Overview

overview

10

Static

static

6

bd0390766d...e1.apk

android-9-x86

10

bd0390766d...e1.apk

android-10-x64

10

bd0390766d...e1.apk

android-11-x64

10

Analysis

  • max time kernel
    2746311s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    24-12-2023 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd0390766d997a2f74af7f563219bc53a095fd7cd7edda0143e86d1b218b13e1.apk

  • Size

    3.7MB

  • MD5

    12d484ec42fce57aef35ba1ee71b7956

  • SHA1

    2a1400ed401aa5cace9609c32ebf8d168acd58ff

  • SHA256

    bd0390766d997a2f74af7f563219bc53a095fd7cd7edda0143e86d1b218b13e1

  • SHA512

    288e71fe7121b2b0fc51dae92932af984fb54eaf2b1bc6e8b071b28358cbc0c9c240fb32c01b2106614cce2ef0f617704318746917a87fbc13db1d47b7b827f4

  • SSDEEP

    98304:b0vbtMkG1CR4Ud1/HOtIuHTqaSkF85jLD8cEv0P:b02D+exHJSy85jHEe

Score
10/10
teabotbankerevasioninfostealertrojan

Malware Config

Signatures

  • TeaBot

    TeaBot is an android banker first seen in January 2021.

    bankertrojaninfostealerteabot
  • TeaBot payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • enhance.twist.there
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4470

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/enhance.twist.there/app_DynamicOptDex/dAjX.json
    Filesize

    1.4MB

    MD5

    13fa02ede4c8f08aee28e34635b7080c

    SHA1

    d1f223226269a855173b79e41ed663db06d43834

    SHA256

    2704656e1b36047855f416132c9e15cf25bad8dcbbf1d3d99c67612661398b6d

    SHA512

    237148f5fb6983dbed360e336c3cad2d5d919d58e4086e72a0d71520c50d59ebdd80c91302495012058eba5c952a268c7a20a8a62eb4f21c3616d92193b75b72

    Download Submit

  • /data/user/0/enhance.twist.there/app_DynamicOptDex/dAjX.json
    Filesize

    1.4MB

    MD5

    6a2bea327fa4955baf7cc5cc549747c3

    SHA1

    40ec234f83439eb0cdb2270f65b266d244b25298

    SHA256

    fdf9880ac07430bd890b23d321534647693c2c8f564ce7949f49bbf307b5e019

    SHA512

    5756c2a669708f7149baca3620613935583a2d175f20641c23ce4b19ac5d0502ae839b0a2932be0890a060687c8fd3f8f2d5dcb258f317946dfa50394ef7cb54

    Download Submit

  • /data/user/0/enhance.twist.there/app_DynamicOptDex/oat/dAjX.json.cur.prof
    Filesize

    1KB

    MD5

    e3ccb1483d7171fccdae5cedd81253e7

    SHA1

    76d135b7e144ce379c027435ccfc11e0f3eae108

    SHA256

    02e48d2620b1408f33f53c356d6ccef495b475b2f24fd565a38c60e73cfd2956

    SHA512

    c70b68a678016f25b2a27abfa266b8bfa43557833d0dbab9a96b2c3533f7b6eb06a2a024f52309529ab6d0f4fd08cd2511a9cc3b8c04b4e4df3c808810e60f0f

    Download Submit