teabot | bf7f7fcf2a4582ebf6a3e2f91543b8b8077ca05e836827f8dc7a875e630235ff

Analysis

max time kernel
3367516s
max time network
158s
platform
android_x64
resource
android-x64
submitted
21-07-2021 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf7f7fcf2a4582ebf6a3e2f91543b8b8077ca05e836827f8dc7a875e630235ff.apk
Size

3.1MB
MD5

cafe8169b0ce51557f146d413d1c6c60
SHA1

641ea54258fe1e8f6c0a68009cde9ba05a796ef0
SHA256

bf7f7fcf2a4582ebf6a3e2f91543b8b8077ca05e836827f8dc7a875e630235ff
SHA512

8e90ed005e9065fe6ea5f86b0564c5c9a198c28eacdf05cabf82271d5671e507059dee853f5c28a6472f1332ab1ed7e3b07e465a065042bae9622b56c4393da2

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 3 IoCs

Processes:

resource	yara_rule
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json	family_teabot
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json	family_teabot
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

detect.insect.meadow

ioc	pid	process
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json	3593	detect.insect.meadow
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json	3593	detect.insect.meadow
/product/app/webview/webview.apk	3593	detect.insect.meadow
/product/app/webview/webview.apk	3593	detect.insect.meadow

Requests enabling of the accessibility settings. 1 IoCs

Processes:

detect.insect.meadow

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS detect.insect.meadow

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	detect.insect.meadow

Uses reflection 4 IoCs

obfuscation

Processes:

detect.insect.meadow

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3593	detect.insect.meadow
Invokes method android.content.Context.bindServiceAsUser	3593	detect.insect.meadow
Invokes method android.content.Context.bindServiceAsUser	3593	detect.insect.meadow
Invokes method android.os.SystemProperties.get	3593	detect.insect.meadow

detect.insect.meadow
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3593

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json
MD5
d2b324eb972b72c13f372db28308d2da

SHA1
8cfc4295e424b723c4ea56445da76f3c17c0c04d

SHA256
c3d25639bdaed9687bde0a8cfe90020538cceff7ce204d282c87586fc55b1ce2

SHA512
68a6db462a95049ae5660acd43796a0f94b7d2a68c92fb55c42925a5fdc45ece3703639e43f188dea970110e62d89366432633dbc0623ea513370cd421bb7a74

Download Submit
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json
MD5
d2b324eb972b72c13f372db28308d2da

SHA1
8cfc4295e424b723c4ea56445da76f3c17c0c04d

SHA256
c3d25639bdaed9687bde0a8cfe90020538cceff7ce204d282c87586fc55b1ce2

SHA512
68a6db462a95049ae5660acd43796a0f94b7d2a68c92fb55c42925a5fdc45ece3703639e43f188dea970110e62d89366432633dbc0623ea513370cd421bb7a74

Download Submit
/data/user/0/detect.insect.meadow/app_DynamicOptDex/Zcml.json
MD5
d2b324eb972b72c13f372db28308d2da

SHA1
8cfc4295e424b723c4ea56445da76f3c17c0c04d

SHA256
c3d25639bdaed9687bde0a8cfe90020538cceff7ce204d282c87586fc55b1ce2

SHA512
68a6db462a95049ae5660acd43796a0f94b7d2a68c92fb55c42925a5fdc45ece3703639e43f188dea970110e62d89366432633dbc0623ea513370cd421bb7a74

Download Submit
/data/user/0/detect.insect.meadow/app_DynamicOptDex/oat/Zcml.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/detect.insect.meadow/app_webview/.org.chromium.Chromium.G1MfqW
MD5
c17d099fa8c0664be5f17a6300a6e805

SHA1
efb9975e9b43d6a997aaa491655f89b9328a5a11

SHA256
968e5e171ca0be03ba13261f254866dd37931c0fcf1604921567324a03151215

SHA512
680300ae17de1d23f0ae70c5d30c7fd7489dcc799f76d05ec26b254fdce1a30084ca3864a2c1637c8926b5c50db6326c3c64cf2d6de7b6f2994deb67e9bcd875

Download Submit
/data/user/0/detect.insect.meadow/app_webview/GPUCache/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/detect.insect.meadow/app_webview/GPUCache/index-dir/temp-index
MD5
2d7ff7f3eab32737142015b7b6c22cb7

SHA1
1cba186becf0ee7c4c28d3baa2196825accf6122

SHA256
2aa4043d98b49fcf8cb70a8dead5adc3cd2fa37d30ca044d8b0083f12e14f4fa

SHA512
6b33d06273e73c82ecc519fd1759a3ee5db4370d73aa77703fcbcc96488e036936f3ac9ce4565c111118a9164fd3626f41af4fe76ccf6be06174fa1bd5b5e34d

Download Submit
/data/user/0/detect.insect.meadow/app_webview/Web Data
MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/detect.insect.meadow/app_webview/Web Data-journal
MD5
9f3764f6ddf52e8dcafad7aacc2342e1

SHA1
3366eeb10e77394cee4b2108fd789e99e889022f

SHA256
52870e481f6a644f7f32c8729505f456320233753ccc47bbbf4ab619903243f9

SHA512
f24f489f8b7478a91c8182f5296af3039f4f1438324c6ef4d11bb1224df58e742301bc80590325fefb2032450f7a63236a3cb0972b7e3c61427b25a9a4a04f69

Download Submit
/data/user/0/detect.insect.meadow/app_webview/metrics_guid
MD5
c1c680bf6dfc3e54e07d6c1c4886d481

SHA1
ca1d67b41914aa150ea739e19e2e90edf622b4b5

SHA256
5e716f56618e607e66d1ba23394ef537cfe7a6bb38ef394593fd6713f55ea108

SHA512
0355e19105d72325989da82e2943c1d87e1cb9b136f82dbde18aaf209f74794c9e4def00e573ffa2148a087b377761dc94f1f1140ebee7f7199f0c35ed31a23c

Download Submit
/data/user/0/detect.insect.meadow/app_webview/metrics_guid
MD5
c1c680bf6dfc3e54e07d6c1c4886d481

SHA1
ca1d67b41914aa150ea739e19e2e90edf622b4b5

SHA256
5e716f56618e607e66d1ba23394ef537cfe7a6bb38ef394593fd6713f55ea108

SHA512
0355e19105d72325989da82e2943c1d87e1cb9b136f82dbde18aaf209f74794c9e4def00e573ffa2148a087b377761dc94f1f1140ebee7f7199f0c35ed31a23c

Download Submit
/data/user/0/detect.insect.meadow/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/detect.insect.meadow/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/detect.insect.meadow/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/detect.insect.meadow/cache/WebView/Crashpad/settings.dat
MD5
6c2182e7df1ce5e89c2a94bdd3d000c5

SHA1
45a3b2140756f9c640800fa8d47c2b5cb3c26f68

SHA256
aa0703a6fdf257888109bd03611ec345a0551dfc576e7d35b4620192b6ca654d

SHA512
d94cee66b384b1b66525aa85ca931a31bddbb3753d1126aab923eac7c14bdb392b6f4b6435448bb69bd571ed20d1894e341bf339092a01e3a7b01daf943271a8

Download Submit
/data/user/0/detect.insect.meadow/cache/org.chromium.android_webview/Code Cache/js/index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/detect.insect.meadow/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
MD5
d196d9f5c01679b250842346fe0ad4af

SHA1
25b25271c6b3166cf0ddbb8aa396c70aeb9dcf55

SHA256
12eed4a9d9d92b9cefd5ce8e418d628e890e2bc418ea7ac4b81f72b8c50b9244

SHA512
7be26e9d9f3702d1d4424ef727b6000236ca9ded2075fec60a264bddee9006e297422adc14a311b1e54b9175f683054e2c4ed425afec4126d571937a584eddda

Download Submit
/data/user/0/detect.insect.meadow/shared_prefs/WebViewChromiumPrefs.xml
MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/detect.insect.meadow/shared_prefs/config.xml
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/detect.insect.meadow/shared_prefs/config.xml
MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/detect.insect.meadow/shared_prefs/config.xml
MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit