teabot | bbe300b4c43c5d798d6b3840b851c3e2af82e81ce780faf8bba4a073fa861a21

Analysis

max time kernel
1314680s
platform
android_x86
resource
android-x86-arm
submitted
16-08-2021 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbe300b4c43c5d798d6b3840b851c3e2af82e81ce780faf8bba4a073fa861a21.apk
Size

4.3MB
MD5

11f04040a5cbb617da3521177a289bcc
SHA1

199c548cbefef4b4841f13b5048feb6f47e4f5bf
SHA256

bbe300b4c43c5d798d6b3840b851c3e2af82e81ce780faf8bba4a073fa861a21
SHA512

c734d8bbc669b611411657d21119974d042f4055ed3c96bcbedaf1ab0e0c94d5584ccde39aa3cbdf25086b31eceb731dd28cd7c48fb4db05c117989bed068883

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 3 IoCs

Processes:

resource	yara_rule
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json	family_teabot
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json	family_teabot
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json	family_teabot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

fetch.loan.merge/system/bin/dex2oat

ioc	pid	process
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json	4867	fetch.loan.merge
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json	4900	/system/bin/dex2oat
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json	4867	fetch.loan.merge

Requests enabling of the accessibility settings. 1 IoCs

Processes:

fetch.loan.merge

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS fetch.loan.merge

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	fetch.loan.merge

Uses reflection 2 IoCs

obfuscation

Processes:

fetch.loan.merge

description	pid	process
Invokes method android.content.pm.PackageManager.isInstantApp	4867	fetch.loan.merge
Invokes method android.os.SystemProperties.get	4867	fetch.loan.merge

fetch.loan.merge
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4867

fetch.loan.merge
2⤵
PID:4900

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json

MD5
05ce790788794b038501fa477b2ed909

SHA1
e4e82728d3bebd289e59c1c843013959f1775898

SHA256
623dbe5c22af46b14a25ff83c819a25b4818755f7f7201b22aa6d64321d023b3

SHA512
6f3959606bc5faaa610c1ff2d60bb0fd0fb86eeb602c0317d57a04be64d057a8911cd0eb46a5f764c3e50268ffa8e034ba78c6f8c57bad8043702d435ddd005e

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json

MD5
876b0e2ce4f00194288f6adf86a03336

SHA1
0eacd682e0caecc00df679af8079e1dfe0c328f4

SHA256
fee7295bec3c6b5527a3248120e73e030b233decba5a73d9f072a9116589f646

SHA512
8e6dc8cb19e445144efb20e4671eb35f8c5673f956d0b5b5dced14daa7b31e24d9c7995e0d8d0c728165dbcaf4ba75afc173a9e162e26146031e3a090c8a09ac

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json

MD5
118553ad191ad9a83fe10c9cf2f33cb0

SHA1
8b7dc1d069b2dfd89f31ecf7aa8aff516b4ea4b3

SHA256
e8ae16c9c8a7fcd2cfa6260fe3b98010bc3c2c9dfb5d9a756156c9cf05d02be8

SHA512
4d7037bee3acb3d7c1d658c41008350ae914d25d1f6932ce8d6f7117a5790397028633a9af7888ef98334ee5f6ba289541b24420043ea15ef070fca954e05ffb

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json

MD5
876b0e2ce4f00194288f6adf86a03336

SHA1
0eacd682e0caecc00df679af8079e1dfe0c328f4

SHA256
fee7295bec3c6b5527a3248120e73e030b233decba5a73d9f072a9116589f646

SHA512
8e6dc8cb19e445144efb20e4671eb35f8c5673f956d0b5b5dced14daa7b31e24d9c7995e0d8d0c728165dbcaf4ba75afc173a9e162e26146031e3a090c8a09ac

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/mG.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/oat/mG.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/oat/x86/mG.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/app_DynamicOptDex/oat/x86/mG.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/app_webview/GPUCache/index

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/fetch.loan.merge/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/app_webview/GPUCache/index-dir/temp-index

MD5
803ecd3cb2d3d84b9d7593c257584e08

SHA1
13a117f73dd8c005d5b095bef0df54cefb1a19f7

SHA256
6fc327a5a9b3e2adaa52b5682c69ba73cc41edd4956fbdb77fc93a99cd75da0c

SHA512
3c422596761c3e2b1fdd48cd756d51c1adfaf4b4ffe164b82628d98e8253edaa27c21af74319e15d76bc916cd8a7a578b3f0ccc5a2f6c5a97f8c8f56c29a954d

Download Submit
/data/user/0/fetch.loan.merge/app_webview/Web Data

MD5
5168d8c4556ac22decc2362ce61ddafb

SHA1
664cb3c7b0b5b13c3b915c28354793bcc0afd408

SHA256
5057cf5dab27589d93f7d55ffa505ea8249c213b79fd8c85ac39423c135c5db6

SHA512
81cefa22b3b1d30acf590b44b97a47b68c265a15b3725ff348ac0256faae0aa76b6a9bedece897c912bbcc86623c3a20c193ff131d9a25d0ee8e315394ae332d

Download Submit
/data/user/0/fetch.loan.merge/app_webview/Web Data-journal

MD5
c6733b915431509cf1f07e14b96f130a

SHA1
e00245b026a8508edf93f56a507a792dc87c09e1

SHA256
5d8b190cbe06a96e6065d2c84a5e009363dcaeb287f104280fa6fa568ceab9c9

SHA512
714fadac97692b96cdf986b431f4df3071f9ba262046b5da441acb67b0459edb4f13c0c91825196cd46483517e49aac593ed88e9170f45a6549d61affb1db39d

Download Submit
/data/user/0/fetch.loan.merge/app_webview/metrics_guid

MD5
46117c44cd3d8fa7cf128c523ad4d4bc

SHA1
5b1837eb7a533e5b24542fda3658bad0029103b1

SHA256
83487b2895e70abdd6374566752ac38bcdf40673160564db666f2e039e1994d3

SHA512
21321132a1cf874505d4d20984608642da2b8ebd7595b1bd351d28219be365744d9d4b2fbeb5cc3a1b590cf41f2c93b5c59a817745896d15a4f21061eedbd619

Download Submit
/data/user/0/fetch.loan.merge/app_webview/metrics_guid

MD5
46117c44cd3d8fa7cf128c523ad4d4bc

SHA1
5b1837eb7a533e5b24542fda3658bad0029103b1

SHA256
83487b2895e70abdd6374566752ac38bcdf40673160564db666f2e039e1994d3

SHA512
21321132a1cf874505d4d20984608642da2b8ebd7595b1bd351d28219be365744d9d4b2fbeb5cc3a1b590cf41f2c93b5c59a817745896d15a4f21061eedbd619

Download Submit
/data/user/0/fetch.loan.merge/app_webview/variations_seed_new

Download Submit
/data/user/0/fetch.loan.merge/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fetch.loan.merge/shared_prefs/WebViewChromiumPrefs.xml

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/fetch.loan.merge/shared_prefs/config.xml

MD5
10788cf4d0231229d3be02049c0a24f5

SHA1
d601b238f5357cf869413c6d2393e486214373f0

SHA256
a46885e6e24e9a295dd626cd855c169f76539b0545176ea50a1c23b4dd6a7b67

SHA512
508f60b7dda2e77a51da8451f20162b566e27b193c333280439e2d6980d0a8709898f8f40bc99e73061928c7af3b6c1ba383d464251424e96c663d6308a9cc5a

Download Submit
/data/user/0/fetch.loan.merge/shared_prefs/config.xml

MD5
7f10d75409d7bb5dbaddbe32f9d3fcba

SHA1
1e09fb2ddfc6dc800edcea56a3dcb07442570743

SHA256
406d701c1d06cc3c389bd3e8110721db0c17fed7586338faaca151314616d60e

SHA512
04688ae72b57b799b496abce2b0c3b73f24192b2ac83636c702e6f8e144cb53e94b49abe0a38c74b3b1de93043806bb8b8190d90628fda66311f19a229cf53c3

Download Submit