teabot | 969ebe5f6dc9dc989ccd6a447fbadf550a54ec9b2cb8705796c3fd7f7b971d4d

Analysis

max time kernel
1979743s
max time network
129s
platform
android_x64
resource
android-x64-arm64
submitted
12-10-2021 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

969ebe5f6dc9dc989ccd6a447fbadf550a54ec9b2cb8705796c3fd7f7b971d4d.apk
Size

1.2MB
MD5

a34d28cfc13a8093b900c231cb88cb6f
SHA1

b1686d61b9202dfc405d9f949499ea4620a03254
SHA256

969ebe5f6dc9dc989ccd6a447fbadf550a54ec9b2cb8705796c3fd7f7b971d4d
SHA512

074e8fb8032d4fc17b4d672a4563d996cb30e203371575e2290ab0ab69f7ad347de64979674bd8095aabfe9529fd7f1b55b00a7c928f06a6cb05a2274813c690

Score

10^/10

teabot banker infostealer trojan

Malware Config

Extracted

Family

teabot

http://194.156.99.19:80/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot
Checks Android system properties for emulator presence. 1 IoCs

Processes:

com.itvg.turcaxa

description ioc process

Accessed system property key: ro.product.model com.itvg.turcaxa

description	ioc	process
Accessed system property	key: ro.product.model	com.itvg.turcaxa

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.itvg.turcaxa

ioc	pid	process
/data/user/0/com.itvg.turcaxa/code_cache/secondary-dexes/base.apk.classes1.zip	4104	com.itvg.turcaxa
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4104	com.itvg.turcaxa
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4104	com.itvg.turcaxa

com.itvg.turcaxa
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:4104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.itvg.turcaxa/app_webview/.com.google.Chrome.iKme3L

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/Default/GPUCache/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/Default/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/Default/Web Data

MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/Default/Web Data-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/app_webview/webview_data.lock

MD5
af8df5f708d84b3ea581f939ca94ce11

SHA1
4b21689bb40bc71fd583f079728c665bd406aad9

SHA256
389ec361565dcfe41b79f44e5d5f6353438e025b41dce565813b78a2c0a9683e

SHA512
d63c57994a5a0d1efbd16d8f1c0aee48b55f60ba841abf67eb0e8a518593d207a7c49d2d8f22717e07503508b3750ea0c49a4bd8fdbcafc2833fa60f61edec9f

Download Submit
/data/user/0/com.itvg.turcaxa/cache/WebView/Crashpad/settings.dat

MD5
8cc9019d300a75a95924c23953bd757c

SHA1
25d9e4da4357c4d9f3a463135829ca4a7343699c

SHA256
2dee08ee85360d6c4aa609919c6dda2d8355b05bc930fd6193408b6a976bcd60

SHA512
f4a437f76e53447241448937f4c59a145ad6b6afba69380f95b2c937079b47005b81586bb7637e16448c0101824e045d4ebb3352581bb0d92a8d321f736a1647

Download Submit
/data/user/0/com.itvg.turcaxa/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.itvg.turcaxa/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.itvg.turcaxa/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5
7c84f760a531e59b3ade4f42f8fbb9f9

SHA1
3a2249e58f843d582ac2d3c28d751c204e126ad1

SHA256
9c06cb930703e7c0d7583b02aa39187495081e7ea01cd656d11107bc61d84ab9

SHA512
1ddb0d5dab136fafb7d9c423adb397ebb999e81a9de2d2cfd9c0d72e1a544d7b35e3b5855cfce0fdce6db54744e2634830dfb48620adab6118c8679c43048475

Download Submit
/data/user/0/com.itvg.turcaxa/cache/WebView/font_unique_name_table.pb

MD5
b18833d483828180924a6d4048fca1a0

SHA1
d7edde78cc26221c9455a87ca3eca8960b6673a8

SHA256
d9c4ea0a7c399884f8a908a33a4d675a64b557b50916e62ab96fa2213e6d4801

SHA512
11e6bf7e067884138dcd6908e311321a9eca1e4926323f49736f9dfdebd4b548064beacc356f78e3f32a99769109b154e145ef1162e6a9547aca878f0dd4ee7c

Download Submit
/data/user/0/com.itvg.turcaxa/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
d133c7bf5e3aab78778e5e3ad0026fbb

SHA1
2d14db67394e75e9435186eddce4b242e7f3a263

SHA256
b8c4e2edc58239f0276e69ae7313a6837457e2c9af08fcef9de09ec72f0d4798

SHA512
65ee7c347425673a609c316658d5bbd74f62e3d01efdc93f8a62d0724a5523ba5e2aab5bd5c78fe12a9d2b2a6ff0dac97d6b5dc48e6f2585b3894c15112519b1

Download Submit
/data/user/0/com.itvg.turcaxa/code_cache/secondary-dexes/tmp-base.apk.classes2500829083676675397.zip

MD5
7fc03508e7c6657e21300e1e4821a679

SHA1
05e4d79049297ec70292a88a65947f9860bdb412

SHA256
afd1a38a131f584ddfe10e3c8836b5b25f1e48f4a9603ac55943d1a3e9e74ce2

SHA512
1df24d82f794abaa22b0a2b3a567c358823e76ccaef87468849b8cc1d7a787eba4a5ad361bbe0c43b7f4af86eaf7e1a1efc5621a93b587096ee569304ca49ef6

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/WebViewChromiumPrefs.xml

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
9fe405b95f2555497c2a22e57736d721

SHA1
10b86442faf03948e2b2efc70865efad5fd1b9ea

SHA256
efde15689c2ae7cd42d024463a780edfc40f0ac1f7cd06e775bbd7abcc99ac47

SHA512
a1f8ca5b21f83323605036d7beccc5906c6a3cc0d89603f70bdc8da9b1e4113f3c3fcc39550b4f2a1e27d0c1008aafa4296880b1336818bf617be8d2d840c2f0

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
f6a76449dadc85178eeff9261c741d19

SHA1
4f4bd25a03e4de9a48fdd7fdd2e591d679abd6c4

SHA256
fde9247ec6103dfd737f914ddf7349f3c9fcc6801a7a0f17895870df9b85fd9f

SHA512
4fa60630798f396f47e3225d890c8898726091c18f6475964efec9cd5e2a198b2335bcdb728197a68b0c7c8932226a023b7a450b037badfdc4468a4a45a461ac

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
e7cf6b1de4cb1974bed5b7b0b1053199

SHA1
325f3796d42d842a892359dbd2b28549d72f022d

SHA256
eacd54022b4a8516422ecc8ced20eed7bea8881baf003e38cd2bc77cd2647d65

SHA512
3293ef4a9fdcc46c71b5bf701ee57ea30b1b0bfb43f666714a79bcb9de3d07d896442a5d2951c3be08325f06cc330fb433f02feb52e6a82da42497af116a9044

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
ab4bdcad92e03b016a28a3c1779259a4

SHA1
9f18f1957d8970456ca483f172ae6a9e580c9cf8

SHA256
9956246d37238fb74c37e833e4ff0f417a41100b9c7b71a29615a99398d57b00

SHA512
a66e79d1cca5d84592d2441460d30d8c00d3249fe36097afa4b3e3373f38ae126d48289ec17dadf0d173d3515bb9641aa92bb872866cebf511bebf55030c8046

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
ad331d02e4b1c6645b7e02dca34c6b20

SHA1
94290a2dadbc71cb2fc689d62dc712279a608f19

SHA256
721352b9689e8548f4f3b577f702132a81408f8baab55c9017b2eb7925baa05d

SHA512
3c7943a9d58e4179257afab6b271da3458c12bfb682905331c7f6c0bd7e99dce1a2eafb10b9ae8bc7b5e530cb9cba4bdb8b30414e9f20af3377bc91a5438c516

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
06fd8b19570540185b632781f4e9139e

SHA1
5cbdd25c556308ad9ee577342ab39b96a3c842df

SHA256
18d8371905d51938bad5397419b8c02379109c9d39f12c9034ff082f3ca6991e

SHA512
05648d4243e016bbec800c26470e8d3a4424218bc33fac9a5fdd51628de4131c0be5329c166c10cdf7e5a69c5fcd5da16c98489d9486b5299b02778cc3e54d29

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
7f10d75409d7bb5dbaddbe32f9d3fcba

SHA1
1e09fb2ddfc6dc800edcea56a3dcb07442570743

SHA256
406d701c1d06cc3c389bd3e8110721db0c17fed7586338faaca151314616d60e

SHA512
04688ae72b57b799b496abce2b0c3b73f24192b2ac83636c702e6f8e144cb53e94b49abe0a38c74b3b1de93043806bb8b8190d90628fda66311f19a229cf53c3

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/config.xml

MD5
2c65d3104448e97087389997d5930a1b

SHA1
cdd0e38cc8863bb906b010bec54d28a55a102673

SHA256
6949a3b694d5fe8e8aba0b4e8a7962036ee08799b7038a4c28609bf891f67fe7

SHA512
2d099ca9b8e2e914436b67068f9792209b68c449d5862fd45e84be998f73d22d3eafa2cadc7d041227ab345aab7b1bc1a9fdb2b2382e6e15f7d3147131258301

Download Submit
/data/user/0/com.itvg.turcaxa/shared_prefs/multidex.version.xml

MD5
c9d77bab6152beca6266e8f1312e86f7

SHA1
cf16cc353c1976cb62420aa5ef36050d4d41d927

SHA256
90d10bfa20592da6c0dd0ba05f51dd3ab69d4c54b669959f24bc1f94a6812c4d

SHA512
5e32cd251b5bce90bb7bc92edeb3c305f589d4ab9e8aea26dd738311ab652c78bc835e899fcf10644d7ab893b046cc4b6ad881539cda5cbb5cef025a199ddf87

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit