Extracted

• • Target

    56232948a56bdf7c6a69b1bdb2b636317ff84a150f69a6f86fddb1a4e56c3b6b.bin

  • Size

    2.2MB

  • MD5

    7a33c621d8316010100f1f415e5806e2

  • SHA1

    f07735aa5c1185b14204d3ff93c40dc71c200c12

  • SHA256

    56232948a56bdf7c6a69b1bdb2b636317ff84a150f69a6f86fddb1a4e56c3b6b

  • SHA512

    c6f2872688f0a5af1f14eac2d4ab0dea065c5826a13486637122cc183b10886cd76b0655a7913488be1c6cff7942a243301bb67180d79705607719d36263eb6e

  • SSDEEP

    49152:vuS+wu8apYaiI1g/0Y1trEpxCjfOdqcxOG+uR6TXY:6wudpNW/0Y1trEpxCjfOdFb6TXY

  Score

  10^/10

  teabotbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojanimpact

  • TeaBot

    TeaBot is an android banker first seen in January 2021.

    bankertrojaninfostealerteabot

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3

• • Target

    liveWallpaperPlugin.apk

  • Size

    162KB

  • MD5

    91d33062e74043bb0bd9d5f66b343f3e

  • SHA1

    aa3fab31cf6d5bc7fb1c012ada2b77ffe242a7c0

  • SHA256

    4c3720917d9920cdec450cc85fe2fe3db39bc48cff4fea270914b475fc79f08a

  • SHA512

    be5eb5cdab9e3348f3228fee40172b351a07d2d39ddd9d085593e3d78c13259be62425b4993a40696542902c452f7213a7b92410baf06192051640607389b80c

  • SSDEEP

    3072:QV8ZyGg6GYtzqWn1Vmkv7YVQi5cRVl/51SGHHkmjVw:w8ZLGYtrv7O09bSGHHkYw

  Score

  8^/10

  discoveryevasionimpactpersistence

  • Checks if the Android device is rooted.

    evasion

  • Queries information about active data network

    discovery

  • Queries information about the current Wi-Fi connection

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery
  behavioral4behavioral5behavioral6