teabot | 9437f2224f31f60c57ddfac686e896c3db9080c5866ea15bc6b23413f8db97b6

Analysis

max time kernel
1305437s
platform
android_x86
resource
android-x86-arm
submitted
16-08-2021 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9437f2224f31f60c57ddfac686e896c3db9080c5866ea15bc6b23413f8db97b6.apk
Size

4.2MB
MD5

d409fa056af5afc44e1e5d32baa7e781
SHA1

a6f0822c008c2464cad9d3469a78fb019dd65476
SHA256

9437f2224f31f60c57ddfac686e896c3db9080c5866ea15bc6b23413f8db97b6
SHA512

c0fd77e86f502e9342294f8642f529671506a10bf469b20f45030ec77332b3e48141d23d408f3ebe512f55e146224ee567f0fbc8aaf23c55ec88810394397c02

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json	family_teabot
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json	family_teabot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

border.educate.engage/system/bin/dex2oat

ioc	pid	process
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json	5016	border.educate.engage
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json	5045	/system/bin/dex2oat
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json	5016	border.educate.engage

Requests enabling of the accessibility settings. 1 IoCs

Processes:

border.educate.engage

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS border.educate.engage

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	border.educate.engage

Uses reflection 2 IoCs

obfuscation

Processes:

border.educate.engage

description	pid	process
Invokes method android.content.pm.PackageManager.isInstantApp	5016	border.educate.engage
Invokes method android.os.SystemProperties.get	5016	border.educate.engage

border.educate.engage
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:5016

border.educate.engage
2⤵
PID:5045

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:5045

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json

MD5
908bbdb78be6286e09542dc36f44d102

SHA1
3e7e8750ad4897e128f394f9e5a1762258e7b64e

SHA256
5a501ec3555019c99cb710ed04e678b73dcf90bd1599afed5b9cbf59e25a320a

SHA512
071afaf395ab96b7558599e7eba37c3a1f500f69fd0f904cd5be3e4b1da76ccdff3293f05cd27a430642340eeea96749727a6452c2feb8f51ddaa9690a1bf3d2

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json

MD5
83dc3f0393a82b47c19a8f5d9e65202c

SHA1
baf48f5688fac8de5ad8ad525e7114d584009569

SHA256
3223fa4351b81742c8c6acaf1cebb2d31ac462979aecca3aaee780dbdd33343a

SHA512
6f2dc62752f62fde3e7be2958f3fff7687e0bd2fd34125c7922094797343aabdbcb8e63fb7773b4d0714dffddd1ce0f96a7848ca1867a9391190027166d928f3

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json

MD5
321e06a12de0af94aa38ce0cb2e2f042

SHA1
278125de8629b93558fb0e6fc1a58a3f6a5ec42a

SHA256
8b2d269e4a121e72815b5fa2670f75cb5c82d255a156bc28bae84ddc720f6870

SHA512
662acfbd3e5c15332cb2e36ed7d79e42c3857b432f574789b7017878f81cdc9f6c5cea48ecc447f39cada2c35a836e00aefa73ce1c9a1b5dcbaab6b3094969f4

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/OJkt.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/oat/OJkt.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/oat/x86/OJkt.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_DynamicOptDex/oat/x86/OJkt.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_webview/GPUCache/index

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/border.educate.engage/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_webview/GPUCache/index-dir/temp-index

MD5
c8f40fbdf0067062f584222e22193fc8

SHA1
276ab4bf77d9fdac978ef5f5eb49343fb5f4a796

SHA256
1150303911879e5e6b569a0449379b8fa86b1ab522749fa7337e775785ddd7f2

SHA512
503ad71fab514a2e89524aaf80f29d995a1b71b0dc8c3d3093c389bee3cd3956aa61a79e27107d0c865ae6a52296f370c673a438534abbe078e7142914f0b06b

Download Submit
/data/user/0/border.educate.engage/app_webview/Web Data

MD5
5168d8c4556ac22decc2362ce61ddafb

SHA1
664cb3c7b0b5b13c3b915c28354793bcc0afd408

SHA256
5057cf5dab27589d93f7d55ffa505ea8249c213b79fd8c85ac39423c135c5db6

SHA512
81cefa22b3b1d30acf590b44b97a47b68c265a15b3725ff348ac0256faae0aa76b6a9bedece897c912bbcc86623c3a20c193ff131d9a25d0ee8e315394ae332d

Download Submit
/data/user/0/border.educate.engage/app_webview/Web Data-journal

MD5
90b428be98cde2eb7767c588e3b9dcb5

SHA1
b8d529e5b19f10bb09e7d70b9c2a68f79457286c

SHA256
9f740e2b29437314038379c35146f84f88a926775b24d75326185396fd2cbd9b

SHA512
f6a9fee9f8adb2b2cd8fb25c7a554297eec4c7a9156bcdc443d48cb048bf2e8a1e202a4b8d6512764a7245a3f145978753c277cd6e0e1dda4e50f16bd3b6f494

Download Submit
/data/user/0/border.educate.engage/app_webview/metrics_guid

MD5
ba282cefb9f52389a7d6a6ec7f19ffa1

SHA1
a4ae5863d55554fc7eebc697f13a531956352a4f

SHA256
363a6a14be635795a72f5284bfe7cb186911b60444e1acb053e577bc8b45587e

SHA512
10d495b87920d4004333e1f88b6b0bcd79b8423f724b894fea672427fecf210c7baf38758acf91e9ca1ffbed505e166d8edeebc928aaa93d3b90e599812a9222

Download Submit
/data/user/0/border.educate.engage/app_webview/metrics_guid

MD5
ba282cefb9f52389a7d6a6ec7f19ffa1

SHA1
a4ae5863d55554fc7eebc697f13a531956352a4f

SHA256
363a6a14be635795a72f5284bfe7cb186911b60444e1acb053e577bc8b45587e

SHA512
10d495b87920d4004333e1f88b6b0bcd79b8423f724b894fea672427fecf210c7baf38758acf91e9ca1ffbed505e166d8edeebc928aaa93d3b90e599812a9222

Download Submit
/data/user/0/border.educate.engage/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/border.educate.engage/shared_prefs/WebViewChromiumPrefs.xml

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/border.educate.engage/shared_prefs/config.xml

MD5
10788cf4d0231229d3be02049c0a24f5

SHA1
d601b238f5357cf869413c6d2393e486214373f0

SHA256
a46885e6e24e9a295dd626cd855c169f76539b0545176ea50a1c23b4dd6a7b67

SHA512
508f60b7dda2e77a51da8451f20162b566e27b193c333280439e2d6980d0a8709898f8f40bc99e73061928c7af3b6c1ba383d464251424e96c663d6308a9cc5a

Download Submit
/data/user/0/border.educate.engage/shared_prefs/config.xml

MD5
7f10d75409d7bb5dbaddbe32f9d3fcba

SHA1
1e09fb2ddfc6dc800edcea56a3dcb07442570743

SHA256
406d701c1d06cc3c389bd3e8110721db0c17fed7586338faaca151314616d60e

SHA512
04688ae72b57b799b496abce2b0c3b73f24192b2ac83636c702e6f8e144cb53e94b49abe0a38c74b3b1de93043806bb8b8190d90628fda66311f19a229cf53c3

Download Submit