Overview

overview

10

Static

static

8

Android APK

android_x64

10

Analysis

  • max time kernel
    2183968s
  • max time network
    183s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    26-08-2021 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8bbd6a9dc2ad0ba05d95609d1fd16ae93877e64a948cdff10135cc7cf6e981ee.apk

  • Size

    3.5MB

  • MD5

    4b653f33bb267bd7a3393bee0428ffe3

  • SHA1

    d781502ccc03cf1ad4e3c44dcae6541c9a0459b3

  • SHA256

    8bbd6a9dc2ad0ba05d95609d1fd16ae93877e64a948cdff10135cc7cf6e981ee

  • SHA512

    185249a9833548011f038937e933d156e10abc32c5a0a940c4b99d7b2269a403e61ef0dd78d4e7321a960c3a8eb4efefa36e5d0aafa400fbbaf3abdb2bcf8893

Score
10/10
teabotbankerinfostealerobfuscationtrojan

Malware Config

Extracted

Family

teabot

C2

http://138.201.211.36:84/api/

Signatures

  • TeaBot

    TeaBot is an android banker first seen in January 2021.

    bankertrojaninfostealerteabot
  • TeaBot Payload 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 2 IoCs
    obfuscation

Processes

  • hollow.decrease.coast
    1⤵
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:3593

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/hollow.decrease.coast/app_DynamicOptDex/NlhreAO.json
    MD5

    4335f47d0502067f0e0c7d060a43cf5c

    SHA1

    2d03df5e371cb62fcb354b1c891594e01c741bd5

    SHA256

    d4f47b0a12a685f8f3f8c203919bbed0fa8becfd2749ccfc6f014076ff9589b5

    SHA512

    45049022e766f0ec470d2deb4bd412cd02d5622808a466e5d6404c8151ecebebcebeaaacc3e428367e091b68e3a0d833325d8ce0bc8e94b7dc7df5fd589c769d

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_DynamicOptDex/NlhreAO.json
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_DynamicOptDex/NlhreAO.json
    MD5

    013c8bda313e2066bd9e2e51b45f3b8f

    SHA1

    ef1a6eb05c29b4751105dc552dfb0cfc873598b5

    SHA256

    3d8e09b05f56fe25cb2025f4e974584f8da2d5648ad4061446b3685eceadb648

    SHA512

    ad5efaa1e71e8179576b70a0302187bc01c004249242cb388d42e27ad2b278b0fa704c4040ab419ff007fa29cabe0d23ac931ffd378cf5291ad4696f152a82d8

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_DynamicOptDex/oat/NlhreAO.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/Web Data
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/Web Data-journal
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/metrics_guid
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/metrics_guid
    MD5

    ead7eb6f84378759e1e719393be5a0c1

    SHA1

    958d269e23d398829ef515f42d9fb1b1b9dc6eed

    SHA256

    468f9332314ae2bb642a688c4a2d24785da127c5b820d52a6eefed12b610aacf

    SHA512

    b8403822b7e5371109af4a8ab5ba2248f783b6afb9bc358f009d22cb72dd6679e50193f092cd18e64f97120e4ebfa4c0c587d58dc072ca778730ee7855068f87

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/variations_seed_new
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/variations_stamp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/app_webview/webview_data.lock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/cache/WebView/Crashpad/settings.dat
    MD5

    34e625cf0d39639f1625f7ed04297353

    SHA1

    d743de6d4e19d9f2c58f3293f6eb78d1c579dab1

    SHA256

    d16b1352facac94f1e80ab179505214cb10d32acd609f14da4d3093874134ae4

    SHA512

    ba180d328e818b0b540cbad92b3828ef4214efa934ab70c13dc0262789f1eccb89e684d45716ae49f9745256e5ed6597d5cfa3cee61b5f51e72abc1e49b65f97

    Download Submit

  • /data/user/0/hollow.decrease.coast/cache/org.chromium.android_webview/Code Cache/js/index
    MD5

    54cb446f628b2ea4a5bce5769910512e

    SHA1

    c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

    SHA256

    fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

    SHA512

    8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

    Download Submit

  • /data/user/0/hollow.decrease.coast/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    MD5

    afec3c17bf9257da11e75aac91fffe3b

    SHA1

    765b6d088bd65e9ff0df3b1c347ec5459388605b

    SHA256

    12fffb9fc49a26cbb5b3f975d2418766abe9dccec2ad0ee2e049c06a141dd8b3

    SHA512

    afad6eb47c5e19e68f6824e4cef9b5db3e7146c5a324340214b258c4f2d1e9d87b1d445f04674c8c25d9fa22db20bba2d8828b4e43e35075a42232816b449aa6

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/WebViewChromiumPrefs.xml
    MD5

    1357a1d7af06755d561a7ed916373baf

    SHA1

    4a0a0d8b4b81bba92924dd7cf53a44d438312729

    SHA256

    647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

    SHA512

    61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    16ef07ac0b027d43d06fe4365b2d2302

    SHA1

    854ec358c39f01b470de810eb34640c3ad3e898e

    SHA256

    334fa5589e53f176f467d2fc247290ddd1de9af1dd790db332433725173a5cf2

    SHA512

    c57589e0186c1aad18ff0adcafcd17e1499688324d203c838ee57c54f6b4e16f71672cb0308242542e326ff48062c7b8ab3bfac6b706296413d0742f475f34fe

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    27a330b0319de1b0f982b0dc927fa784

    SHA1

    0a99b8da58c36597ff8f0f159016ef5b76edaf2e

    SHA256

    2c31a0de9a00b46755c6690b168b8418a05a09ee119f4a761811d287ac215c36

    SHA512

    e3ba9179aeddb13c489b652c37b316ffd74322c18feabd6f45e7962e6c39108f6b8e8ef0572e9eda24f37a4e90f14609501d529285fda9a2b50ecb2c45e04651

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    c306ccf4fc689ba9f12c866dbd62674e

    SHA1

    d4fa875ba6cd9d45f186c208f5ab6c413d1767fd

    SHA256

    778dd4fbd469cee355fe474a854a9a90e96dbc66108f0483aeb719110b3dfced

    SHA512

    86530955097a0b9238b51ab315375910ce4c3cbf90b3b21048aa83c85ab15ddc2887dd58f6c11dd3bf12584e72133d22fa83a55b405b8ecfb8931a2b5348eb04

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    a26bcd1675d13c7422839bcf6aae875b

    SHA1

    f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

    SHA256

    d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

    SHA512

    2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

    Download Submit

  • /data/user/0/hollow.decrease.coast/shared_prefs/config.xml
    MD5

    da7e2e1076c5561c4fc855af749b0441

    SHA1

    827def43052b16448396ca9f251fb74abb21d01e

    SHA256

    87d2a604d42d5ec3c8d2e481d98ae894891373a553d37414d7c763f102e34e3a

    SHA512

    881c4877af9b23e5c33cea3993425743e54713187d1f6a7ac430286de48a982eae842e2098f97daf260be05aeb93701265f735fc2a749eed4bcf924d60f20692

    Download Submit

  • /product/app/webview/webview.apk
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /product/app/webview/webview.apk
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit