teabot | 90521e486f93b575beec1df79c5a1d11a42390c48d2db86c80bb86645a8dd016

Analysis

max time kernel
977117s
max time network
154s
platform
android_x64
resource
android-x64
submitted
12-08-2021 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90521e486f93b575beec1df79c5a1d11a42390c48d2db86c80bb86645a8dd016.apk
Size

4.3MB
MD5

78d04d8443fa48411244cc5f17b2b542
SHA1

234e413188f68b9cb4a63031331ddad7f9dd62d0
SHA256

90521e486f93b575beec1df79c5a1d11a42390c48d2db86c80bb86645a8dd016
SHA512

b5114922528010d0e5433aab4f921ce08d64262185e9d05447473a2ad6bc5974207e6f17b7660b0f0c0e718de2065129f20cf6f870ab5c016842f8964b2d89c5

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://138.201.211.36:84/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

lecture.sugar.later

ioc	pid	process
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json	3658	lecture.sugar.later
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json	3658	lecture.sugar.later
/product/app/webview/webview.apk	3658	lecture.sugar.later
/product/app/webview/webview.apk	3658	lecture.sugar.later

Requests enabling of the accessibility settings. 1 IoCs

Processes:

lecture.sugar.later

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS lecture.sugar.later

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	lecture.sugar.later

Uses reflection 6 IoCs

obfuscation

Processes:

lecture.sugar.later

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3658	lecture.sugar.later
Invokes method android.content.Context.bindServiceAsUser	3658	lecture.sugar.later
Invokes method android.content.Context.bindServiceAsUser	3658	lecture.sugar.later
Invokes method android.content.Context.bindServiceAsUser	3658	lecture.sugar.later
Invokes method android.content.Context.bindServiceAsUser	3658	lecture.sugar.later
Invokes method android.content.Context.bindServiceAsUser	3658	lecture.sugar.later

lecture.sugar.later
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3658

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json

MD5
90e7033ef3c962a783317eb2bab85389

SHA1
6689447ea820529d84f9c34eb9595a21052ba37f

SHA256
442100341e5125f45987b0af787361fa6bda61354a74bfd7797ef9c677444779

SHA512
3d49a613c48bd1a51224ec9fe75cc605d895a3f838e508da99cd5d7a1d3c737a3ca22b629f189be57a4bc238efc46f77555bbaf565b1b6eb4345410b8b1916f4

Download Submit
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_DynamicOptDex/IOxW.json

MD5
894bf6981bec0e3b4d99940efc6bd203

SHA1
839b0feec9a8574aa12fbd41b45fd9d006e0959d

SHA256
8643cace810e5bee704c411930f5cb14c9eef3c0a8331921c63efb14f224c0ce

SHA512
83aedbcd39aafcf20e2796fae1f3706da44d32161cd50fc83a12d29630f051202416c026ccfc8430046d87db0e6607ab09e790f47dc1bad548bfa7a69efde6d9

Download Submit
/data/user/0/lecture.sugar.later/app_DynamicOptDex/oat/IOxW.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/.org.chromium.Chromium.tmRT8T

MD5
9245e92b191a3543c7d15f5d03095232

SHA1
5c41f54dc70c8c731a6355e7925f6b726afe126d

SHA256
5ff6cf3350a6ca08cbcdb9ba16c4d8616d44a4789187fd55016af65008b8e27a

SHA512
936ec92d822eafae098b3a68adcd9800c58cd876dd6575ac8a4c397b802dec3af7c68a1f5fef1794d75d13120294d75853d926933fbe9e6a22fbe5c1a4689c8d

Download Submit
/data/user/0/lecture.sugar.later/app_webview/GPUCache/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/lecture.sugar.later/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/Web Data

MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/lecture.sugar.later/app_webview/Web Data-journal

MD5
2a121b9db53e707f92c47f9a9530623e

SHA1
1de4a3fc9676dffc93f16c3dbe72566b89c3f8b3

SHA256
34a44ae1d87f703e603b39c373091c0151cae201a2d49f10bf7951ea9fb02dad

SHA512
d17e415dcb36f933f80aee39c4b244aeeab6468f0480f31569200699316719d2991f5c37b3df7c5be68a230f2fea63be06d055c45ee1e18a2ce51971fbce529c

Download Submit
/data/user/0/lecture.sugar.later/app_webview/metrics_guid

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/metrics_guid

MD5
cacd16d013c89e63bf2c24880c1bce55

SHA1
0bb0d4b49c0e2b4222cb9827c334c6dde0a209c0

SHA256
d60d20e4c7f24a96232166898dbe935b97e01df269bbea99f4be6cd4423ec145

SHA512
63c63b9288c84e5de4494cfb7e4ae104e740bf5a21d6d98d14e49e9cb4cda02c182561c00543811e3671f110fb1351867bfffc1f175329b3864f4e0cf9c9df71

Download Submit
/data/user/0/lecture.sugar.later/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/cache/WebView/Crashpad/settings.dat

MD5
1451fa3ed5e09873371e7bee9bbdfba4

SHA1
506ff64a3a2593f9437f8f5032be62062fc6456d

SHA256
47979ec6ce84cb8d0b2e292876cea26473936963e823f63d871b7d32b40c4285

SHA512
fbb1949ce11c62c56c808e1febdcfb28a0e595b94cb98e6e298349b298c8c1c8e0ea67c2dd3246588442dedc8481b48449c434b72e363fd7775c963b1b2257f8

Download Submit
/data/user/0/lecture.sugar.later/cache/org.chromium.android_webview/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/lecture.sugar.later/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/WebViewChromiumPrefs.xml

MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
65acc640015d030e830453d83a486c33

SHA1
92193fded9e0434ae742c0232a7f49171ebc1b48

SHA256
18bcf2c32ba0c84df61e7ba2b7a019efac566154db04fe7b7f0a885aa86a3d72

SHA512
02aab19df3a97cf0f4a90476d92666aef2b9fac53b35e0849ae1d61a72d3127aa64948f48bf60c8025de8df0d93f6263065d3d30603380110c71c398ac00dc38

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
501b679daa83506245b102a589081aa7

SHA1
0205212fed4d89cae1dca21bff45dacf3d56beda

SHA256
6ff1832bb2f688ce01a2be80e79988d7cf29618879e78b90773e4f60bdfb4648

SHA512
726949b6732b222b58e37e14d315fc1702a6efa091ed4d4ed6ebbbe6e43d8a7990511b1d0b2bf68c6c564df53d3cddc3e66b578b499cbc6ec62a1a077e75f83d

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
905a4dbfd2e430535e5c59cfc048503c

SHA1
b41d1357ea33d26b9ddd3d5ad7b726993fe957a0

SHA256
9ea168d3b911c5fbd854945c464e27b51dbf1e5a0440319445c1af8fb237151f

SHA512
f4ffc56e6c154c435e58a9a900d88ac06d1366885bc652677b1f421d00a300661c76489ed25632a6b736979d90b08d8f1a8687f586bf43123cd46125245976d8

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
2cd2a76d34fbbc684857c0d4f63f50b4

SHA1
5dd44cebd9c8e2cdcc0f3c955e425e488c9b58af

SHA256
3b0238854987456b56865e7c314bc036a28503d7d8bef5775e4ed44216b35c01

SHA512
6ab81ed9cf969b96f4b7739d838db0c687f068c289c6eec27588fce9f7b02408ccb00197d5545c9151d90e3361319a3f27e791a4991363f2c01f540538014cbf

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
af73af990bb65a25ff36c93ffc9d229f

SHA1
da99f9eba6ab3b77977e546c9cb5aad5ac4664ec

SHA256
d24fcec35869dfb57853f06136f1658791a29ea7494c783ebbe11547ab15ba56

SHA512
65d2157fa7faab4bbf3d42773e3b5fd256a6b60607ed0b58b9a03308d458a19c2d8ad5e25c3e656a3b24a01f21427fe3bf8e5096a0c4a0f03f60ba0f7aae30d5

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
9b0003a15a80909da797e522071a27e2

SHA1
efd56c48f97f5cfbde022e79774d4c083f634395

SHA256
42c023ae797d9f46981d6c4d4e51754f2749f87e400f75d6c5591ebdef94a993

SHA512
f0cb194b929ede3a1dcf482d9e56b78f2e907937b9a05a3df432bcfd5f610e396414f9183b9e7e7b39bded2985fb1db7700c9fda18c750de6f36e49d23d4e0b1

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
c7f0a9a56e93df99e8f41d980b742185

SHA1
ca4cdf2397d3cdc989b9c5998ce503936b31fb9e

SHA256
9503ed34c08b38bc2cccc65941dc4209218a1958c9836f91e74987d51722109b

SHA512
0abf094e7260a62fec5ed8cda089fec5c39b3b8a0cd2945a16435eaf43dec2e6e7b1e7f0bcd103732b34e682ae8de8888e040cca423826b8a6892aad279cee6b

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
0980d8b1bb65be53bf7acefbe8cdc2b0

SHA1
5e6b71efe4e2f72a0b5c730a807452bbbf5a5f3d

SHA256
76df1da9425120e1c190ea4b9c8c9cba07c28890bf7542ea32f5520a983d2d22

SHA512
6b197cdd237e21488f570e5df60aafd502ffe3af4587bd886d7c6ea49d2d75d103104671ae89e53ad8149212144ff5a20dd2e36bf1d7aaa7ec553b61a5a60d85

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/data/user/0/lecture.sugar.later/shared_prefs/config.xml

MD5
da7e2e1076c5561c4fc855af749b0441

SHA1
827def43052b16448396ca9f251fb74abb21d01e

SHA256
87d2a604d42d5ec3c8d2e481d98ae894891373a553d37414d7c763f102e34e3a

SHA512
881c4877af9b23e5c33cea3993425743e54713187d1f6a7ac430286de48a982eae842e2098f97daf260be05aeb93701265f735fc2a749eed4bcf924d60f20692

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit