teabot | 90521e486f93b575beec1df79c5a1d11a42390c48d2db86c80bb86645a8dd016

Analysis

max time kernel
977206s
max time network
190s
platform
android_x64
resource
android-x64-arm64
submitted
12-08-2021 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90521e486f93b575beec1df79c5a1d11a42390c48d2db86c80bb86645a8dd016.apk
Size

4.3MB
MD5

78d04d8443fa48411244cc5f17b2b542
SHA1

234e413188f68b9cb4a63031331ddad7f9dd62d0
SHA256

90521e486f93b575beec1df79c5a1d11a42390c48d2db86c80bb86645a8dd016
SHA512

b5114922528010d0e5433aab4f921ce08d64262185e9d05447473a2ad6bc5974207e6f17b7660b0f0c0e718de2065129f20cf6f870ab5c016842f8964b2d89c5

Score

10^/10

teabot banker infostealer trojan

Malware Config

Extracted

Family

teabot

http://138.201.211.36:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot
Checks Android system properties for emulator presence. 1 IoCs

Processes:

lecture.sugar.later

description ioc process

Accessed system property key: ro.product.model lecture.sugar.later

description	ioc	process
Accessed system property	key: ro.product.model	lecture.sugar.later

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

lecture.sugar.later

ioc	pid	process
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json	4037	lecture.sugar.later
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json	4037	lecture.sugar.later
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4037	lecture.sugar.later
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4037	lecture.sugar.later

lecture.sugar.later
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:4037

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json

MD5
90e7033ef3c962a783317eb2bab85389

SHA1
6689447ea820529d84f9c34eb9595a21052ba37f

SHA256
442100341e5125f45987b0af787361fa6bda61354a74bfd7797ef9c677444779

SHA512
3d49a613c48bd1a51224ec9fe75cc605d895a3f838e508da99cd5d7a1d3c737a3ca22b629f189be57a4bc238efc46f77555bbaf565b1b6eb4345410b8b1916f4

Download Submit
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_DynamicOptDex/oat/IOxW.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/Default/Web Data

MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/user/0/lecture.sugar.later/app_webview/Default/Web Data-journal

MD5
75f81dbdf3c4c9a80c3dbaeaad77f0dc

SHA1
44372aede972d66562dad4bdca8f3d4d505b580b

SHA256
97b3f43002e806481d22898952518a8be14615602cc9e4ce7af582cb24382e41

SHA512
c3855e825ce99c98d0566d56c462000c24560d6d4c895d2827b07ccf5e2a60748aaccb802db47ac485e811369ad2a1b7d54f00ad41df634c50e93d6874609745

Download Submit
/data/user/0/lecture.sugar.later/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/webview_data.lock

MD5
08ebc5f940b97965d2af7984309b24eb

SHA1
3df8f77da91bd6f3a1200f79817dca39d2291273

SHA256
ebec121b0ed686fe3fefca3a4c844b133be8b7647195de2bcfbd778552bf1d08

SHA512
af1d440ee7c7d00f0dda18bd718af0c4ba45dda6af7f1042fbf3f506e22df8e0e5d1273c402051135c84a51ac2617ded02f663c5eb202855acfda324d194f877

Download Submit
/data/user/0/lecture.sugar.later/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/lecture.sugar.later/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/WebViewChromiumPrefs.xml

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
c2c15d1f12ace7cd290c15de1d88a138

SHA1
9105a88fb83a906ef07f333907739e0bd23be98a

SHA256
b13b6af18edd9c67d7d455bf7447e71effe988ae53e1ed6939a720f4b2a34341

SHA512
38e482581a0331a1bc02bda6caa02eba4ceb4a0d6f44e7aa32f636e0f56585c667269c1467ee60c5d77d009cd80eaa04a6ebf8298570865769327fd5a518d525

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
eabd167d8b8941ba94cc42f1cee300e6

SHA1
dea0949178d48aca467b4420755ffe49a0cb7f26

SHA256
e6ee3c965be03fba1353e65bf5cc120f9257d60e0f17892c984dd024b0a576dc

SHA512
1bfa155c0aaa4dceea31e718651129b867d15a2afb49e689501736099c4f0e8707236fbd7ba7399b20334548939b5fc485ef2682921532b6c2c6e4ee188c06d4

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
87005d48250a8365a325793f2437816f

SHA1
30640a85ee99bb5fc87767f4302d279b0189140b

SHA256
e1aa88b939baa906f6a560415d6ab430838cd63dae48317b634e8ac844290d51

SHA512
8915dd1b7921171e4af9451f0140c7be28c22497ea90cf303beadee0d1cb5af7e1d722b37a989fcb4d45f15ce8739bc1daa9746f189abc4daa396484665e7420

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
9d2f448186778109713b7a336d0f9fc7

SHA1
79d9e70209d6a7f2ce8ceab9fa26ae06bfed2ce1

SHA256
5d6743bd72cdd836c0c5ecd195319822624274bdb30ece35e09ad1986e61cac6

SHA512
4fe9d5f9fd0b0b7d666de8219c83287a1c3b3e16c1bf922d6580efc7b1d61fbdbf9a50de369bf263718f26d66377dbb85f55af237985a45c813c822cd09322a7

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
171b95183ed8361114b75fc9a99ecd43

SHA1
149d1cd17db35efca0eef47b225bc9e2246c6783

SHA256
28556c20f582bccb85cdc24c6f8d81bf74df62f17be145d9e64d826e3b8f0fe9

SHA512
c983c36038336df8eb1c918c659c808d3ec2886998c8ebdbe2fecec04deb692380bb6ec5704842ce7bc53979c5455def23985dd1572a638ce19d366e7a80843a

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
7b812e2b64fd6a065ba67b9c811b22e0

SHA1
b1585363d47c2eec5bcc5222694fa8d276a2d638

SHA256
286c3d347953e58aa4052674e6267488f77372bc3a6a56f2548e9c3a7f447e8e

SHA512
45f1a65b18fa6d0ac466d47f7f18466c2579e8a284dfed8e1715194c5ac020cd357c1f845d7d2c24415edc2558b0065aa4a42f248deded7ea86a988fafc73111

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
7f10d75409d7bb5dbaddbe32f9d3fcba

SHA1
1e09fb2ddfc6dc800edcea56a3dcb07442570743

SHA256
406d701c1d06cc3c389bd3e8110721db0c17fed7586338faaca151314616d60e

SHA512
04688ae72b57b799b496abce2b0c3b73f24192b2ac83636c702e6f8e144cb53e94b49abe0a38c74b3b1de93043806bb8b8190d90628fda66311f19a229cf53c3

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
044e231ae12eb09d01eb417378f17329

SHA1
f6492187c964efa9ff17707956bd510ce6d562c6

SHA256
3042f526b0a50703555172383d9f9bc11685dac99a44b5457c63652bd918ca20

SHA512
524f9983394358c27b8a90735292fb5388fd8fae222e2e5e8d958a046bc8df253a299ece5c8018c27dde4f71151c932cad3e1eb32a7219906ab934bced72d6ec

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
da46a55652aa232a21e915bb926e8115

SHA1
3d7438f7e103f0f9681ce04aaccabe571951799b

SHA256
36166dbb8fb4f5d90b9ff232241ed8c6b4a4fcfe91b5d48c5a51f2a5645bc396

SHA512
b7001fbe728006ad5f24cd2797b9214c75777849bb9fd53c4ea8422b6a4b132b0196a590921186a713ab192d78cc9c5c0ac1bc7d7544d3effb20d98934ec025e

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
2c65d3104448e97087389997d5930a1b

SHA1
cdd0e38cc8863bb906b010bec54d28a55a102673

SHA256
6949a3b694d5fe8e8aba0b4e8a7962036ee08799b7038a4c28609bf891f67fe7

SHA512
2d099ca9b8e2e914436b67068f9792209b68c449d5862fd45e84be998f73d22d3eafa2cadc7d041227ab345aab7b1bc1a9fdb2b2382e6e15f7d3147131258301

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
d4506316a66616b7b41960d83ce0e530

SHA1
189c68cf3cd6eaaf216ddd6b024b0fd30209ac72

SHA256
60e53ee01911985fb3fe97037aec56979089bfd8a50b89fabe4633447fc7a13b

SHA512
b495a7f5e468b982dfdb17dd71f1c775dc10ebe1783a7319699ab23b5e5f12d373c5fa961ccb2447365e354b128fc4432be28289461c73a7981c62e15e655c57

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
3513c9142a1c0a63a2c1443d832748e4

SHA1
9601f7434564251cf860c7c710970a3f21a8b3c7

SHA256
8faa88d8625c96ce74fa7d29e155ebefe97c460b160346115721ca5ee15e8787

SHA512
3ff56ad69ed19e14bbe736642b59fa206d4962510fdeed833e9ce5015aef7d96810967b887f7cacbc9af59a19d08e0b090d805bb3abaa0fee061ce19d1b7bef0

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit