teabot | b88e7421bc61f4ce20c0694418fc97c1e77cfd3f2053857f87cc47512a55c3d3

Analysis

max time kernel
113234s
platform
android_x86
resource
android-x86-arm
submitted
02-08-2021 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b88e7421bc61f4ce20c0694418fc97c1e77cfd3f2053857f87cc47512a55c3d3.apk
Size

4.3MB
MD5

7823e56b4b1631ef52bbd5b95c186554
SHA1

f47ee24af407de1019e8605ad8f111732305fa5e
SHA256

b88e7421bc61f4ce20c0694418fc97c1e77cfd3f2053857f87cc47512a55c3d3
SHA512

ceac5d17b69d0297a7a83873705c46486894de70d45e33e64cf5971be05ac0dd07bda996fe9627bcc001aad9b954703de8028d296ed5113ff73ba02cce16a48e

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json	family_teabot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

angry.grant.doll/system/bin/dex2oat

ioc	pid	process
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json	4730	angry.grant.doll
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json	4770	/system/bin/dex2oat
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json	4730	angry.grant.doll

Uses reflection 1 IoCs
obfuscation

Processes:

angry.grant.doll

description pid process

Invokes method android.content.pm.PackageManager.isInstantApp 4730 angry.grant.doll

description	pid	process
Invokes method android.content.pm.PackageManager.isInstantApp	4730	angry.grant.doll

angry.grant.doll
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4730
- angry.grant.doll
  2⤵
  PID:4770
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4770

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json

MD5
9299a922d35a418fab1821203569c9b8

SHA1
15464cd438cf88b63a1fa244f2433c35578f02ff

SHA256
2e87ff9e0d7e79efbeb27e5f1f0041a81f2b1ba8359c4cacfeaba341cefbf48f

SHA512
ad942f3b3c3a287f87e79b193146ba5b8d8f036921906a536ab744933ae323a853870da55da6b4f0e0cf52bcce75da178455f50f624a38d5c8353c855cf62162

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json

MD5
e568315f15f0f3af927ef6348c635820

SHA1
62a4a8fe65af1866b983c94bd57645880df2cd93

SHA256
b2d15b080782f826b9d131a6188575bbbe9011d4c99dec87b73d7d34f1de96c9

SHA512
d71afcae4cf2741cdb90b0ae04a034783db82e4052e0a84f6ed35efb340fc11c22186356ea13f3fc46c084e42f87bf348cb37644c0a00b4327ec52fd792deb0c

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/XPOZLH.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/oat/XPOZLH.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/oat/x86/XPOZLH.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_DynamicOptDex/oat/x86/XPOZLH.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_webview/GPUCache/index

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/angry.grant.doll/app_webview/GPUCache/index-dir/temp-index

MD5
867d41552d9d3b4c9e39e90c3c343e80

SHA1
6267d827e2259b906ca88ca1145ece2a6be9dd6c

SHA256
482a29ba068df57e30dfeb17fbcd28e2531dfab131f2e1a45fcd57ddcde67eb8

SHA512
c11e4d0d998f4fa440a7f57c61c4784ae8e8736f7d7a7021dd184dd69f84f574e339d0939178e7c9cc06a91febd2ace3bd4d07a1c5c5e07745df10f153b73610

Download Submit
/data/user/0/angry.grant.doll/app_webview/Web Data

MD5
5168d8c4556ac22decc2362ce61ddafb

SHA1
664cb3c7b0b5b13c3b915c28354793bcc0afd408

SHA256
5057cf5dab27589d93f7d55ffa505ea8249c213b79fd8c85ac39423c135c5db6

SHA512
81cefa22b3b1d30acf590b44b97a47b68c265a15b3725ff348ac0256faae0aa76b6a9bedece897c912bbcc86623c3a20c193ff131d9a25d0ee8e315394ae332d

Download Submit
/data/user/0/angry.grant.doll/app_webview/Web Data-journal

MD5
1678be8327bb966baa3f0016b9e4b4e6

SHA1
30f277e9bc3552c64657b8edf6fe338858af2d06

SHA256
cc7b7ae27c2e0e3d1b5ec2eb5253bbd3356dfca607091114042867d7399e3670

SHA512
9737b22efe0365bd68947f7d14d56ce5e107a0eeacb8104e3ae17148cb0a2f6e9eb93f5dff75d0c4881101fe446690b1c02a6814f8f2a97088b090ceea4cce3a

Download Submit
/data/user/0/angry.grant.doll/app_webview/metrics_guid

MD5
41aaa1d96e68286e058017e2f1f54264

SHA1
130941260a07506932caf23c3479bb896461a4fe

SHA256
7986935aa9cd700d6a4c23e498c6381c2d5cb37cc2e37e6589222dd659dca429

SHA512
53e2c5d503ec0c640d5b90a82971d303b309c8619249c7785ffcb9c793249366d1d35c709a5a97d3cd76c7584d5db1c6aa966d7ee371a4ff6571fa3d95847f9b

Download Submit
/data/user/0/angry.grant.doll/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/angry.grant.doll/shared_prefs/WebViewChromiumPrefs.xml

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/angry.grant.doll/shared_prefs/config.xml

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit