teabot | b3f5b11fef9cffe0a3f77b739c14d726087f23fa139167ec14b7cb84959d2989

Analysis

max time kernel
2851188s
max time network
117s
platform
android_x64
resource
android-x64-arm64
submitted
15-07-2021 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3f5b11fef9cffe0a3f77b739c14d726087f23fa139167ec14b7cb84959d2989.apk
Size

4.3MB
MD5

71c9e6e982b4eebb9e0ab2c324903e71
SHA1

d7cd5c313b25f4824f73e147baae0eea098c7f37
SHA256

b3f5b11fef9cffe0a3f77b739c14d726087f23fa139167ec14b7cb84959d2989
SHA512

e2170c9d7bbbbcd09bf192bffaf9d990f1b00fed435a61866f7c20b0571d3cc7b2e2f4ab808b044989616ab850df386e0cbf0b08d56b612ceb4349976ec9b295

Score

10^/10

teabot banker infostealer trojan

Malware Config

Extracted

Family

teabot

http://178.32.130.175:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/craft.mad.forward/app_DynamicOptDex/Zcnkx.json	family_teabot

Checks Android system properties for emulator presence. 1 IoCs

Processes:

craft.mad.forward

description ioc process

Accessed system property key: ro.product.model craft.mad.forward

description	ioc	process
Accessed system property	key: ro.product.model	craft.mad.forward

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

craft.mad.forward

ioc	pid	process
/data/user/0/craft.mad.forward/app_DynamicOptDex/Zcnkx.json	4539	craft.mad.forward
/data/user/0/craft.mad.forward/app_DynamicOptDex/Zcnkx.json	4539	craft.mad.forward
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4539	craft.mad.forward
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4539	craft.mad.forward

craft.mad.forward
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:4539

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/craft.mad.forward/app_DynamicOptDex/Zcnkx.json

MD5
90d04bd8565e11f99a0557d33e9c1dec

SHA1
1ba9d40bc024954052a20f852a4e159e7278affc

SHA256
a34d194dcd67b063e5f24c9cc91199a461c2675b85ee0b44205055fa84fdac0e

SHA512
b459d0be6b8ca41fcf6e42b259ece8ac4c2204aef60ebf457f1507a086870aacfeb6f09ba1a39c1aff6756032a8f984e563b2b9dd2d4d1f1ed031cf933b59a41

Download Submit
/data/user/0/craft.mad.forward/app_DynamicOptDex/Zcnkx.json

MD5
48bb15a0e77e22d9e77e1cbbd7b4c18e

SHA1
5039d88ef7076cd78b81ab630400389721d3778d

SHA256
e159abbf481143642d2ca4cc7ea724da8907fe552ceed3d74811e05c92a3f442

SHA512
2794d125e505eccf9cb30f4094a76ceca4ec8e3a7147c9100428d73c9f0c027b6e4400fc55c0c1b6ca244b481c936c1fca3357030b1e14d0eed197c34dea83f2

Download Submit
/data/user/0/craft.mad.forward/app_DynamicOptDex/Zcnkx.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/craft.mad.forward/app_DynamicOptDex/oat/Zcnkx.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/craft.mad.forward/app_webview/Default/GPUCache/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/craft.mad.forward/app_webview/Default/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/craft.mad.forward/app_webview/Default/Web Data

MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/user/0/craft.mad.forward/app_webview/Default/Web Data-journal

MD5
5a008c5bdcd99000a493efb738c91352

SHA1
87aa82d3f6afc1bed74168a365984cac3282df4e

SHA256
2fb4bcf4a361435caca3b1a9cd8ff96364bf1b52bd36240bd8402edb7159ca7b

SHA512
cfc2586bd85a846f4f44167e4e3c37d552e7979c56697ebdb07235feb35e9ce13d24083c2f07b06e9da87c558cf8f4ee9c3e1c4781819a81ca7aa8de9e4c50b0

Download Submit
/data/user/0/craft.mad.forward/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/craft.mad.forward/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/craft.mad.forward/app_webview/webview_data.lock

MD5
73ae4a48d4e338f5b8985d2046b88033

SHA1
b30254a53b230947194d406411f7cbd9d373b993

SHA256
68df14eeaaba2128f27836af73b0edc7c032487f91ba54950d8e5e578a290209

SHA512
fb66358f9dd6105e8243a71c6c130211ccc11a1e3542ff437418728a0704f071aa1ab789a676b1cf54971505961bb1bde10e3471deec30cad8c8c8bcb5e35ecc

Download Submit
/data/user/0/craft.mad.forward/cache/WebView/Crashpad/settings.dat

MD5
7f9d499cab331afb88de1512704d9352

SHA1
095075c969309fe924638a3605056e1a43573bf8

SHA256
f2e62eb8aca211518c68d6f4d4fc07b3f9ee5826f42f541557f3f29074100972

SHA512
c5f821c9910b5a7dc5a57a1796e8c48f8a09d6057f0fefac9a5dc5fe7a9111c390d11adb587c647d7e93ebfbf0dd601c0df1b18e221de39980a7ab050a5f6abc

Download Submit
/data/user/0/craft.mad.forward/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/craft.mad.forward/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5
ab2fd4147e5ad49b56cb223b99f9e8b7

SHA1
f4a40a7991fdcea52a1080207922b366def6bf56

SHA256
74903617434e3c4a19e73854ce900b20f057936316c09e2c41852b06f28b3d83

SHA512
d390c653742930de1502e23afa4026bde7dee6e1adea9bd5af27cda37d92cc07990a9fe1e09820316dd491b99c47e8850419aaa5be92780eb6a0ae9676b9c2cc

Download Submit
/data/user/0/craft.mad.forward/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/craft.mad.forward/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5
879ed8d268b88222b23d6e1d7567ad9c

SHA1
f6fe278051e0103b0b1e52b8cc3b5e8f05761091

SHA256
cdf4d362ee8118d325ae9b9b3819cd1e2258cbe7275024922501e465d8720351

SHA512
3e0dad025ff3c0216c9112e039840f74c44339a62e54403e3d0da145baf6b26e48a73b3172ec4b023ed2f6bf555ce82e35c4ba7fcc6636b8c883de33878236e9

Download Submit
/data/user/0/craft.mad.forward/cache/WebView/font_unique_name_table.pb

MD5
b18833d483828180924a6d4048fca1a0

SHA1
d7edde78cc26221c9455a87ca3eca8960b6673a8

SHA256
d9c4ea0a7c399884f8a908a33a4d675a64b557b50916e62ab96fa2213e6d4801

SHA512
11e6bf7e067884138dcd6908e311321a9eca1e4926323f49736f9dfdebd4b548064beacc356f78e3f32a99769109b154e145ef1162e6a9547aca878f0dd4ee7c

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/WebViewChromiumPrefs.xml

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
738d40d577610bd6bcb564a610b613d0

SHA1
71ced2c5085c7f851c190ae7d0349ca05fc339d9

SHA256
759da74f0dca221b940f6e66d32513547cafa17caa82737a652b7727b01f6008

SHA512
76d2ceff00a05a2863431922f678aced4e8ead3bfebd6e154fc746d14b4fdb55059ced0a69a76be845c58b8cd41cd42796d1ffaf52e007a4f840d4520b4c1485

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
118025c7bd1a4b4e2b27169885cdd620

SHA1
e93414cb558b56b4d2c73db931a302a50d5a8967

SHA256
a274dd2cd23af7953adc891280595f8861fc3dfc3142bdca1618be8114dfd64e

SHA512
26b88f3dd2925bce8da16b52ae17b90994d1b1916c996a55461d4b4db3fc8529b7716a9a87021ebfed020c7a16f4671dd45391ab0b92fcbf4448b996fa0a520a

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
7f10d75409d7bb5dbaddbe32f9d3fcba

SHA1
1e09fb2ddfc6dc800edcea56a3dcb07442570743

SHA256
406d701c1d06cc3c389bd3e8110721db0c17fed7586338faaca151314616d60e

SHA512
04688ae72b57b799b496abce2b0c3b73f24192b2ac83636c702e6f8e144cb53e94b49abe0a38c74b3b1de93043806bb8b8190d90628fda66311f19a229cf53c3

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
ca550092d1e88f122e407f84c2346734

SHA1
37e43cd1ab2976c3fe8e7dc39d446954def59e88

SHA256
4477e151ddb4d3ddba6352b06d0a3efa5c2a75c02bfcc6addc00521154a3c1b9

SHA512
3932effa7ca56a68b0fd3ea7169f7758ed166dcd98893d940965aad27494c03f17b2b942165a98fbc17c58aebb5e9adcc08f367ece77e37a65ac0dfd55e3068b

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
d4f5dfd3cc4d5e57381a8fe0176609af

SHA1
8784db0b5c72bc92727d327f4a5ca70fb2ef3366

SHA256
9e14f7a3a240c977fe60a54e14fb330b9412f58169dae694cc43d8b0ba6fb799

SHA512
f0803321ac1a09cab8e1082931ecb92d48a98411dc84fe53e181dd76ea820cc61c37935c7e163a9f5bfb23c9f217a5a7b431c8f53a0a80c825adffbf3d73ce61

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
d611d933b67689b1fa0ebcdc5cb5ddb2

SHA1
1072aee2113027413efde9c3d16a6041bcce845e

SHA256
74dc42cd95a0f55055735780d705230b447cd73d64224f1adfa4e1ddbb99748d

SHA512
f3678522be13c45f4361e0b31667d73bd27dce5e10fb2cec496329c7ae0b24ee97f3d41b63b4f13c63dc80f1bb509c3041ccc427d3ffce721eba5fb1132713f2

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
43f42b583d71f32e2f5306f23c306b3d

SHA1
70c9bb79a539bc1b3f2ca7977c2920632517ca12

SHA256
447f40ebc9330de8aeb574ada86ad9b4e8857027df7024817eb7686b1085eeea

SHA512
1553203590445f7ea0b14c8f87e99fbbda6443c6d36e5be162d6a5fc0d8d0ead753de9281cb6b368b1b77d908cea572b07e7d01ca390dfe7def388a7ccfd40c9

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
29e6f239bc8ffd2a42eb53ef6264627b

SHA1
28b12a85ce04a47fa2c78f4702b0771cdb22e462

SHA256
8c53862fdd5e0047f4ae0b3feac2cdbc3062cd7676fc2e2f1dd8f18ef7b7b73a

SHA512
87321cecaa8d071763a4c831c09e728d72e79f4b496c90c9419296936835be870f988d709899a613b3904bb390343357156a1c4374ac39f6556e2ed15836c662

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
7b373acc53bed222840aec5a716562f2

SHA1
3be6a1c0bea034e3dd46427867cde574642235c2

SHA256
7c10737e086885a7c445cea2268f260de71f16f6a53b570db029c1654d061244

SHA512
24d9eb653a1d62fd6a1ab0cb6ba81b6117fab98357239c929403221466ca9f4f4bf83671023ff230666e6d88b2f2fa470d9dbecc421fc5a8e8d43a861618aef0

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
a419b225e3618c9bf10e382d9829d36f

SHA1
06f6521ea11bb4d1fe30cc51a5f76bb9aaba6969

SHA256
2c2a30ed4a32e4d88d22cdab5eecab09d11715b58cac2806e6c1be284bdc894d

SHA512
f117ab40202063c5e187f3ecc772931a09cb5bfa6384d75b6bd5e26429f350560bf7f1e0b282567198f438c736806905b1ea92b40567ee3fcfcb084d84a804e6

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
36f3ce8437c190e9d9b64279dde5c14f

SHA1
7a9ff7e6b6279dc93cc0d4dc2a89eb5835e26eb4

SHA256
9af5c4095fc7d419b2d4e0c8954f7023b240ba2385e065be191e86fbdf759f6f

SHA512
773a688b7815a4b8a0e4045e852a35968282e22875500382f16939b897dd3c62192e51749a7cef32e2b2eaa63ea946bbfe60bc8c5eada2c159dc6ee7ae6d2d14

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
5679d5de180da52418a79e231bdcb3be

SHA1
ee62d06e5dc162cd42491f7038fc187c573a1c44

SHA256
52e60bc2dd19498574c3bcd0eafc800663d83205e436d86fd8cad1251486ad49

SHA512
5e26e7f37f2fa8ecb7e7ef1ea90786f806952ac7b2e646beec0fba6f3daf462fc71ed67aabfac2c00d72a603f5a8fc1b6282773ebf05064362683bdb6c950e62

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
a37cdbccc1e9f31ab8304d66ec769b5c

SHA1
0048eb73675353af7b7bee323649ad5131ff83b8

SHA256
212b7e1738f5af93cbc265336b1653e82a370d9bc18299f18f4cec526d93196f

SHA512
8ed7d3bfec1d030cd9a0de7530e94dc097a64fbd38df444f0dd354794efddeb558b33114d046a5a9c9ff9e61cdfbdcae9c1fe8c745c3b5e1d6320e73f6b9b458

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
2c65d3104448e97087389997d5930a1b

SHA1
cdd0e38cc8863bb906b010bec54d28a55a102673

SHA256
6949a3b694d5fe8e8aba0b4e8a7962036ee08799b7038a4c28609bf891f67fe7

SHA512
2d099ca9b8e2e914436b67068f9792209b68c449d5862fd45e84be998f73d22d3eafa2cadc7d041227ab345aab7b1bc1a9fdb2b2382e6e15f7d3147131258301

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
1fa9c908297bcbdc8572a436de30874f

SHA1
d8c48d36efe3137803dadb7c3b70014a2a551475

SHA256
9d07f9d3dc731cc3646986d47f7d2241dfe3cc66ba610391912849b64416164b

SHA512
47da0f03901a12a6a86bc7fd999d796edba7a4ec6c4bf0ccc5c94816d44190c6c9d286b0933d8d775b8506be7ca36945105cd3477de2c30998e6ab3c2c63b270

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
25dfe7315f741b148d714a489e269e73

SHA1
8bdd2ce64ea4ac3c304fe7664a024f9c945315b7

SHA256
85639a240cf3f1d5b50af3cbcbc7337c94f090292ed5d089501e286e02fa6609

SHA512
9ddbe267e3aeb5aee8bdae844940c3ca6efb78e14c6bbce6b6c03b27524dd55c5ec05a5b358f1d871274d336d52189c55bf439d9668db187088bff84f132646d

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
c14850f3fec4504a2247dbe6a146f190

SHA1
5cc2387ecd38dfcad860a30f92a4c528649b5d87

SHA256
cafe718577650f586a56f89a47a88ac7b0bd984d8f084de83b6d4cfc504845d5

SHA512
43e97621d48b0e00d47ec12ae501983557dc0a900258a55054526855075bb48aabc8ea92e001c985b6421fe183fdcb0c856d88617480dad327af907b47a91755

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
6c8bc7d671623f4e9b158b85064861d9

SHA1
b4ad68825d51bc9b19e2efb372f4c823577bc264

SHA256
8175335080e5091ab752d59846111668b274816a6033554828c9fc5ee0020a36

SHA512
59e147ad9a8ae8d2645dac90806cba7b351dd37a782d974d297129751b96b0b84ffc269bbe622fe962ad8d348a1546aff6ae36c31ef39e011665b4dc16ff6756

Download Submit
/data/user/0/craft.mad.forward/shared_prefs/config.xml

MD5
e9a98dc768fcb0945fe446ace35cbbfc

SHA1
b962a0c7e026f033414f0fd718016ea00bd0d559

SHA256
3adc2a5965fc773a585f06ee1251d7b9655ee377f58fa798d4db362825d35e27

SHA512
8788c77ba55eb1516f88a0b9c614cad12dfb1b091735521f211f8908ba899e1810cc36655724b821b7af9c26ea56a944af5c58e6a3db7e954352763d2300a3c1

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit