teabot | 07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496 | Triage

Submit
Reports

Overview

overview

Static

static

6

07daa50cc5...96.apk

07daa50cc5...96.apk

android-10-x64

07daa50cc5...96.apk

android-11-x64

Sharing

General

Target

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496
Size

4.1MB
Sample

231223-nxsa9sade6
MD5

ccf691dd649de01fdd0451bf2a8b6125
SHA1

a86a01dcc48b7f82e09c1ba1a897692996f92fa9
SHA256

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496
SHA512

d1f6fa97b4580d1524f3ec536c4675ec3bcfed1bd6867ad657ad532e62670c2da7a5238a8ce8529c303355c989a44954044790fcc48768ccab16da734ca055f5
SSDEEP

98304:hzXnkjBUiDC5McSHj4F42oY0LBCkFdRcv5:CjBUiWWcKcF2Y08IdRcB

Score

10^/10

teabot android banker evasion infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496.apk

Resource

android-x64-20231215-en

teabot banker infostealer trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496.apk

Resource

android-x64-arm64-20231215-en

teabot banker evasion infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496
- Size
  
  4.1MB
- MD5
  
  ccf691dd649de01fdd0451bf2a8b6125
- SHA1
  
  a86a01dcc48b7f82e09c1ba1a897692996f92fa9
- SHA256
  
  07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496
- SHA512
  
  d1f6fa97b4580d1524f3ec536c4675ec3bcfed1bd6867ad657ad532e62670c2da7a5238a8ce8529c303355c989a44954044790fcc48768ccab16da734ca055f5
- SSDEEP
  
  98304:hzXnkjBUiDC5McSHj4F42oY0LBCkFdRcv5:CjBUiWWcKcF2Y08IdRcB
Score

10^/10

teabot banker infostealer trojan evasion
- TeaBot
  TeaBot is an android banker first seen in January 2021.
  banker trojan infostealer teabot
- TeaBot payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

teabotbankerinfostealertrojan

behavioral3

teabotbankerevasioninfostealertrojan

© 2018-2024

Terms | Privacy