teabot | 6ddf251c94bf73b0fa70bb5121a0e8644283d48ff38aac9735b837075a2cbba3

Analysis

max time kernel
1403523s
platform
android_x86
resource
android-x86-arm
submitted
17-08-2021 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ddf251c94bf73b0fa70bb5121a0e8644283d48ff38aac9735b837075a2cbba3.apk
Size

3.4MB
MD5

dc389f8fc679a6b63dd27bd61866498b
SHA1

cee8afa83fd81e73b858d047ee50de9b5d1ecf07
SHA256

6ddf251c94bf73b0fa70bb5121a0e8644283d48ff38aac9735b837075a2cbba3
SHA512

bce14c492b5ec57e7fda1f2df7360b33bd5cf742843da2e9bffe414d9f76cadf653702615f3fba7ed953834333464f714a2e6dbe148072fa4721be1aa1071095

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/security.praise.rate/app_DynamicOptDex/oat/x86/hL.vdex	family_teabot
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json	family_teabot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

security.praise.rate/system/bin/dex2oat

ioc	pid	process
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json	4659	security.praise.rate
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json	4694	/system/bin/dex2oat
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json	4659	security.praise.rate

Requests enabling of the accessibility settings. 1 IoCs

Processes:

security.praise.rate

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS security.praise.rate

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	security.praise.rate

Uses reflection 2 IoCs

obfuscation

Processes:

security.praise.rate

description	pid	process
Invokes method android.content.pm.PackageManager.isInstantApp	4659	security.praise.rate
Invokes method android.os.SystemProperties.get	4659	security.praise.rate

security.praise.rate
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4659

security.praise.rate
2⤵
PID:4694

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:4694

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json

MD5
33bf8f903b4508118ea8862fb93b0915

SHA1
16f6c5701493ffc9ed9fc73c8baf1bd22da1d890

SHA256
e4c39023b7c8f98393ce37670289fb2b9532498951f2ad5a551594bde213e10f

SHA512
fda51b1128371f8f4d988e4f1b72e60f8f90c23c98caee492a056da1b031df802a5df7f71ce3429ec8ee1cc10242718c6f6e12f7b6f2a6d0ba6a8459168c410e

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json

MD5
c018147af13329021977b675d04af47e

SHA1
088d60c9fad9997fb032050bbac467f1d5ad5ae6

SHA256
016cd43fa7d66a03f578d1a113d394c32cd65ac23b208dca9034aa5de397993c

SHA512
cd9e8d22d9c5696d55bad2c16ec5b5422c94dd48b9cffc8290fd6107372f1c968d706541ecc9c24e5c150ff49bf82a01a6738136fea0e27e9963d6f596ff4c8d

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json

MD5
e5a846c39d7e3e22c41124511299fb31

SHA1
903a5ae3e32261ae62607403da61ed683ed902fd

SHA256
7152268ef4683977cd2395158da891bd8d9a243ff32df94ded23af6043f42e3b

SHA512
86d348b85eb44056bdd8ba71e5b943841b2e37205aa515a3c96215a374c48ea8388d64480405e2391cc9fcc23b488ecef84e655fc7461ff483b41e50c1b3a7a6

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/hL.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/oat/hL.json.cur.prof

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/oat/x86/hL.odex

MD5
85652afc6d30701c0f35b3d5387b155e

SHA1
94c31c6fb26f76f1689961aa710dee38278df662

SHA256
7330abfc6c2c84b321fc1dee99287049996b84d31b6cdaa73e8eda4af2dad131

SHA512
7f2f54dcdeeba3cad529c33a839518a37064aca8c94460f181e586932d0f367fd61f1731c03cece81075808cf2f48750d4eca07d7113dfad7eec70c63ea6b1c9

Download Submit
/data/user/0/security.praise.rate/app_DynamicOptDex/oat/x86/hL.vdex

MD5
58d0177f1c5def0e850ec0123f673441

SHA1
d337cf5a91533763662b334db4fcbf80e0c7d66f

SHA256
e496123269a482bf5bdf315bc6e0e758a545abd4a31777ba33039172b1355a72

SHA512
4ac3cec6491bbc2de1e7d2bc99e857557c2e8e6ee1ba94fe0a4a25bbea97acb17e9bdaaf92c90eca36ddac6e389a1731e8ebda223b70fe2875de67b0f7fddb3e

Download Submit
/data/user/0/security.praise.rate/app_webview/GPUCache/index

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/security.praise.rate/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/app_webview/Web Data

MD5
5168d8c4556ac22decc2362ce61ddafb

SHA1
664cb3c7b0b5b13c3b915c28354793bcc0afd408

SHA256
5057cf5dab27589d93f7d55ffa505ea8249c213b79fd8c85ac39423c135c5db6

SHA512
81cefa22b3b1d30acf590b44b97a47b68c265a15b3725ff348ac0256faae0aa76b6a9bedece897c912bbcc86623c3a20c193ff131d9a25d0ee8e315394ae332d

Download Submit
/data/user/0/security.praise.rate/app_webview/Web Data-journal

MD5
bfebcf7f27cb163b200a0f7f46209a73

SHA1
9cca36b48088b303c46fcdad4d08e509a4627bc5

SHA256
867a3b57196e2653d79c497359eaee58f8e6e70882d6dc01afe556b087853685

SHA512
44a3ce85bd866d4c8d3b87010dc8f2a4f06ae550447babba7daac5a1c0766cfd00e7efafb0ede25ae9cda6cb0f334029e798b8fe478f93c91dc26d678ab1cfa5

Download Submit
/data/user/0/security.praise.rate/app_webview/metrics_guid

MD5
4e1688b9b15ab1bcf75b299671387ce3

SHA1
139abd0932ffdf32466a54453884e9f09db0c953

SHA256
5bad2937e29caf5e3a710451a119e7b6bebc3c2e9ecdd529f911725849d293d7

SHA512
ed72103aa9cb37b5bae263fd495bcb298521def93b2b98881452306193f1d0a7a67a3c3217bb153284955f30db9adf1123c8bda72a1d9ea90ae15c891216e61c

Download Submit
/data/user/0/security.praise.rate/app_webview/metrics_guid

MD5
4e1688b9b15ab1bcf75b299671387ce3

SHA1
139abd0932ffdf32466a54453884e9f09db0c953

SHA256
5bad2937e29caf5e3a710451a119e7b6bebc3c2e9ecdd529f911725849d293d7

SHA512
ed72103aa9cb37b5bae263fd495bcb298521def93b2b98881452306193f1d0a7a67a3c3217bb153284955f30db9adf1123c8bda72a1d9ea90ae15c891216e61c

Download Submit
/data/user/0/security.praise.rate/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/security.praise.rate/shared_prefs/WebViewChromiumPrefs.xml

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/security.praise.rate/shared_prefs/config.xml

MD5
10788cf4d0231229d3be02049c0a24f5

SHA1
d601b238f5357cf869413c6d2393e486214373f0

SHA256
a46885e6e24e9a295dd626cd855c169f76539b0545176ea50a1c23b4dd6a7b67

SHA512
508f60b7dda2e77a51da8451f20162b566e27b193c333280439e2d6980d0a8709898f8f40bc99e73061928c7af3b6c1ba383d464251424e96c663d6308a9cc5a

Download Submit
/data/user/0/security.praise.rate/shared_prefs/config.xml

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit