Overview

overview

10

Static

static

6

93880cd38a...0f.apk

 

93880cd38a...0f.apk

android-10-x64

10

93880cd38a...0f.apk

android-11-x64

10

Analysis

  • max time kernel
    2440218s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93880cd38abffa10e753c17ae7c14f0833356cba601bd1a3d3998859f47c900f.apk

  • Size

    3.7MB

  • MD5

    1af8aabf1bab2c4ed825d24aad6fdf25

  • SHA1

    92c1abc9ef94af9701608012e0c9f1f0c94fdb89

  • SHA256

    93880cd38abffa10e753c17ae7c14f0833356cba601bd1a3d3998859f47c900f

  • SHA512

    0d3673291f767e801461add2d46d04d48fcf8f3827588c3bc2d7fe926eb4e23ddbc841e139588cda98c1729a1c2b43387fdaad426398b797426e17b8853fb331

  • SSDEEP

    98304:kSdN59E3uUN+bHVG3ZRrGft4dG1kdS0ey/lR:ld5iuUNkVDV4YadlT

Score
10/10
teabotbankerinfostealertrojan

Malware Config

Extracted

Family

teabot

C2

http://91.215.85.55:85/api/

Signatures

  • TeaBot

    TeaBot is an android banker first seen in January 2021.

    bankertrojaninfostealerteabot
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • com.obckaliva.ebnxvikzi
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:5058

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.obckaliva.ebnxvikzi/y8ktapf6kj/iyfpgka98ty86gU/tmp-base.apk.8ghgg6h4359844331662522451.hhf
    Filesize

    260KB

    MD5

    1aba50ae00280c2aaf4319d90929f8f5

    SHA1

    54bbb5cf0d920d3aca1f871dd0efc65419fcbf27

    SHA256

    6ff1691e8003b0e54a9befc9dbfd8b8bc00022b43d7308a7a9734a7a09054bba

    SHA512

    083af0aea3624a8f8600076c4e7726c27e65c60735d3189d4afaa57676c24e9189d7d9c60c82b31aa08e82c39e5ca5af234bbe07a54910338829c7cca9ddd054

    Download Submit
  • /data/user/0/com.obckaliva.ebnxvikzi/y8ktapf6kj/iyfpgka98ty86gU/base.apk.8ghgg6h1.hhf
    Filesize

    624KB

    MD5

    6d17803df4155cb771196690c8183299

    SHA1

    48e0c9adb8014d25c5fe2257ba20fb5e209f46d2

    SHA256

    fca02e89a0c7ad4f18767c1c1ff85bbbf339e19a9aedc13a2da99035c74990fe

    SHA512

    27f70acbdd1b4a4b4d686988c61c0aea5fd70a0b6d05fb449de8253e39704025d012c92a4ae4d499650d9f90a325ea7b4b46af6e3c22fdeba8de24f11c83e4e8

    Download Submit