teabot | e8dc3622a9cc73faac2fb2837f197a4e25504f09fe399be7ef3cb9c51ed4b64f

Analysis

max time kernel
3462379s
max time network
155s
platform
android_x64
resource
android-x64
submitted
22-07-2021 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voicemail30.apk
Size

4.4MB
MD5

fc3000b5ab71b6e4ba11008952f50c89
SHA1

475494b15530e53e09dafc548a2de1009aec8358
SHA256

e8dc3622a9cc73faac2fb2837f197a4e25504f09fe399be7ef3cb9c51ed4b64f
SHA512

79ef9967a8a38d0635dd9b2f663a35d012a1611eba0d02b4df0623225bd475427a95dd87f5d8bab33b8fb7d27717df8585a406e4d24de7165d3d3f5d4c0383cd

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://178.32.130.175:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

cat.wide.dwarf

ioc	pid	process
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	3593	cat.wide.dwarf
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	3593	cat.wide.dwarf
/product/app/webview/webview.apk	3593	cat.wide.dwarf
/product/app/webview/webview.apk	3593	cat.wide.dwarf

Requests enabling of the accessibility settings. 1 IoCs

Processes:

cat.wide.dwarf

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS cat.wide.dwarf

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cat.wide.dwarf

Uses reflection 4 IoCs

obfuscation

Processes:

cat.wide.dwarf

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3593	cat.wide.dwarf
Invokes method android.content.Context.bindServiceAsUser	3593	cat.wide.dwarf
Invokes method android.content.Context.bindServiceAsUser	3593	cat.wide.dwarf
Invokes method android.os.SystemProperties.get	3593	cat.wide.dwarf

cat.wide.dwarf
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3593

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json
MD5
e39adc76a72a94623a0ec6f8bce92a61

SHA1
33fc196bf42f7ce7dbd5edebbb18b46af27927c2

SHA256
11ed90e17dc55d11b6bba586596d1caab769735508e75b23034b447760adb99b

SHA512
bb3628064bd87841cc0094830d326a5804b072215aa018922d8854bdbba8fe0aede3fa357d2fab8c2ef8a8bf5b7cb3bd1bff23cd94caacc475fb85cbe55bce92

Download Submit
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/oat/CpN.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/.org.chromium.Chromium.YFMyc3
MD5
d510e5cb52d560bb422fc976496f5493

SHA1
6bd6e64dff5a9505dd51d4d12846f17a6edd99c6

SHA256
78e9782b5681b4c69a39c3c5fcdb809b4de74496c5262d1853cac18764ae05be

SHA512
09f5aa9302b4bbf5f387e137717b3f68fbd7159bb1b273825ea878b66861a5282d67a0945d09ad980b7169dba6619b7e43986da5f0791838aa94db2b71438559

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/GPUCache/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/GPUCache/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/Web Data
MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/Web Data-journal
MD5
cf73aa867f1a844a21504184141d4bdc

SHA1
4d191151fef579b78b9d8eeb45704d7c6c60d04d

SHA256
7e99e08d89e58461fd5aaf74f981514535005608ea6d603d8fe1bef94f4f320c

SHA512
35da78c9c17667bd562688f61a7ebf1a8a2edc3dffffb868f3f4351125c071b6e7e9a3f52ce207c66cab78857b5af2f12545b072d0c60e07be1a4f7e1306eec1

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/metrics_guid
MD5
a50dbb489cf6981446246dcc06d6fe4d

SHA1
a3e5c3f672e5bab551b50e741cd6c25d808bb23c

SHA256
f68f8319db9516987ea262768db60da322ec03bcfd4fd7f26b421eb133505b9a

SHA512
c965bfbc010bbc19dc30b41f39f8c2cb1ac7ab7e948d7f02b8dcfb133d1686f56b6c9430163f1338801ad32952a85cd9cc9287684c697f5174b710f5ac97b8b4

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/metrics_guid
MD5
a50dbb489cf6981446246dcc06d6fe4d

SHA1
a3e5c3f672e5bab551b50e741cd6c25d808bb23c

SHA256
f68f8319db9516987ea262768db60da322ec03bcfd4fd7f26b421eb133505b9a

SHA512
c965bfbc010bbc19dc30b41f39f8c2cb1ac7ab7e948d7f02b8dcfb133d1686f56b6c9430163f1338801ad32952a85cd9cc9287684c697f5174b710f5ac97b8b4

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/cache/WebView/Crashpad/settings.dat
MD5
66b7a96e9bca8d32546d2b96f55360cd

SHA1
8a2d76db205c26115977d80cb03a35a14ae4e300

SHA256
8ec865aa209b7bea9aa722d6ca5c2081824a532cf8aa8a8b24a091b33999fb3a

SHA512
9e42c9af75ef6607cf70ba4139edd234963d9a82049d4686c7787d474c7a179551f4bf3eb82b06e6ebc53d1d9d427b6a966759e42e694787e4eabee300cc2f8c

Download Submit
/data/user/0/cat.wide.dwarf/cache/org.chromium.android_webview/Code Cache/js/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/cat.wide.dwarf/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/WebViewChromiumPrefs.xml
MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
cb167c7634ea576731dc8a900ac4366b

SHA1
2cfee42efb61d3efe1bef2b3ef4e580be0107de2

SHA256
5ec7faa3055c0ecd59bba4055cef75fc70e484523d97e225034eacba5608de43

SHA512
b58f022c0eab7fb596888fa35a07924d7220ec08f3df17c1e5f37c3fd4335bc12320837756f7cfcb89f066b5e091844b60d7a5f140a2cbbdca2eacc5ba7a1d32

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
f5c8f199eed255bed92fb12d253b1585

SHA1
b64e1dd92800af0c4684b02f85b2b2730bd1b61b

SHA256
8946b13ce4f595ea6f7c6c002cc27af90822433f2fcbfed0026925a33d39480b

SHA512
46a850318b6850b8503599696b01efbd6c3e3a8739a1ed680efe6d2a85ba0eeaaef9aae76ddfa496e893852f6a57e9acf32c2e196c4804f05e6f10c42eed71c1

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
e444ed148c3a16f72ac330a575d92d88

SHA1
72994e41c3b1935ead791a995e84101df3d1837c

SHA256
0582dc798b2b4359f9ee0891b550d9c4bb4ea1e4c9d095ff36cf6a8cc39cf499

SHA512
c6af770e944257b105caec4dc7729e3ad7c608721e5f8fb5c45fa010f8689fb0999155a216ffe8e1174010f098e254bcc343eec651447366e0dbc704be66c0d3

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit