Analysis
-
max time kernel
179s -
max time network
164s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
02/08/2024, 22:10
General
-
Target
8feb5aef2953c68511777baf048319dbbbc83277ed8e5f296b39908c89ad8582.apk
-
Size
3.7MB
-
MD5
f5e2b917f92d441eb6c2acd358276377
-
SHA1
4dc6b173b762295c56273b9f1875935239d0a3aa
-
SHA256
8feb5aef2953c68511777baf048319dbbbc83277ed8e5f296b39908c89ad8582
-
SHA512
0c233914896f93dec45dd443e1df5f14cdd9c4bfaa6a08ce1c49a05615ecca45f719da3a73ce56786ac7ad21ed8a9c901466f9d2426632ba7afd4b4bb8935a62
-
SSDEEP
49152:DZkAiPbKOyKBgaPLQi2EVp4t0Izje+leswmCfrSTq4T654HVy9paR0ZHhz/vFSvK:ABbPLgcs3FeeCjKfVyDRhsvyLhB
Malware Config
Signatures
-
TeaBot
TeaBot is an android banker first seen in January 2021.
-
TeaBot payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
cash.roast.must1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD55b158bf19ea5d37ed8405c5454bec95b
SHA1a7d896db4d4a650a20e765e537707f8b9e165016
SHA2561c5b840d31d59a1180dba6cc58e97b554ceb53a90f8ee84d079cf7d7af436ed6
SHA512435850b461299ed62fdcd6e860033e8022f36e74a9a4de09c665de8a15855363475728fb8108884370c45f36a3c600cec1fd0277ab5c8b602b20cd05847362e6
-
Filesize
1.2MB
MD50928029df7d6fe852f8cc666d6c4ec41
SHA1cd1c73fcc9e49d1d3c98ba894e9cd1ba7d856565
SHA2562bec5f2ee3e41369214c43d05be4ac1a2ead2bc2b6c91cef275ad3c709f95350
SHA512362970dcd9438c673c918d00541f7870f5c7eb31379cb9faac87cd5e10b7c9abba4f8a36692683e7f23905f2773fec9258836f5814c333fc97c676dc91d6c80a
-
Filesize
1KB
MD5b380fb9fe527c4b22826ff0da6e48082
SHA1b69c37e95637f6b40e71380ff40caf8655c1459f
SHA2560a46dd5ec25001374bc981d4d637a277e7f3025593e092fd19bd3c806c7eafdc
SHA5129dd9676a2f17e6735ff7af916437244757e0a9978de8f15418cedb5050ec7674f54e981383a14afe2998385cc98b7d8a1a457486f403b9bf38870cba21a9130b