teabot | 308854628ee791468c30ec49a0f48bf46a1ee9d615c3efa444506b43a0615e4d

Analysis

max time kernel
1549532s
max time network
158s
platform
android_x64
resource
android-x64
submitted
30-06-2021 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

308854628ee791468c30ec49a0f48bf46a1ee9d615c3efa444506b43a0615e4d.apk
Size

3.7MB
MD5

90a2fd7bc45623939ac8e886cf37195a
SHA1

07954951921de3848a0da02ea019b0b55a124845
SHA256

308854628ee791468c30ec49a0f48bf46a1ee9d615c3efa444506b43a0615e4d
SHA512

567457082be6c24a1ae92418e18fb81d66936fdcc88ab6b9fe8d345fd47135c386374a0271f08914b7ad9b02a83c19f49099f1cfc481b94ac930b3d7b4296bcf

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://178.32.130.175:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/unknown.tooth.grass/app_DynamicOptDex/RknUcSq.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

unknown.tooth.grass

ioc	pid	process
/data/user/0/unknown.tooth.grass/app_DynamicOptDex/RknUcSq.json	3594	unknown.tooth.grass
/data/user/0/unknown.tooth.grass/app_DynamicOptDex/RknUcSq.json	3594	unknown.tooth.grass
/product/app/webview/webview.apk	3594	unknown.tooth.grass
/product/app/webview/webview.apk	3594	unknown.tooth.grass

Uses reflection 3 IoCs

obfuscation

Processes:

unknown.tooth.grass

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3594	unknown.tooth.grass
Invokes method android.content.Context.bindServiceAsUser	3594	unknown.tooth.grass
Invokes method android.content.Context.bindServiceAsUser	3594	unknown.tooth.grass

unknown.tooth.grass
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/unknown.tooth.grass/app_DynamicOptDex/RknUcSq.json
MD5
275bfe426cdfd60a632e6eb91e7d8d36

SHA1
d2ac07eb4466080737a1773db5f1650913487773

SHA256
9ea022d82ef18a9b84bd2125c9028f03565770b3ce87ba9d372af3f7e213272c

SHA512
ef6856dc3ddb6a1c942fc89d107fe030313f9002b3aed8aaa65c7a23c94c2c01ec4caf52c471abbeb59c7ae376cf978b031ea610e42bc0a94fa78548cf1113f5

Download Submit
/data/user/0/unknown.tooth.grass/app_DynamicOptDex/RknUcSq.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_DynamicOptDex/RknUcSq.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_DynamicOptDex/oat/RknUcSq.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/.org.chromium.Chromium.dcNRih
MD5
25a5b6217da9a224adfb9a7729556e55

SHA1
f29e5533c6dcefa134ca4ebf22bb55b4ea6a9b5f

SHA256
c5f6add3f00a205e7a21fab39de6ac32ec6fec3fe822a860ee24977044308acd

SHA512
2df14260797b03f526c855b6d6cd8f2ba28f929e4ee3dbe40451d870871693f1f26e26b70666448fe4c5971e4d93a11572d68d39c930843b704aef1b7e696ad4

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/GPUCache/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/GPUCache/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/Web Data
MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/Web Data-journal
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/metrics_guid
MD5
6b2bc16e42361d7e4c71e0b3d214ce43

SHA1
6b5fcd5284c418f3db3376a6567aa79e1aee3eaa

SHA256
6e9dc623a78acd2a76dcc007343074e3a0d040e21144e2e8a63068e55325916c

SHA512
86d040eea4068e130744143f8daf23c7bec5e554bbe8fa3e807eac6353f385db64f32e8346b28a3d9aa0116b9db87f2846772e29b02d9a5040fb0db745fb0abf

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/cache/WebView/Crashpad/settings.dat
MD5
98efd026e1797b4660ab3b9550c110eb

SHA1
171aa785e308e1bff61fc93b252b373feddf9001

SHA256
7bf69e891e039585b3e9842282f514b835a6931755d5ca792282aa7753516748

SHA512
4f7ec652c43b1ad7f19d52822c1a1f15b09cc9a09783194bbe75ba84ebc18b4650b48c1907f3a149e0354ba28998e085e21634f8a051d33e3bcc80e9a8d3f30f

