teabot | bd0390766d997a2f74af7f563219bc53a095fd7cd7edda0143e86d1b218b13e1

Analysis

max time kernel
2746303s
max time network
157s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
24-12-2023 02:33

Target

bd0390766d997a2f74af7f563219bc53a095fd7cd7edda0143e86d1b218b13e1.apk
Size

3.7MB
MD5

12d484ec42fce57aef35ba1ee71b7956
SHA1

2a1400ed401aa5cace9609c32ebf8d168acd58ff
SHA256

bd0390766d997a2f74af7f563219bc53a095fd7cd7edda0143e86d1b218b13e1
SHA512

288e71fe7121b2b0fc51dae92932af984fb54eaf2b1bc6e8b071b28358cbc0c9c240fb32c01b2106614cce2ef0f617704318746917a87fbc13db1d47b7b827f4
SSDEEP

98304:b0vbtMkG1CR4Ud1/HOtIuHTqaSkF85jLD8cEv0P:b02D+exHJSy85jHEe

Score

10^/10

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot payload 1 IoCs

Processes:

resource	yara_rule
/data/data/enhance.twist.there/app_DynamicOptDex/dAjX.json	family_teabot

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

Processes:

enhance.twist.there

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	enhance.twist.there
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	enhance.twist.there

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

enhance.twist.there

ioc	pid	process
/data/user/0/enhance.twist.there/app_DynamicOptDex/dAjX.json	4983	enhance.twist.there
/data/user/0/enhance.twist.there/app_DynamicOptDex/dAjX.json	4983	enhance.twist.there

Acquires the wake lock 1 IoCs

Processes:

enhance.twist.there

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock enhance.twist.there

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	enhance.twist.there

/data/data/enhance.twist.there/app_DynamicOptDex/dAjX.json
Filesize
1.4MB

MD5
13fa02ede4c8f08aee28e34635b7080c

SHA1
d1f223226269a855173b79e41ed663db06d43834

SHA256
2704656e1b36047855f416132c9e15cf25bad8dcbbf1d3d99c67612661398b6d

SHA512
237148f5fb6983dbed360e336c3cad2d5d919d58e4086e72a0d71520c50d59ebdd80c91302495012058eba5c952a268c7a20a8a62eb4f21c3616d92193b75b72

Download Submit
/data/data/enhance.twist.there/app_DynamicOptDex/dAjX.json
Filesize
1.4MB

MD5
6a2bea327fa4955baf7cc5cc549747c3

SHA1
40ec234f83439eb0cdb2270f65b266d244b25298

SHA256
fdf9880ac07430bd890b23d321534647693c2c8f564ce7949f49bbf307b5e019

SHA512
5756c2a669708f7149baca3620613935583a2d175f20641c23ce4b19ac5d0502ae839b0a2932be0890a060687c8fd3f8f2d5dcb258f317946dfa50394ef7cb54

Download Submit
/data/data/enhance.twist.there/app_DynamicOptDex/oat/dAjX.json.cur.prof
Filesize
1KB

MD5
cbaa786609ba70ef5c05caea15e65dca

SHA1
10583219946b53ecf5d482f06b8dbab6b53016f2

SHA256
6becd0d8d75a2e1c41fa3e357a49254505f344d58b01b7e36efaf538df5e529d

SHA512
13f0e8c7b158782735f55270b6bcccec969b4ff0a72040eb376476ff7f49082c00033ce1fccc049af21e12a7cc0c0cac7d71770e8eb1b0b9fc2e41b1ecb61eb4

Download Submit