teabot | 89e5746d0903777ef68582733c777b9ee53c42dc4d64187398e1131cccfc0599

Analysis

max time kernel
2699304s
max time network
1805s
platform
android_x64
resource
android-x64
submitted
13-07-2021 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89e5746d0903777ef68582733c777b9ee53c42dc4d64187398e1131cccfc0599.bin.apk
Size

3.6MB
MD5

b694ba8bf9c8d2b9cfde8c20c76c4716
SHA1

1efda35ec2906e532c11f1be0bb55b88ea787b2d
SHA256

89e5746d0903777ef68582733c777b9ee53c42dc4d64187398e1131cccfc0599
SHA512

24c9c11923649be6b818c24523095710d366bb55c2d12ae75579d8dbc54ee12e2cd7ebf87ba89632c3ba9f86ba85fc1ea8db7da20e920ceb19d589c42e582ffa

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

trouble.canyon.van

ioc	pid	process
/data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.json	3590	trouble.canyon.van
/data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.json	3590	trouble.canyon.van
/product/app/webview/webview.apk	3590	trouble.canyon.van
/product/app/webview/webview.apk	3590	trouble.canyon.van

Requests enabling of the accessibility settings. 1 IoCs

Processes:

trouble.canyon.van

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS trouble.canyon.van

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	trouble.canyon.van

Uses reflection 3 IoCs

obfuscation

Processes:

trouble.canyon.van

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3590	trouble.canyon.van
Invokes method android.content.Context.bindServiceAsUser	3590	trouble.canyon.van
Invokes method android.content.Context.bindServiceAsUser	3590	trouble.canyon.van

trouble.canyon.van
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3590

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/trouble.canyon.van/app_DynamicOptDex/oat/rA.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.json
MD5
5b158f025403298e9325e0203c9d66fb

SHA1
a178f35c4035d047ba40fbefdbea119f36ebfe1b

SHA256
ae7fec1ebe2edafd3e8a80c96b55c8bea9c27938897f7f74c29726bf019fe5d1

SHA512
9320d937fb71b132b60202ce12ea3f11139eda25b02e01664a57880853cfc0938800f00a01288ad926eba868eb429116c8af67cef74f4acc58a132e7c19ee93a

Download Submit
/data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/app_DynamicOptDex/rA.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/app_webview/.org.chromium.Chromium.vhm4eC
MD5
23af5d7771663aef1075f09bd4dc371d

SHA1
b703865352177401a5e07d9033463d0baf34b811

SHA256
8c0526c513f4599387fde8ec275d459ba20419a7685636aa119327fde21ffc28

SHA512
8247b1dda961bd843df5b5b8e5d299e1a047a81795016a4219e5b009ae4bc7810697e57d42b4bb5bebf8cbe5b58c49bf613f84c64d49c639ff45c9c0627413e6

Download Submit
/data/user/0/trouble.canyon.van/app_webview/GPUCache/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/trouble.canyon.van/app_webview/GPUCache/index-dir/temp-index
MD5
a345547cb5b213337fd7405bdb8614b1

SHA1
b34a87ec53c82ea536bf4cd5e675359c53720123

SHA256
83142a63e0c22c1eff22619ca2f152948b0c3d82cde12de1a302264b50117f8f

SHA512
b3602a09d021ef3a593b176a656e7c6fb6a071d4819e069f87a38a0c5be84de4a18e69d3c15ffd16a1e22148d822bc80e0c328567d93f82ad63a31c943b9acc9

Download Submit
/data/user/0/trouble.canyon.van/app_webview/Web Data
MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/trouble.canyon.van/app_webview/Web Data-journal
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/app_webview/metrics_guid
MD5
0117f2c90a9deb4fa57f34321b4ea2ef

SHA1
bf90d8c901ce3b59b1da76be50a1bfc6cdf07638

SHA256
bf3a1df25eb3887a36be5a388bb18f2088590ee04dbfc7116ada33ce5874d5f2

SHA512
5fee432e2a7c9ff232ef8aaeeea1d6faf93e9125ab93407bca2b1d9fec78fd33fdf39dd42c7aaffed36272b059719c0705154031692167a1b0b3e29617ac3cbc

Download Submit
/data/user/0/trouble.canyon.van/app_webview/metrics_guid
MD5
0117f2c90a9deb4fa57f34321b4ea2ef

SHA1
bf90d8c901ce3b59b1da76be50a1bfc6cdf07638

SHA256
bf3a1df25eb3887a36be5a388bb18f2088590ee04dbfc7116ada33ce5874d5f2

SHA512
5fee432e2a7c9ff232ef8aaeeea1d6faf93e9125ab93407bca2b1d9fec78fd33fdf39dd42c7aaffed36272b059719c0705154031692167a1b0b3e29617ac3cbc

Download Submit
/data/user/0/trouble.canyon.van/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/cache/WebView/Crashpad/settings.dat
MD5
b6932e63d4c152056ed05ff220216969

SHA1
ccc02ddede0cd1051b3f2fa6b182b456be2c8561

SHA256
22375abf3934eff6289641ac74b28a8a9237889b8a98162959a58ccbbacc8e37

SHA512
394e2ca2ffe8a583e5df12d17c31cda7b537025616af86e86b86ed5dee1caf37d8514c9ec013753c6e0a6d79b88a805aa82afed0af37eb13d4872fd93b3bb3fb

Download Submit
/data/user/0/trouble.canyon.van/cache/org.chromium.android_webview/Code Cache/js/index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/trouble.canyon.van/shared_prefs/WebViewChromiumPrefs.xml
MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/trouble.canyon.van/shared_prefs/config.xml
MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/trouble.canyon.van/shared_prefs/config.xml
MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit