Analysis
-
max time kernel
143s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
26/03/2025, 09:49
General
-
Target
a34c1e334e9d76e97b8e8ac6b88bbc45cbed7ab7fc3a62e2f348c940136778af.apk
-
Size
4.1MB
-
MD5
bd0ee78cded55ff30a37c670cfa66236
-
SHA1
70d690a40fb7307280d2bebf77615e757c7f6513
-
SHA256
a34c1e334e9d76e97b8e8ac6b88bbc45cbed7ab7fc3a62e2f348c940136778af
-
SHA512
f6e5dabbced24b03f44c40d189d27dee8e9a085cf4499d903289ee556b992557f6ffc33f13e58fbc3dfce3ad89a6834cad10a9c34764b6a372316bd7bab2fd53
-
SSDEEP
98304:k5GKk+jrrhCMTMI+On1L0Mcuw4P4dhdJAiA0vd3iYZQl:SGa7lYRQh0McufP0AiLsH
Malware Config
Signatures
-
TeaBot
TeaBot is an android banker first seen in January 2021.
-
TeaBot payload 1 IoCs
-
Teabot family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
subject.exhaust.play1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
983B
MD5868cdd457c1900f62e92314822c802dc
SHA1464057cbecdeecde480cf9e8e785736252878b87
SHA25695f6332a600ad9b2aa4f8e0a2fbc424b0bdbd7c1a29e8f339f4e998a9075b305
SHA512c758459c4aa8da51c5d8d6666446f8f1d44b667dfd4873018a80b579f3c10be1b673d34e6290313ecff2912af548a1de9d3ab9569021b1cda21203af8f51648c
-
Filesize
1.2MB
MD510d446daca47f5f2f0c5de4280408c15
SHA1dfbda37b38eef397e1e5ef06729ea8894fe1dfa9
SHA256800eed0e3318eeb602066c1a4027c1e5a81aca53c6483cc11f64ed14de9726c3
SHA5123afdca401822b283a78ea6070a5ab7be7ee29dc30dcedf0c840e9ab688ef613dab7252ee28196eca404a357def92b6ad4418283f33bef410ccd08d1946d784fb
-
Filesize
1.2MB
MD5513129acd55676ccfcb4fe14e416f5f4
SHA18664df47e10463f008cbb5307792939efde32ee6
SHA2561b52eec113f562186d5dac682b16975a9fe284627c8ba7b3b8c0c2c0c8ded9e7
SHA512acac5b4f2964d73c865bfb5eee2ad28835b14555d71f74d65bc88a006137c15c898d198875cc9a01199f056bee25919372b67cc19d9f352d4d6712ad79e1bafe