Analysis
-
max time kernel
149s -
max time network
170s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
-
submitted
01/04/2025, 22:02
General
-
Target
7861f533612ed5bc7d098075ad1f2fef1648ff02ae12fd8b41fd49b6ac73c15b.apk
-
Size
4.0MB
-
MD5
76d27f47fb0131c470eb637c201db4ca
-
SHA1
1ef9d327534df860865273109070bd420780b739
-
SHA256
7861f533612ed5bc7d098075ad1f2fef1648ff02ae12fd8b41fd49b6ac73c15b
-
SHA512
845d2a2856c975adfd6c032e9738b87f11d5b75e3996fdcf3941b450e9b5811341e6506525e49c0efba6da6c60c8d279e0a343af8e582566ae76e4b73d61b798
-
SSDEEP
98304:arWdNHQOiAjPWpgl1oUVifo5b60jaMdZ6NqIfs5D:aSb3jepg3oUVao5bjlZ6N7fsN
Malware Config
Signatures
-
TeaBot
TeaBot is an android banker first seen in January 2021.
-
TeaBot payload 1 IoCs
-
Teabot family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Acquires the wake lock 1 IoCs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 7 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
usage.just.shock1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD57b3f4df9f119dd6d984552b3ba3d734b
SHA1c191313833252cf3e472fffc8b54448e4f6a4192
SHA256f9fb1598df72c799c7539b94bd4d130c0428a597da6623743796d603e60a1ce8
SHA51234d3c5a01b8287bfd0c52b4320528f908629dace69387aee297b3b1b930ff1d5098db6c18a11ecabf73f2e0a5cda35a4a8738b5d3d81025b006642ca5ea49a1e
-
Filesize
1.2MB
MD54c3aa4a48283e0f0e8a9c15fa14bce41
SHA1f7c098941b001cca43fc25f1e8f3e0d9142cdd7f
SHA256624a0a7c78214065db178215ce8248cfd630648c0f036a018b083788393bbf1e
SHA512b7eb01f6925a33e168aaf10d9f9ad48543c2a2512fecad5672c428ad46cd994978029aa0b56a231515dcc7fb7c9b2cc905a4d6891e3a22cf00788f5d500a74ab
-
Filesize
1KB
MD5781dad0db881590d91e8c51f95609953
SHA1af3714d309b0d96ff6f8ec6cf7d716601f151f78
SHA256edb2f0920c9288d02b82c83ff21a22e6d3b75009e5b56896a878429ce31a8ffd
SHA512885beb2939ec0558e4049f17e7b58eb9cae0f71bb9429d90af37ce2e4a08549cd26dc7c5f967e3422c02ea17633aa119d5afbeb514e75c60bdfe6b997f91701a