MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Teabot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd
SHA3-384 hash: 99d81d90334dc114ad63b6b5c5fd5030dc7698638837294a5fdce44fb7229fb6b1c8060a44495c402a94a56ce832b812
SHA1 hash: 29c497dc416d903917e92ae347371b15009eaee1
MD5 hash: bf2ddaf430243461a8eab4aa1ed1e80d
humanhash: wisconsin-leopard-sink-ack
File name:base.apk
Download: download sample
Signature Teabot
Create hunting rule
File size:3'371'203 bytes
First seen:2022-03-16 12:36:45 UTC
Last seen:2022-04-20 10:20:36 UTC
File type: apk
MIME type:application/zip
ssdeep 98304:ylxgweICNV+mN24ElmQjE9LBcGDIXAOthoV:ylxgBImV+mCmQjMLBarrc
TLSH T127F53387E3B7F011EFBFE6B85914B17B564B07E002C4FA9E24469A9444F3CC96E89C58
Reporter _icebre4ker_
Tags:android apk signed Teabot

Code Signing Certificate

Organisation:np
Issuer:np
Algorithm:sha512WithRSAEncryption
Valid from:2021-04-25T09:03:56Z
Valid to:3020-08-26T09:03:56Z
Serial number: 045ff9a3
Intelligence: 41 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 492682f877607ee99df2ddd2bd5953fd727bdf6e19d397de9dbbafd582bcad75
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
4
# of downloads :
355
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Android.BankBot.11270.27439.7126.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe fingerprint replace.exe update.exe
Link:
https://www.filescan.io/uploads/6231da0f0cd58dbd92a62f55/reports/f869a080-88a6-4e5c-ac2d-cab44d3958c9/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/957944
Signature
Antivirus / Scanner detection for submitted sample
Contains a screen recorder (to take screenshot)
Multi AV Scanner detection for submitted file
Protects itself from removal
Removes its application launcher (likely to stay hidden)
Uses accessibility services (likely to control other applications)
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd/
Threat name:
Android.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-16 12:37:31 UTC
File Type:
Binary (Archive)
Extracted files:
89
AV detection:
8 of 33 (24.24%)
Threat level:
  5/5
Result
Malware family:
teabot
Create hunting rule
Score:
  10/10
Tags:
family:teabot android banker evasion infostealer trojan
Link:
https://tria.ge/reports/220316-pth4vsbheq/
Behaviour
Removes a system notification.
Acquires the wake lock.
Loads dropped Dex/Jar
Makes use of the framework's Accessibility service.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
TeaBot
Malware Config
C2 Extraction:
http://195.201.70.80:8000/api/
http://92.63.97.204:8000/api/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/47bb7f855cdf116c62499240089fa1b7a69585e8b7f639e192b9d038da4094cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malpedia
Malpedia
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe

Comments