teabot | 96f06313d87b008dced4afd07ae6425f837c9c91b586d33162f98a5c925ad08e

Analysis

max time kernel
2181103s
platform
android_x86
resource
android-x86-arm
submitted
26-08-2021 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96f06313d87b008dced4afd07ae6425f837c9c91b586d33162f98a5c925ad08e.apk
Size

3.7MB
MD5

c17ebacf083af956aef90b8448505c40
SHA1

a77d5654ee05e8a07535ff398658e126da9986cc
SHA256

96f06313d87b008dced4afd07ae6425f837c9c91b586d33162f98a5c925ad08e
SHA512

25f6fda7a2abbad25ad3d44b9ed43f00925496546a541afeb0a70745b7f54c5980166985bd8420c683e364cd6286917ab9f50be72a09184596ed5d95440eed94

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

TeaBot Payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/oat/x86/kE.vdex	family_teabot
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json	family_teabot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

fantasy.slot.neither/system/bin/dex2oat

ioc	pid	process
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json	5014	fantasy.slot.neither
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json	5039	/system/bin/dex2oat
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json	5014	fantasy.slot.neither

Requests enabling of the accessibility settings. 1 IoCs

Processes:

fantasy.slot.neither

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS fantasy.slot.neither

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	fantasy.slot.neither

Uses reflection 2 IoCs

obfuscation

Processes:

fantasy.slot.neither

description	pid	process
Invokes method android.content.pm.PackageManager.isInstantApp	5014	fantasy.slot.neither
Invokes method android.os.SystemProperties.get	5014	fantasy.slot.neither

fantasy.slot.neither
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:5014

fantasy.slot.neither
2⤵
PID:5039

/system/bin/dex2oat
2⤵
- Loads dropped Dex/Jar
PID:5039

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json

MD5
0c765290811ef77d860cc9b8061b5f6e

SHA1
b5eddf46947c12061222f558b05edd29f4f74fce

SHA256
5b9a27f6d0e868af7c92ab92cfce9bf88bff5dd8e9856143afd73a929d8c0fcc

SHA512
0cd00eede1c1f20168957229a6c9ce4d15aa66e1cf020ee7ed4094cc629b52e5cd2c67430839fed3cf4a41fa6820a16660826314c322ff564fd4e5d344b0d7dd

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json

MD5
a5c91cd19e8e0229cd29d7837a2494b0

SHA1
96ac118484b8acbcfbd927f58254308b505e853f

SHA256
820c79d96145c821e49384dc8387b4e43bc1623088176c83febdea6cc7de7c0e

SHA512
4988407f15132cd5dbf8799a357d32733685db67c0c24534ae2bc684e8ac59d929211fb8f05d87aded5f227774fbf025e024c4cbc5a273a40c041aa4b9fe78b6

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json

MD5
840ccfd68a513e09cb4dbec79469d158

SHA1
e330e7b11385f73cdc10fe81b893ca7d3d35547a

SHA256
e484e595771f5be6176c45452692456a8f37c67e7e8ab151415c6a46ab75fa88

SHA512
29b6bc459ef12b161224e9d24c44be4d401c11f34d7cc27ac7b3c712d5bcc49dd6dac906c1fbe916913497a504e4b301928010bab297e0aee7e3ea2604dacab9

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json

MD5
ee243c9efb3dceee634f110cf1f29d49

SHA1
aa22f658977fe075a0fcc8d31732a26e4534b88e

SHA256
698d568a0316a975fe42c878396eada21410e712e911d1b38c49180db3c1ba94

SHA512
aaa6eba50e23c951c0c3dcf5eb4b133ff02cfb6cbccd5190602c859fc1947f74e7966e4ba09f8ff0b8cb1bba5f88fa990b55091f17b04e4db00822be8bc5dbb8

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/kE.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/oat/kE.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/oat/x86/kE.odex

MD5
8af3208e9af7133bccc6a1e4be0f84ec

SHA1
dc3841534e0f8064d60d22c8662ec2d5a10bb53e

SHA256
0f0867b58720dbfe208a59e6a71aa34ec604dddb05f3ef0d368df5b0fe75bab8

SHA512
30e0c534f61b97153acd35db65ade426ce4dc4eaad7aa02ead6cde7e346b63129349b84f4f1783d784b8d5c75ce77418bbd09bcf5a9ca5c368c71febab575e5b

Download Submit
/data/user/0/fantasy.slot.neither/app_DynamicOptDex/oat/x86/kE.vdex

MD5
b8c93d9037f1900f8f3da7a58ddaaf23

SHA1
21c159934d587c55d3b7790957b860fd8ccba617

SHA256
02f4e1e7e748ffd5a150aea9f62f3a235d54a286021bd0b2f4192383827f9e34

SHA512
cc469960ba5a833d8b8095d3c8f74f7b10d1ead512a9f150bf7e785797f19a0124c051ba707ef2b6d462384ff6b6c131949ca6ce65b9c7479d03501e18c5ad39

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/GPUCache/index

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/Web Data

MD5
5168d8c4556ac22decc2362ce61ddafb

SHA1
664cb3c7b0b5b13c3b915c28354793bcc0afd408

SHA256
5057cf5dab27589d93f7d55ffa505ea8249c213b79fd8c85ac39423c135c5db6

SHA512
81cefa22b3b1d30acf590b44b97a47b68c265a15b3725ff348ac0256faae0aa76b6a9bedece897c912bbcc86623c3a20c193ff131d9a25d0ee8e315394ae332d

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/Web Data-journal

MD5
bbabe39245f13b7dcf92fa988b661ca1

SHA1
8d4c813004903d449c47fd35cc1857c93c9ea0cc

SHA256
efadf500e3cfb4cbe9c009d499206bef2f1fd30295d235cf623cedf2bffcd3a1

SHA512
0b70c1c1a835bf8190b24403ea629d980402da9b38d3ec66e0cacd0ea19b6942a5b5b312f99eb8f638ed2eb9cdea3d763e08db35381c158d51f9aefa6ae0e24c

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/metrics_guid

MD5
2f0969aed66f2cfb52ed8333a7e5ed90

SHA1
9e991944159a2eddf63a7443d0b94b1a6416ee78

SHA256
d106e896d4ea1cee9c741730afde941701c4343a4a1e1696bf936a057703fc75

SHA512
03c35bc02f0c8f17a712ea05917f367dd3261bd29139c58a8c65e3a76ae9f77082244030d3192c5e329daed80385e8b99e5146f9ed86b592894db5891ccd8d4c

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/metrics_guid

MD5
2f0969aed66f2cfb52ed8333a7e5ed90

SHA1
9e991944159a2eddf63a7443d0b94b1a6416ee78

SHA256
d106e896d4ea1cee9c741730afde941701c4343a4a1e1696bf936a057703fc75

SHA512
03c35bc02f0c8f17a712ea05917f367dd3261bd29139c58a8c65e3a76ae9f77082244030d3192c5e329daed80385e8b99e5146f9ed86b592894db5891ccd8d4c

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/fantasy.slot.neither/shared_prefs/WebViewChromiumPrefs.xml

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/fantasy.slot.neither/shared_prefs/config.xml

MD5
10788cf4d0231229d3be02049c0a24f5

SHA1
d601b238f5357cf869413c6d2393e486214373f0

SHA256
a46885e6e24e9a295dd626cd855c169f76539b0545176ea50a1c23b4dd6a7b67

SHA512
508f60b7dda2e77a51da8451f20162b566e27b193c333280439e2d6980d0a8709898f8f40bc99e73061928c7af3b6c1ba383d464251424e96c663d6308a9cc5a

Download Submit
/data/user/0/fantasy.slot.neither/shared_prefs/config.xml

MD5
7f10d75409d7bb5dbaddbe32f9d3fcba

SHA1
1e09fb2ddfc6dc800edcea56a3dcb07442570743

SHA256
406d701c1d06cc3c389bd3e8110721db0c17fed7586338faaca151314616d60e

SHA512
04688ae72b57b799b496abce2b0c3b73f24192b2ac83636c702e6f8e144cb53e94b49abe0a38c74b3b1de93043806bb8b8190d90628fda66311f19a229cf53c3

Download Submit