Overview

overview

10

Static

static

6

767c218be4...96.apk

android-9-x86

10

767c218be4...96.apk

android-10-x64

10

767c218be4...96.apk

android-11-x64

10

Analysis

  • max time kernel
    2301195s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20-12-2023 00:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    767c218be4e7d2c99ee9c8b36128ac932d2dac0e3792ce638b804083f75e1096.apk

  • Size

    1.2MB

  • MD5

    c8793b4d4b5bedec055b8226358ed00a

  • SHA1

    945feae70d7f65d36b30f97fe3ad5c995bc37bfc

  • SHA256

    767c218be4e7d2c99ee9c8b36128ac932d2dac0e3792ce638b804083f75e1096

  • SHA512

    ee9bff8b99de34ef8e283bca0ff3acf74a02abe9bc24bcb48396d96f21871bc366dbdcce0912b2477286146ad1ff3dfcca549a6e3dfabc00b2a78efd6a4bbcdc

  • SSDEEP

    24576:N/bg0gs5w15vsuVe3DDFdeCpt8xCHuLTbFpOTg49FVXDTNMDCV:N/U0b02DDp2HFM3XGmV

Score
10/10
teabotbankerevasioninfostealerstealthtrojan

Malware Config

Signatures

  • TeaBot

    TeaBot is an android banker first seen in January 2021.

    bankertrojaninfostealerteabot
  • TeaBot payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.stone.observe
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4504
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.stone.observe/app_DynamicOptDex/kwLBB.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.stone.observe/app_DynamicOptDex/oat/x86/kwLBB.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.stone.observe/app_DynamicOptDex/kwLBB.json
    Filesize

    200KB

    MD5

    3ca956b3cc5c45ba72bb60d9fcced6e0

    SHA1

    8e674da3cde440af60a54647bae818d50f4a47cc

    SHA256

    82a063c41dad8f1e172bfcdfd399aad9b4a73790697765810578799cb2887cab

    SHA512

    aee8722d6d9520e21cf2b4cfaa3ec3361878881eeacdbbd0fc40d8534f80a50d7bbf184561d1a13fef5659d444fa1edbd1de1b80dd222451a870cd8525513cad

    Download Submit
  • /data/data/com.stone.observe/app_DynamicOptDex/kwLBB.json
    Filesize

    200KB

    MD5

    c830784444dbaaf7e087a95c4d7ae2a8

    SHA1

    4d4a76997dfe510187f618731f7d0a67fc98da17

    SHA256

    366f0ae481e3fe81c4682c144925bd901b5567df6e956c382f056af9dc4484ab

    SHA512

    bf2d7a74a32fe45da083e5c9421411232b016f599f641971a9b0305091804b755027f42d23d7aeb0c4c47993acc9f6a68d4a80f31aa248a058cea8e169ccd977

    Download Submit
  • /data/data/com.stone.observe/app_DynamicOptDex/oat/kwLBB.json.cur.prof
    Filesize

    1013B

    MD5

    b280a8a26674404f11dacb9bbff8b994

    SHA1

    0c86d773433423c9e28046db8cfd0cbd132be053

    SHA256

    2900ed24f2969087d0f76729d6ac56b41197e79ae0e1ab3093f56a0c372ea590

    SHA512

    f7db0acdf5c53e2a0ff46789f99affc93fa4176c50c944166bdea248cbb1776c1f3bc47db614ace18400bbcce27d3d20844cdf3ddc215b019068ae3e5cc9736f

    Download Submit
  • /data/user/0/com.stone.observe/app_DynamicOptDex/kwLBB.json
    Filesize

    523KB

    MD5

    41237a25435999702fe1e489b2997af5

    SHA1

    5015d1e9c346bf98a4d205cc25a2218690185946

    SHA256

    05adbc38c89f294182ac1379f612d4c2885aac3c4df3a8c6f67a6bcd89dcbc89

    SHA512

    75d839fb4f37bc63b44013a36973889222de491bfd7baa4cf06ccaacca096cca9ff04cefa240b643bc39711dce92a1a976deb17d5d3d445de3e6fd0d501ce5ac

    Download Submit
  • /data/user/0/com.stone.observe/app_DynamicOptDex/kwLBB.json
    Filesize

    523KB

    MD5

    b78a911019dd2a99e6c6ea1e18e88398

    SHA1

    d8da4b8b4407e3ce4f895fcd1062246ab434016a

    SHA256

    af3732ed805c1f6e7f85fbd9a25371ed4c34be9a530914e493163f3cb03633a3

    SHA512

    521d754daae655b6d4e8b6793c4611dae5631f57bf0b06ba08e72554d7a363f67e1a2ee9c6e7eb6e357beab065d277aafc33326004151b0f317aa52fac23b7cc

    Download Submit