teabot | 0293d5232361c81d10ca817bc02001957e216af3d65c16f7226ebf30fd529684

Analysis

max time kernel
814961s
max time network
33s
platform
android_x64
resource
android-x64
submitted
10-08-2021 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0293d5232361c81d10ca817bc02001957e216af3d65c16f7226ebf30fd529684.apk
Size

3.7MB
MD5

ea893f199a0df51bb6724934528b5cd7
SHA1

61a8f483486e4020dd829a5990f4ba85a93a1f8b
SHA256

0293d5232361c81d10ca817bc02001957e216af3d65c16f7226ebf30fd529684
SHA512

a3f641997c663e3457db37312ef5e68172001d5c243731a11a5998a632e67a983277a6b31f8efca997026d84714ba42bea62fd1590565a35cdb916bcbdb89495

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://178.63.27.182:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/blush.wrong.slice/app_DynamicOptDex/TnEdAO.json	family_teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

blush.wrong.slice

ioc	pid	process
/data/user/0/blush.wrong.slice/app_DynamicOptDex/TnEdAO.json	3591	blush.wrong.slice
/data/user/0/blush.wrong.slice/app_DynamicOptDex/TnEdAO.json	3591	blush.wrong.slice
/product/app/webview/webview.apk	3591	blush.wrong.slice
/product/app/webview/webview.apk	3591	blush.wrong.slice

Uses reflection 2 IoCs

obfuscation

Processes:

blush.wrong.slice

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3591	blush.wrong.slice
Invokes method android.content.Context.bindServiceAsUser	3591	blush.wrong.slice

blush.wrong.slice
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3591

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/blush.wrong.slice/app_DynamicOptDex/TnEdAO.json

MD5
404279cea98a7dd415d78aee81066811

SHA1
bda20a3829d0598732d5d0bf9ca10563e262201e

SHA256
1b7ad5771f823c4cd033074f492d835d5e4226b1a98ea7cccb1592337cab62eb

SHA512
8c36db1a8cc7b25c0dc3921ec3407d1a3d6dbcb031127f86f4f47f8c4d9196b8fb0dcab8aeece5ad10c99db8be4b129b62e1ffe201fd1f82cd8ddcaea80ac70a

Download Submit
/data/user/0/blush.wrong.slice/app_DynamicOptDex/TnEdAO.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/app_DynamicOptDex/TnEdAO.json

MD5
fa51930911531af4dc35173b9a68f4bf

SHA1
d1d322de1a8f6c09b048bcf9485f00086bfaf9e6

SHA256
6f557ec7ee7a3c047e3f16a671bca1d6bfab4091a5e4cf22b918f08c7cb623a5

SHA512
16a35c691abee527fbc50a8e2cbd9953485d64a7848cd772ec31fa273a06d51cce40bb5a99639491962e7b5c4aa850e9cde34837664ee69ecc7a34bb34d6e7b9

Download Submit
/data/user/0/blush.wrong.slice/app_DynamicOptDex/oat/TnEdAO.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/app_webview/Web Data

MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/blush.wrong.slice/app_webview/Web Data-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/app_webview/metrics_guid

MD5
a7f37ab4124e2088d9c0352d609daada

SHA1
9523cbdbf0b3b24588b041e4a9e845377eba6678

SHA256
5c13a7a93d016870645b012ed93019973a80d476db4ea3b3b4d8ebaf6d798d71

SHA512
5170b2583769d394349740f84d339ae7fd37ae2a69f167f76e09c57ca417d85c423599095b7ed5fe2384ee642ec3bef334ae60cc2d263d05d01fb8ab7b4c69f5

Download Submit
/data/user/0/blush.wrong.slice/app_webview/metrics_guid

MD5
a7f37ab4124e2088d9c0352d609daada

SHA1
9523cbdbf0b3b24588b041e4a9e845377eba6678

SHA256
5c13a7a93d016870645b012ed93019973a80d476db4ea3b3b4d8ebaf6d798d71

SHA512
5170b2583769d394349740f84d339ae7fd37ae2a69f167f76e09c57ca417d85c423599095b7ed5fe2384ee642ec3bef334ae60cc2d263d05d01fb8ab7b4c69f5

Download Submit
/data/user/0/blush.wrong.slice/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/cache/WebView/Crashpad/settings.dat

MD5
00baa984554315623b3fc19a1e12fe6b

SHA1
6ebb5fa581791ae1907a4c1413fbd105c9ac6ce9

SHA256
5ccfd1e4351378473dbfb079101f30affcd6a48bc882c4efa5889fe95978a3ce

SHA512
22fe545d8b374639acaa5ed242b70c963267dd24ef9255fb25e9014a0270e7c0d65917cd4b1e4a97600b4daed7c279eb77823c2d247fcf76fd089cf4a28dd911

Download Submit
/data/user/0/blush.wrong.slice/cache/org.chromium.android_webview/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/blush.wrong.slice/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/WebViewChromiumPrefs.xml

MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/config.xml

MD5
535559b411dfcf00dcf6d3a29946f06a

SHA1
6ec0b747a90ca8ff13c41f0f16eaedd96bb0434c

SHA256
f619c91a9eb05727acad4afae81adf11cb9ec1aec0a210d5d9e214c1dd58363e

SHA512
a88dbc1582ea275f8d3f5785d3f51019e4d23d3b1a064eaf46c8e05bd12e47c4a7e61789fd89f3b912179f321b861ed0bae41ae8866c22e72e1fe47b6cf0f367

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/config.xml

MD5
50a6bf4a81643f40757487dafa979b60

SHA1
97053c87608d6a84744e30ebdf239ddb16d25748

SHA256
6d7b6556bd54ac1ef867e00251fdd2ecae1adbda8ef2d9903e7ba9ef900e5511

SHA512
640553774f212a5900c5c07ae780b4e6d183c6678524ded57b69b35ff411de6fd6b336ecc518a014b6fc2df7d24b3d023ac76837ec380745a613d4af84b521bf

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/config.xml

MD5
8d5218ccc265c80967674d3b45b8af97

SHA1
93225e2b40fbe2eb15ad322f79840259c01bd515

SHA256
94b8e10e32c8730ca1caede65514b570b16f0b10a361d9725f7d56619d47d31b

SHA512
37db88ecbc88a5f8e40855bf56bb645302ac255b86dbaeadcd2070f30f8d3da029c698d96402c1a78f1fe3457909373cea26ec11661dfbe4cd7ac8ccce53eaed

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/config.xml

MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/config.xml

MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/data/user/0/blush.wrong.slice/shared_prefs/config.xml

MD5
d1722b0e42d566b362e610480597d241

SHA1
6184f294dec15a03355f6f1a723fb2d727f66660

SHA256
c7d5ff180e874eab809f60fee38b058bab51e692096b5ffbfa29acd456942fb1

SHA512
710e0277a885ed0ce5ca684d2d5755a6e3e28eafd64a57c77857593aa2bb42820fa63d2999a3ea2ae949ba800e338f592947bf4c4395f5be304d6f264c56c6db

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit