teabot | e8dc3622a9cc73faac2fb2837f197a4e25504f09fe399be7ef3cb9c51ed4b64f

Analysis

max time kernel
3462451s
max time network
164s
platform
android_x64
resource
android-x64
submitted
22-07-2021 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Voicemail16.apk
Size

4.4MB
MD5

fc3000b5ab71b6e4ba11008952f50c89
SHA1

475494b15530e53e09dafc548a2de1009aec8358
SHA256

e8dc3622a9cc73faac2fb2837f197a4e25504f09fe399be7ef3cb9c51ed4b64f
SHA512

79ef9967a8a38d0635dd9b2f663a35d012a1611eba0d02b4df0623225bd475427a95dd87f5d8bab33b8fb7d27717df8585a406e4d24de7165d3d3f5d4c0383cd

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://178.32.130.175:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	family_teabot
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

cat.wide.dwarf

ioc	pid	process
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	3661	cat.wide.dwarf
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json	3661	cat.wide.dwarf
/product/app/webview/webview.apk	3661	cat.wide.dwarf
/product/app/webview/webview.apk	3661	cat.wide.dwarf

Requests enabling of the accessibility settings. 1 IoCs

Processes:

cat.wide.dwarf

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS cat.wide.dwarf

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	cat.wide.dwarf

Uses reflection 4 IoCs

obfuscation

Processes:

cat.wide.dwarf

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3661	cat.wide.dwarf
Invokes method android.content.Context.bindServiceAsUser	3661	cat.wide.dwarf
Invokes method android.content.Context.bindServiceAsUser	3661	cat.wide.dwarf
Invokes method android.os.SystemProperties.get	3661	cat.wide.dwarf

cat.wide.dwarf
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3661

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json
MD5
e39adc76a72a94623a0ec6f8bce92a61

SHA1
33fc196bf42f7ce7dbd5edebbb18b46af27927c2

SHA256
11ed90e17dc55d11b6bba586596d1caab769735508e75b23034b447760adb99b

SHA512
bb3628064bd87841cc0094830d326a5804b072215aa018922d8854bdbba8fe0aede3fa357d2fab8c2ef8a8bf5b7cb3bd1bff23cd94caacc475fb85cbe55bce92

Download Submit
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json
MD5
dfa393fc12d52184fb24a47d9d0ec1cc

SHA1
2fceb816173d40eff126521095993358911fee32

SHA256
587336a3bf314f405881b79be177947f1f014ce509c640db2d56d3de271eb951

SHA512
85c0a2a5ee71d30fe7c9b8ce017f2ccd8943c4da36b9921e74bf66ffd3e7218cf6ba67e1990895cc23b96c7298ab75c9626b089a7627a9eb541ec38325b3d190

Download Submit
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/CpN.json
MD5
7695660ff3df84af2f50e44764cbebf0

SHA1
8bcec7b6cb7bd9113e20a5e11489fe7170086041

SHA256
129b585b4878ed715c65f6296e91244bd645deb383387ea063d27deb6ba7d461

SHA512
48337ac5e8ebfd47be816a3eb916eb3f764e0685691845e5a6074cf3eee53a5d28ea25097a61d473aaf0ead19931a4e76a69a878270dafb2a3fedb50a90837f6

Download Submit
/data/user/0/cat.wide.dwarf/app_DynamicOptDex/oat/CpN.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/.org.chromium.Chromium.vexlEe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/GPUCache/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/GPUCache/index-dir/temp-index
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/Web Data
MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/Web Data-journal
MD5
0ebb6980811402c41a024408cf9fd757

SHA1
8b1bcccfadcc8af57cd13a4574fc35db7968a01c

SHA256
5daac091bdb847a055982a702fb260121cbc92df83c369330cf4de9fd687abea

SHA512
d38aa905a74d8f485a418ee5141f9d5e289cbabface37a06aed8c494a059820c01669388ff4dea21cea9dfb9a287c213609adb1dbad5e87ae558b11ab150e915

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/metrics_guid
MD5
c4779cd4894786934e0d9dbcd5d79fbd

SHA1
55b4a6af85c8ccfebf2bf41d1545ad2ed746d679

SHA256
47e63c28d99818fc890c45e29f3a480f5b573f36c0c566274b8e2cbfee4f1f7c

SHA512
67ff3f8f2955741aaeb1f94284b074e37da613efc585debd03be227fdff7fdc8c251598c05d9b9e55320cc35c53cbc24cbe9b626acc5787d7bf261ad968f1fd1

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/cache/WebView/Crashpad/settings.dat
MD5
6a966d349021952da8f0489e04dd8bf8

SHA1
f6084dee903a5fbedf0c15512bc50b5dd5c7675f

SHA256
58cd6cfed72b8bbfb0a0ee2f0af959e0b3c8ddf0732b0dde90a76fd3fdd9981b

SHA512
74164cd871cbbc1112f2b9e6ff1bc423af2930532582b2a2f322a1dacd1da1af97904b7e3d2983d3c93b89768a76d6774281d0fa144285fe43b7db6fd86a3f46

Download Submit
/data/user/0/cat.wide.dwarf/cache/org.chromium.android_webview/Code Cache/js/index
MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/cat.wide.dwarf/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
MD5
24f148358263227baabeb506e384afb1

SHA1
23009024e407086d139e34355725a8db1aa0e3db

SHA256
f9549fcd14c6053c6f03b3780e55bebc912699112319624cbf3c76d335f91f38

SHA512
0d828c104121577ad75ad470116d7512f204c01fb61ef2106739c8a5b8b1ad14cc1202d8bef6b10ffc9e1f3599161e2e3ff6669e550810ccde985957a7e84577

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/WebViewChromiumPrefs.xml
MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
c8ad05778b32083696452d8836961e9f

SHA1
b2c2aa270cd67b5dbdd256293e00a10f173b4fd2

SHA256
150227239276cd1a99dc46aec353e16e4fe3819b1b918d3d73bb9b798bf34e97

SHA512
f2a3b4f20f7ad406ba085f2953d306a053d4a2f80dfec8d88891cc75245791d11800d977e062fe49a978b03d424ea4f6fc0b1a5a73743e71b31419ff8bf88d20

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
e3b6f79678f27d7720eaed8760c6d1d7

SHA1
f3ad8a2eb2fd67108d054ffdad9ad62d460d826a

SHA256
fa72e70ec7dbbc98847f775744366fe356ec4443cd49996a748d875916d8dc7d

SHA512
071c7020fdb428554ffc18695f619872ab061c8a5ae6eb6b7abc90a646d768b5dff88af1e3e4413e9c5642545fe7aa93bbd541b3a25e6d1c80eed864614ee3ce

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
232715f0c01c711695041f4f8e56df81

SHA1
c0609f977b39b1a500cbf5e3bac2a8be54edd819

SHA256
edd0b686648c456f0192abc31f036257b64e78b94f184e00660f62fc216e19fa

SHA512
c8fa30ccd185582c45f58ca24f2185901127de3ca10d2431bb75b165dc709d1ba00d22e24b48f1f7ed7cbbcd0dceec82d2ef1ded19dbc8663ddbcd3c1739a849

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
bbdfa66559a735ae855e97b89177e1d8

SHA1
8442e9e5b406dd45a61a221cd6bb08adf911adb9

SHA256
92b35af659a38f22de490053977a1f7f5ecb3c45cae53190e279c7386b423515

SHA512
c305593172d5eb60b36798b05d9c8d44912f9337a9a93392ef13b8811fc9b8165774367cd1572d19be3ec503ee1c8df5119a9d003f1479efe776f514f8917737

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
552672db811c23cbb04856d91a54c385

SHA1
92b549fcf836d26cadf21cae4cfad308e7866863

SHA256
00debf059d1849e6157913d053655b40dfe67a23936dbcd60be8d49685afc935

SHA512
31b56bb57f2fc5aa17fd324932f5e376d64c8f8f0aff7fa2ce01f4fc90aad89e983abe242be0261f3937c2ad87d0e993fcd71bf6f329930b06a133b6eabf1544

Download Submit
/data/user/0/cat.wide.dwarf/shared_prefs/config.xml
MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/product/app/webview/webview.apk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk
MD5
40e61bace188b6603d53fc3d8916a3f8

SHA1
74f7fd19aedc55977c79fa40230977ce4827cb03

SHA256
6ede39de8efb9d2f0a2c467f4c9e303b03236e9c6917fb4d6fa2ef3b5d15090e

SHA512
12f8424d5616774cf98c4955f9bd80e9967cc944d1ffee1a4cd6ec6f4e4fbf402030c58dde9480057c3d7e3c6805c6edccf77825a024dc87841783a5644b68af

Download Submit