teabot | 0e3f6025d4dc20c6789378fb8f7d8a3dab5c12d4be6810037b1c49c30283146c

Analysis

max time kernel
1652918s
max time network
181s
platform
android_x64
resource
android-x64
submitted
01-07-2021 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e3f6025d4dc20c6789378fb8f7d8a3dab5c12d4be6810037b1c49c30283146c (1).apk
Size

2.6MB
MD5

2354fe8737784349221b56c269c51029
SHA1

291f37724c301d93345442b2f291a90f603f7fcc
SHA256

0e3f6025d4dc20c6789378fb8f7d8a3dab5c12d4be6810037b1c49c30283146c
SHA512

bab58071777895cc9566d75b9776ba03fc7cec51b2995cdb8b2bbbb285efa4e3fa8df753e4ac5ef32a44c35f1c3e0c4ee060375119d1f505f7c76f0431bd1cd2

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.onij.dzuluth

ioc	pid	process
/data/user/0/com.onij.dzuluth/app_apkprotector_dex/6BkIzmrn.sy	3594	com.onij.dzuluth
/data/user/0/com.onij.dzuluth/app_apkprotector_dex/6BkIzmrn.sy	3594	com.onij.dzuluth
/product/app/webview/webview.apk	3594	com.onij.dzuluth
/product/app/webview/webview.apk	3594	com.onij.dzuluth

Uses reflection 3 IoCs

obfuscation

Processes:

com.onij.dzuluth

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3594	com.onij.dzuluth
Invokes method android.content.Context.bindServiceAsUser	3594	com.onij.dzuluth
Invokes method android.content.Context.bindServiceAsUser	3594	com.onij.dzuluth

com.onij.dzuluth
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.onij.dzuluth/app_apkprotector_dex/6BkIzmrn.sy

MD5
4a14201580be025a9c333aba9aa3a935

SHA1
c7e08d5742a96f452eadc70fb61f8c367eab3fba

SHA256
deb5d3bedc8e91352c3b02e2fbab5d5980a0eafb61df567aec0ade0483b057d1

SHA512
d04ab3ee83792bb23bde0210a9f3cfaa4f9d036f08d4f04d99afdbf47a726fb338225c8be36615492fec6f5f0bf25584a824fc23d51b0a0a33071109cdd0b631

Download Submit
/data/user/0/com.onij.dzuluth/app_apkprotector_dex/6BkIzmrn.sy

MD5
87e8fadcad3ae4f703da1e5da3a5b4f8

SHA1
b610a12c51652d58d5800dc35bd8f6c806de2e5f

SHA256
84d63f9d55605d59a2c9104d1fa4d6817934e84804caced8e4128f1f98562d7b

SHA512
68660d327eaa544604625553cf060656179eebf7d8dcf3375656b299aed868726e23a61a59a737d47ef38cdb4d0d99626141d827069c88093044fd23693e2f7d

Download Submit
/data/user/0/com.onij.dzuluth/app_apkprotector_dex/6BkIzmrn.sy

MD5
4a14201580be025a9c333aba9aa3a935

SHA1
c7e08d5742a96f452eadc70fb61f8c367eab3fba

SHA256
deb5d3bedc8e91352c3b02e2fbab5d5980a0eafb61df567aec0ade0483b057d1

SHA512
d04ab3ee83792bb23bde0210a9f3cfaa4f9d036f08d4f04d99afdbf47a726fb338225c8be36615492fec6f5f0bf25584a824fc23d51b0a0a33071109cdd0b631

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/GPUCache/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/Web Data

MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/Web Data-journal

MD5
6f4fa14587666e79d1da1e8b0d43794b

SHA1
a84d0459df1156347f4d1cb057de96fc8b748693

SHA256
24885e235e809441a2ef5056efba829fe5a8612ae0322a88f997b7af1fce1219

SHA512
9c86f803a8167c13ed191a689bb8a345885ab5766e6b18aefa68c1fa8476d909f9e7506a307284de8bd797f71ca662b34ec0a60ed85679acf3296deb3f39cd04

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/metrics_guid

MD5
c4e5db3e654c61bb239664a47a6ec319

SHA1
c99e0ddfbc21bdcc204bead8bfd123ebfd142302

SHA256
12db22b83c47986f10ff0f3e325d0ef6f11d1d5646745e13a408545eacdb10e7

SHA512
266735a64a174d0361a784a9bc6c022e01103f2887ec9c283dd5d6decfa4c99f14494ee011f2ddaf25bbc9ead4f0a8dc7ce750a72d815d80302dafdd34ae5dbe

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.onij.dzuluth/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.onij.dzuluth/cache/WebView/Crashpad/settings.dat

MD5
30597171504967615ae8ea10fed2dc39

SHA1
9235cca67808e558e00309470a7c95f2e7012088

SHA256
7eab85508302ca9a1f25aebb772a799c1f3098f2a184d9083b0ca889cf3d83ce

SHA512
7d6e873e7890f369cc2b606e6137f266813dbce0ec363be4089c11e85777bf9e74d72db4fe53dd8cb49f7d52e7569e93fdaa05f42540ef4dde51217c63cfeb59

Download Submit
/data/user/0/com.onij.dzuluth/cache/org.chromium.android_webview/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.onij.dzuluth/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/WebViewChromiumPrefs.xml

MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
cb167c7634ea576731dc8a900ac4366b

SHA1
2cfee42efb61d3efe1bef2b3ef4e580be0107de2

SHA256
5ec7faa3055c0ecd59bba4055cef75fc70e484523d97e225034eacba5608de43

SHA512
b58f022c0eab7fb596888fa35a07924d7220ec08f3df17c1e5f37c3fd4335bc12320837756f7cfcb89f066b5e091844b60d7a5f140a2cbbdca2eacc5ba7a1d32

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
7deb92aa5d9b7a4dbfa7c22ed6279efa

SHA1
11034f899cb44f3ee23e1e7106e1538aa8e247bf

SHA256
91094f01b22f887e0841c7ef165cf696a39ab74f5b8f7033c2852b7db793c4f2

SHA512
60eac3cca6a8c71b3e61502572c80b5259e788e6da75bb1898104516aa727fbf92855dfdfe9bab711a61ce29701b168c16a8cffa388f2c1c11ce3ca289cea1f9

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
de358ad506ddc8ef186cd80d5ec81fd1

SHA1
d6fc5fff8c45a5479490c87733855187c529e810

SHA256
df1270e905899a856055184fc095c8cf585b244f3ed69a1aebff66966a3488ad

SHA512
4846619d6c48408d096b919340b6afc82a7caba98c95197f8806e1eced028ee113d5ab123e98c697190c2197a5e6dd901dc8486476c2446927af7abe56b3b3be

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
2aea0c0a21192ad381c6930bbdf227f8

SHA1
556cf87a4baefb8d84fca55fd1fa1149e17f50d3

SHA256
f072e5458d1e6e4333135868e3cbff3c2f7c5a27f1086b8c384b34a56e0438f7

SHA512
a377c3ed6db37c399ac662c4fa6dc4d889f30b8bb638029615ea776adb1a52d44efb344f61cf36f7e06bcda5d908e77efca44b1587f9cdcc658277ff2804cdbc

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
bb2c972011eb78ca210faff17430f833

SHA1
a52f1efe692f5d4abc73f73ab8a7408ac26b2eb9

SHA256
121391fef21ddc3378c17afc36f2aa5884085c881b603814c1216f32b45fd12d

SHA512
af4ae6cd0592797bd9469008cbbd17ea41eb81fc61d022444a23cabba4b2385ba0c35381a37146646f8603e0c91ef0ec75ca52047f4f17b7e2356fe3877fb371

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
801daf1f111167272c280fa2d2e3aee2

SHA1
78a9f14a5f1535b29674998e782954c08e397592

SHA256
af9766d6bf4e1f74b515e8c8ad463ccd2fc81f5ba191c088d4e9b0320b30f4ee

SHA512
44bf6821895a4557b3822239062ff2aabda35e9bc7980da0bf35511bc47cc86df69bdc634d024daa8c8aa2efb4e1be6e5ec145c616998a21be3151f602270bb3

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
73a0dfc6e6f1ec036437ed18e4039cfd

SHA1
3eb609f8e4763d6a83426e2a1f278069546439eb

SHA256
b79bf9aba668c7457beacfdfd97fb7e83173b6ac54bb75e025d8971e99d1d8e6

SHA512
48421015eb80f889dc96c007e09b19527ee96c0ed36fb301b96bc6c122d3002e4c73c1631fd58b1227dd81be11c2d29b709d959917b2e0fb49b80410440ae0a3

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
342db876ca1f492a45914c9b699ac708

SHA1
7202d78e0ee4f0af3038f3a4728a095e4624b8b4

SHA256
e382316b755e6d9a121382109c0d27fdc4a9808f74697e786ef1f0e1ef1fa85e

SHA512
895f15085d7f37a6adfa7e7d0e547263e6e10ebdc4dc8c3082b70b4e563245b640f64953ba0277cc10a12c53db0c59e1eac7b67d9f46630966bc3404bf9a7ca5

Download Submit
/data/user/0/com.onij.dzuluth/shared_prefs/config.xml

MD5
ddbc8c4dfc224f4f8152bbf1a420c82c

SHA1
fb43878f5a2689ee696f6cd1e2c57aaba1f3a2b8

SHA256
5e630c2254f0944421570484375fa214b2deac30137aeb90a5d04fa0e906e48c

SHA512
66f1a6ae145e0d6fc759f4ced7f8b4a0c50a768ba294676d337fc9d7dae959b47920b32b14900280ba9dfe1c3f059eb1bb6fc3d3861462c38b8201449d9ee280

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit