62ed8ff8e1744e38aeb73f77e90a81cd50dcb047da9ce8b0773f9a4c3ed8f949f69173be56e2ed43341e8633
- SSDEEP
  
  768:qkg/DIjWELAL8GMBKWuggM1XQr8l8BLR4AbzSZ9mA6V4ZdF1sKHHqkutLdZ86:qp/tnBLRZU9mA6V4Ftnq1t5+6
Score

1^/10
behavioral16 behavioral17 behavioral18

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

teabotbankerevasioninfostealertrojan

behavioral2

behavioral3

teabotbankerevasioninfostealerstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18