teabot | 20c320a93226dc886b24f98d72950da646e63914308f701412ce1dc684559c56

Analysis

max time kernel
3457350s
max time network
157s
platform
android_x64
resource
android-x64
submitted
22-07-2021 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voicemail74.apk
Size

4.2MB
MD5

238ca22d5900a4d7493b38a509343e48
SHA1

ed3bb001acd0b05dc9ee63395ab9b6b384f555c4
SHA256

20c320a93226dc886b24f98d72950da646e63914308f701412ce1dc684559c56
SHA512

caeee8b2ada37a1994073e26ceab817b3d0e9b06959fb78df666e269205443d00b65da5aa1a3a8154d9dc114d06fdecb51eed30da961445fee5a31244bd61bce

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://178.32.130.175:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json	family_teabot
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

absurd.doctor.extra

ioc	pid	process
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json	3594	absurd.doctor.extra
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json	3594	absurd.doctor.extra
/product/app/webview/webview.apk	3594	absurd.doctor.extra
/product/app/webview/webview.apk	3594	absurd.doctor.extra

Requests enabling of the accessibility settings. 1 IoCs

Processes:

absurd.doctor.extra

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS absurd.doctor.extra

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	absurd.doctor.extra

Uses reflection 4 IoCs

obfuscation

Processes:

absurd.doctor.extra

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3594	absurd.doctor.extra
Invokes method android.content.Context.bindServiceAsUser	3594	absurd.doctor.extra
Invokes method android.content.Context.bindServiceAsUser	3594	absurd.doctor.extra
Invokes method android.os.SystemProperties.get	3594	absurd.doctor.extra

absurd.doctor.extra
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/absurd.doctor.extra/app_DynamicOptDex/oat/tSYXLxP.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json
MD5
c2bdd73a20c373e81a71c8c55764f0f9

SHA1
86195c4212f8e09e0157f32c9bdda969b7a7e7cf

SHA256
37793f55b01a061c03dc0274a43f89864feca8b50b9b1d659dc02ddbc0c8ea81

SHA512
24240f1013843af2776d8b468f3d6bdd5dccd859161de8ead33a28ff5063dc073726b54f9aac62f8fe91f3b85b1e18618e672ac73c31829e3694662c98570213

Download Submit
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json
MD5
c2bdd73a20c373e81a71c8c55764f0f9

SHA1
86195c4212f8e09e0157f32c9bdda969b7a7e7cf

SHA256
37793f55b01a061c03dc0274a43f89864feca8b50b9b1d659dc02ddbc0c8ea81

SHA512
24240f1013843af2776d8b468f3d6bdd5dccd859161de8ead33a28ff5063dc073726b54f9aac62f8fe91f3b85b1e18618e672ac73c31829e3694662c98570213

Download Submit
/data/user/0/absurd.doctor.extra/app_DynamicOptDex/tSYXLxP.json

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/.org.chromium.Chromium.tGs8qS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/GPUCache/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/GPUCache/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/Web Data
MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/Web Data-journal
MD5
33acc65a407aab41d8e512062ff7a31d

SHA1
d0f4d268f71dfb0ea5407fd68477746f89ef030f

SHA256
4a5efd394b5bb3a2356b7cb49aa782f58029b90997fb406a199035c31ae3ffda

SHA512
a44ff43a1d87979d9cc9359e26b37a4ca23f89550e325c2214a6174818eb70c1190598c8ba63207171a93153a2bd682b503d486b9f7e4462c1662e3bceb9c68c

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/metrics_guid
MD5
7c07bccb2cb47003c3560d1422a84dd0

SHA1
3ed8873d749623713b0fcd87e3c87d8377144d8a

SHA256
5d1831fd470f40fa78e55b42110db44bea6156605d82d18a6c49be667bd5de3d

SHA512
28a52f0a59341ad9bd5509760911971cae6efab6b28e05817c340d05913be38bf8d94313b865df0c099eb91fbe26c09d6d9b741ee72906332f35f46fc9679ddf

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/metrics_guid
MD5
7c07bccb2cb47003c3560d1422a84dd0

SHA1
3ed8873d749623713b0fcd87e3c87d8377144d8a

SHA256
5d1831fd470f40fa78e55b42110db44bea6156605d82d18a6c49be667bd5de3d

SHA512
28a52f0a59341ad9bd5509760911971cae6efab6b28e05817c340d05913be38bf8d94313b865df0c099eb91fbe26c09d6d9b741ee72906332f35f46fc9679ddf

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/absurd.doctor.extra/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/absurd.doctor.extra/cache/WebView/Crashpad/settings.dat
MD5
65583d838842de8683509c8dc54957af

SHA1
7962c9b92eaa2c2ed14497eb35c085f0389e6759

SHA256
75fc9808086a638bca31e93439710c1fb99c162d5c99fcea23e6a85b9210185d

SHA512
d7a3fe0cce3f512c9b1aff77bfa10adf554e032422fbd2850810e477445bbcb58cc2277aad70c7e6ccd17df2a43482cf1e9b0abf4708c5259cde0c8e728bf95d

Download Submit
/data/user/0/absurd.doctor.extra/cache/org.chromium.android_webview/Code Cache/js/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/absurd.doctor.extra/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
MD5
c886ad69305a46ccf9e8044664e9d375

SHA1
093d7410a41846009b114cad9ed9dec74a32215e

SHA256
84677fab8e9b008057f1bafbd6c4e080f9cffe400e9c0e429333bde024dbfe51

SHA512
812a54e27089883346f21bea047ce68739d38ad5ef5ce2651f8d0aff1812fd8aaa67ab526e1c5943c90480d1c4c6fe4f6f17d69bdb58bd2a60ee4925119d16d9

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/WebViewChromiumPrefs.xml
MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
cb167c7634ea576731dc8a900ac4366b

SHA1
2cfee42efb61d3efe1bef2b3ef4e580be0107de2

SHA256
5ec7faa3055c0ecd59bba4055cef75fc70e484523d97e225034eacba5608de43

SHA512
b58f022c0eab7fb596888fa35a07924d7220ec08f3df17c1e5f37c3fd4335bc12320837756f7cfcb89f066b5e091844b60d7a5f140a2cbbdca2eacc5ba7a1d32

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
481068f6869c0d0edea89a9dcfdf7a18

SHA1
b1757b9fc68d67b7e4a305e1ea82747e6397cfb2

SHA256
18b35581ddf1d1211b4f604eefba122392921d5a59416e8dbc8a1a76ca9f5680

SHA512
224eccfe149fbf7050409c1fa31b1103a0d2a91df97fa25dd308626deeba87e1ca991cc5647183c8d94b13696239c71ddadad9d37e2bed683ead704f9a9ae31d

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
fec4e37b52102349197cfb79b89d42c2

SHA1
dcb411227f2d88565e29846cb5b029570a0590d7

SHA256
4e0b5d115628f067008675f554d6a673cb6f27181028c4d2844528947d5e83e3

SHA512
1cd146a982fac167c845e3e08a14def3eb908e57de5e3419d0cba18e1a98af990bcf56412e9b603040d2338aa2700ea82478c9715a24704cf215b3fc2f7996d2

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
66fff622f0e68eff0b458e089d674fba

SHA1
d158da0a6022e1bb0f96af02f1d4137a670301b4

SHA256
26a00a538bdbe8e73a2327b4f8d8b33cec2f5c4565ba4d0c95295f434312acc3

SHA512
1d26a31bf720e58a852d7bfc5e118bc6a64fe02d8d64d9c783c66a80759387b8df55f9d8bc2d4fa8f8df3c580326bcc3dc1c781b57b6bed19f16401b39f8ef54

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
f5c8f199eed255bed92fb12d253b1585

SHA1
b64e1dd92800af0c4684b02f85b2b2730bd1b61b

SHA256
8946b13ce4f595ea6f7c6c002cc27af90822433f2fcbfed0026925a33d39480b

SHA512
46a850318b6850b8503599696b01efbd6c3e3a8739a1ed680efe6d2a85ba0eeaaef9aae76ddfa496e893852f6a57e9acf32c2e196c4804f05e6f10c42eed71c1

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
e444ed148c3a16f72ac330a575d92d88

SHA1
72994e41c3b1935ead791a995e84101df3d1837c

SHA256
0582dc798b2b4359f9ee0891b550d9c4bb4ea1e4c9d095ff36cf6a8cc39cf499

SHA512
c6af770e944257b105caec4dc7729e3ad7c608721e5f8fb5c45fa010f8689fb0999155a216ffe8e1174010f098e254bcc343eec651447366e0dbc704be66c0d3

Download Submit
/data/user/0/absurd.doctor.extra/shared_prefs/config.xml
MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk
MD5
562c6cd4491771f76c3e860af7ad2a6e

SHA1
1d53506240fb5e07e6aac15ae6d28d198e572467

SHA256
b729a95cc541d18e649bf5c4510d074f0ed7ae9af5bdf15c170768de7de12c1b

SHA512
c12b81340975cff537b69237a6664d21ea8a0645759c38b1391109cfd673b6841a839aa0d455d6d8418389e9c68c51c9eb489c0e2a468c8640b5c646b1f02edf

Download Submit