Analysis
-
max time kernel
149s -
max time network
154s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
27/03/2025, 17:48
General
-
Target
b88e7421bc61f4ce20c0694418fc97c1e77cfd3f2053857f87cc47512a55c3d3.apk
-
Size
4.3MB
-
MD5
7823e56b4b1631ef52bbd5b95c186554
-
SHA1
f47ee24af407de1019e8605ad8f111732305fa5e
-
SHA256
b88e7421bc61f4ce20c0694418fc97c1e77cfd3f2053857f87cc47512a55c3d3
-
SHA512
ceac5d17b69d0297a7a83873705c46486894de70d45e33e64cf5971be05ac0dd07bda996fe9627bcc001aad9b954703de8028d296ed5113ff73ba02cce16a48e
-
SSDEEP
98304:7vNrfTch74luHqnwV6vNQV5EGArGY4fBl7ZbfUZIOp6Py5df:7vNrfghUluKnRvKV5bk0B1ZAPhf
Malware Config
Signatures
-
TeaBot
TeaBot is an android banker first seen in January 2021.
-
TeaBot payload 1 IoCs
-
Teabot family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
angry.grant.doll1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD59299a922d35a418fab1821203569c9b8
SHA115464cd438cf88b63a1fa244f2433c35578f02ff
SHA2562e87ff9e0d7e79efbeb27e5f1f0041a81f2b1ba8359c4cacfeaba341cefbf48f
SHA512ad942f3b3c3a287f87e79b193146ba5b8d8f036921906a536ab744933ae323a853870da55da6b4f0e0cf52bcce75da178455f50f624a38d5c8353c855cf62162
-
Filesize
1.2MB
MD5e568315f15f0f3af927ef6348c635820
SHA162a4a8fe65af1866b983c94bd57645880df2cd93
SHA256b2d15b080782f826b9d131a6188575bbbe9011d4c99dec87b73d7d34f1de96c9
SHA512d71afcae4cf2741cdb90b0ae04a034783db82e4052e0a84f6ed35efb340fc11c22186356ea13f3fc46c084e42f87bf348cb37644c0a00b4327ec52fd792deb0c
-
Filesize
1KB
MD5802fa8a928628c42383850a030b91637
SHA188da8217c218e66e8f1114b0148627cb8885b9d3
SHA25655d6b36e2b6239e846571b205f3959ed3d6002aa861649c3b1d960f0a6f04e38
SHA51274362f7aa5534aa1a7bdd58ccfd56fd7e1292091d6071a872343c82efa3bbce86f1a1740bcee375b526cb590e4b392e33d9f218b565d1a1d59c3673c2d0e047d