teabot | 07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496

Analysis

max time kernel
2857779s
max time network
163s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23-12-2023 11:46

Target

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496.apk
Size

4.1MB
MD5

ccf691dd649de01fdd0451bf2a8b6125
SHA1

a86a01dcc48b7f82e09c1ba1a897692996f92fa9
SHA256

07daa50cc53222d995fdc500f2bb15ceb60eb6372a1e5c6498f4b40fe293b496
SHA512

d1f6fa97b4580d1524f3ec536c4675ec3bcfed1bd6867ad657ad532e62670c2da7a5238a8ce8529c303355c989a44954044790fcc48768ccab16da734ca055f5
SSDEEP

98304:hzXnkjBUiDC5McSHj4F42oY0LBCkFdRcv5:CjBUiWWcKcF2Y08IdRcB

Score

10^/10

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot payload 1 IoCs

Processes:

resource	yara_rule
/data/data/can.skill.dentist/app_DynamicOptDex/DwUbHk.json	family_teabot

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

Processes:

can.skill.dentist

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	can.skill.dentist
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	can.skill.dentist

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

can.skill.dentist

ioc	pid	process
/data/user/0/can.skill.dentist/app_DynamicOptDex/DwUbHk.json	5063	can.skill.dentist
/data/user/0/can.skill.dentist/app_DynamicOptDex/DwUbHk.json	5063	can.skill.dentist

Acquires the wake lock 1 IoCs

Processes:

can.skill.dentist

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock can.skill.dentist

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	can.skill.dentist

/data/data/can.skill.dentist/app_DynamicOptDex/DwUbHk.json
Filesize
1.3MB

MD5
35beecd9307ae0b35b625e21ea904a10

SHA1
4d5d66c9765179553855d5fa955cf9378e714f75

SHA256
e303229fc68463c2f33acba49bf6391d69aec07fb8ceee801c7fdf1e3c95e089

SHA512
4ade3d9673aba9f273ed090b8abb371ac297df10ac6766ab3730004566dcd39e37577643853d210647b3dfee1aba68cf679300ff1dcc6ca590bae3a7bcef348d

Download Submit
/data/data/can.skill.dentist/app_DynamicOptDex/DwUbHk.json
Filesize
1.3MB

MD5
35f1e52429d1459a5ed771c7ea1cb8e0

SHA1
7069a67d66b2f11dc0839e8b996e4d4e3cc98d10

SHA256
5fe847cc0665ba40cba7a8cebea325a136fd9a7458e410a049bc7bb85467a277

SHA512
176aada684149a76e6ef01150dccd0fc5420481320426371b45908d877824cb36a5de8cf3b320263a39f458fce906773a130a6af8263740cc6d95bd4eeb60c2b

Download Submit
/data/data/can.skill.dentist/app_DynamicOptDex/oat/DwUbHk.json.cur.prof
Filesize
1KB

MD5
0568bc72823384eff761b4b11a1c9656

SHA1
a52d262b61070922ab17f78a30181ee7ca588367

SHA256
2bdda085c84aabe3b0eb2ba5842f697fdfaf7d3aa8316f59eda814169bf13333

SHA512
e20d667a91921fa1a5295dbb2891df35f623598e3018877f63d85723083194f8d314679efadd7ca8a55f564701ee4e90b765bc86bc01b767370ebaf4d24571ca

Download Submit