Download Submit
/data/user/0/unknown.tooth.grass/cache/org.chromium.android_webview/Code Cache/js/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/unknown.tooth.grass/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/WebViewChromiumPrefs.xml
MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
7deb92aa5d9b7a4dbfa7c22ed6279efa

SHA1
11034f899cb44f3ee23e1e7106e1538aa8e247bf

SHA256
91094f01b22f887e0841c7ef165cf696a39ab74f5b8f7033c2852b7db793c4f2

SHA512
60eac3cca6a8c71b3e61502572c80b5259e788e6da75bb1898104516aa727fbf92855dfdfe9bab711a61ce29701b168c16a8cffa388f2c1c11ce3ca289cea1f9

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
faf9226ab2c5d864de8a3a0ba3a9d99b

SHA1
10b2fb97814e5eaa13d713c923b57cb2a39e5dab

SHA256
436679c5548aa42a1160f3f3ec6e55ab98e1246b337044619e123f46747172d0

SHA512
6433021977dcc81914ae2838cacbcb4f0e5526301e9e2711dac1eef29eb7f64f223419524859f8a0b4699326dc586fc3eb2555140728c77c2712863bbe831838

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
cca158eed3bfb8c3082e5cce86b3fa00

SHA1
bc3ec67d33108d33dc8f983db96579d901bae178

SHA256
a7462d1f9dab62a644c31e6f5f1b285205fab8da1642821348e713b312ca7973

SHA512
26ac175bcbc7a4844c544f95825c0e4333a45fc24b1ab66081f9861f5045cf3e24bd79bafc46b371d856f04c98acca89af81ff7be74170de3738760bf88a78fc

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
16fd75309266c249cd29d5287608c742

SHA1
f26033f3a28a55832ce9af992a923cabd0d1a643

SHA256
64d6203ba924cc50b9b383c80ff8dbc8d16675a1928d2de5940763a3d3acebea

SHA512
129eb132dc2356864f0cbfb42ab3337e5771f314f42436949557507ad6a079147edbec028836a711334c4012edf5606782073757d311dbc035a00d9f5462e2dc

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
c89faae8a8282d343d090f8f5634e4d0

SHA1
f166d8cce83887fc67539a687b5a0238ab5bebba

SHA256
80a35f2cf0f03718d3b361dcd2c8fd58f1dd626ce6fb5359c0dd888986f0bf3f

SHA512
2f475680c6a7fcbf06b6339e56319f205347f6ee686973e7bcbb83770231246b71736191ec6868593730b1c5d26884b697274be01bb501ddbf910741e2647f39

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
ddbc8c4dfc224f4f8152bbf1a420c82c

SHA1
fb43878f5a2689ee696f6cd1e2c57aaba1f3a2b8

SHA256
5e630c2254f0944421570484375fa214b2deac30137aeb90a5d04fa0e906e48c

SHA512
66f1a6ae145e0d6fc759f4ced7f8b4a0c50a768ba294676d337fc9d7dae959b47920b32b14900280ba9dfe1c3f059eb1bb6fc3d3861462c38b8201449d9ee280

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
c157c41576d92a7b2878d71e97273ac3

SHA1
059710b88434cf722de99a12fd645ecf37b78bc0

SHA256
68c0650630437116696a09ed64779904d138fa1a01698a080aafeb4bcbfa4116

SHA512
1f7e3a4633c1f4936dffa40cd58189bf07e551374ae0bd82effbbcc0871ff3a69e3647722ba144a62d730fba1cc841beba5b38538145f6b185afb107c7ae55e5

Download Submit
/data/user/0/unknown.tooth.grass/shared_prefs/config.xml
MD5
cb167c7634ea576731dc8a900ac4366b

SHA1
2cfee42efb61d3efe1bef2b3ef4e580be0107de2

SHA256
5ec7faa3055c0ecd59bba4055cef75fc70e484523d97e225034eacba5608de43

SHA512
b58f022c0eab7fb596888fa35a07924d7220ec08f3df17c1e5f37c3fd4335bc12320837756f7cfcb89f066b5e091844b60d7a5f140a2cbbdca2eacc5ba7a1d32

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit