Extracted

• • Target

    dc9383a0fb77ca5f6d416dfe0945a6278741f928013f863b97ce159d09718a81.bin

  • Size

    2.3MB

  • MD5

    cb02f9e5a5671e3f13bc26d3017b8632

  • SHA1

    ec5d64e0387a9492aad66e60bf393728e7e91e80

  • SHA256

    dc9383a0fb77ca5f6d416dfe0945a6278741f928013f863b97ce159d09718a81

  • SHA512

    58bc9fc7940a214712bfb42ddfc66a83915b8a8cd056c1793b91d81fee26dce93da67f1a5d9b62994f0b02e9ed8bf249711c93aa6e835aa641fcd278dd05a339

  • SSDEEP

    49152:wN6L08xEmWoVuzsio0XOpWKG9v4tydxw9QMStBhyOXbDf9tKHxtg:nL0UEwVOsipXOYdv4tyPwRSt7TltKHxu

  Score

  10^/10

  teabotbankercollectioncredential_accessdiscoveryevasionimpactinfostealertrojan

  • TeaBot

    TeaBot is an android banker first seen in January 2021.

    bankertrojaninfostealerteabot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3behavioral4