teabot | 47128438463482dfe3648b2e09769e0d1e73c04340dd438a94b95e82fd536096

Analysis

max time kernel
1978263s
max time network
130s
platform
android_x64
resource
android-x64
submitted
12-10-2021 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47128438463482dfe3648b2e09769e0d1e73c04340dd438a94b95e82fd536096.apk
Size

4.1MB
MD5

cab571bcb4f744d178f83b996047a048
SHA1

fa7403d21f1f8c43667ce9be77f39f1d9bd5df6b
SHA256

47128438463482dfe3648b2e09769e0d1e73c04340dd438a94b95e82fd536096
SHA512

5a665010a8e7a67773163c910cdd0dd50dfb6c2ed284b9904f34402b6af871df6542c3293aa31a0bf0bc956ae95a1b6b9cbc9c1da35583a388c7c9f8d6a8fd7e

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Extracted

Family

teabot

http://194.156.99.19:80/api/

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.kwvjz.tzlas

ioc	pid	process
/data/user/0/com.kwvjz.tzlas/zqweqrbohv/rswoprffvvmdaxv/base.apk.snssbek1.wsy	3662	com.kwvjz.tzlas
/product/app/webview/webview.apk	3662	com.kwvjz.tzlas
/product/app/webview/webview.apk	3662	com.kwvjz.tzlas

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.kwvjz.tzlas

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.kwvjz.tzlas

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.kwvjz.tzlas

Uses reflection 3 IoCs

obfuscation

Processes:

com.kwvjz.tzlas

description	pid	process
Invokes method android.content.Context.bindServiceAsUser	3662	com.kwvjz.tzlas
Invokes method android.content.Context.bindServiceAsUser	3662	com.kwvjz.tzlas
Invokes method android.content.Context.bindServiceAsUser	3662	com.kwvjz.tzlas

com.kwvjz.tzlas
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3662

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.kwvjz.tzlas/app_webview/.org.chromium.Chromium.i5CFej

MD5
b28e395a411607a0b38f77c2e7080b18

SHA1
edac23057a2205bcb434b4c83a7dfaf9b2c8071f

SHA256
0e8a36c26d56cdb0f19c08eacc4ea64536160546040444d94d75ba7f053b8129

SHA512
780f525a2dcb5474002b858d78b815a1daeb2f0380adff0c908401d108a7a3f480ae976a13d2f3e59d7a7e85a3bc5b9592052f74461b47f928d5eacf488ac2d1

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/GPUCache/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/GPUCache/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/Web Data

MD5
dfea4f9a562d22c658ec695eca31ea04

SHA1
2e48be6baf86078d93f14fc38fe9f395c1c54261

SHA256
a01b4f35e09bbcdf9753512d4d3ac0b82c8e2f09e2176fa4a5c2523909795b2b

SHA512
8e0aab3c5f29a8737b4713b4a1622aa71b3574feabfb41a098f1326b80472c3fea053e759036c44df71aee1a8a1e9caf93f17a9eec88ab278062d7ed48907789

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/Web Data-journal

MD5
58ce8aa620225182e6c283181938cc6c

SHA1
0ff1096f5b65446bbb8ad76e8782a8b5bc3ba52c

SHA256
adcb79123389548fb62a546a021ea78d7afa11f6f6db54fc251353513c94e87c

SHA512
353e2c4ecd331df38702e803aa276c796e97edcec355f4e78e5ea9bda1020de487a4a3cc753723f15f3e43eca36faae0a202e597a0d5c7c3f3584ea2454b845f

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/metrics_guid

MD5
6750dff99768a01d2fc2be9a8c53f79d

SHA1
3e348fd8ce6dd1ec0cec311d8a8766135da2c790

SHA256
affdb271aba63b8a65bad40fbe59c1ea435067a97cbe8cfbd261f4d0259c6532

SHA512
a87658d3b9fafa4227e54579143a0fded30e4f90f8b4712cd8dfb33db0bf55fa06522f706a604efec97f2811ac2cf824806e774ecb09bf2960cc8b8e426e92f2

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/metrics_guid

MD5
6750dff99768a01d2fc2be9a8c53f79d

SHA1
3e348fd8ce6dd1ec0cec311d8a8766135da2c790

SHA256
affdb271aba63b8a65bad40fbe59c1ea435067a97cbe8cfbd261f4d0259c6532

SHA512
a87658d3b9fafa4227e54579143a0fded30e4f90f8b4712cd8dfb33db0bf55fa06522f706a604efec97f2811ac2cf824806e774ecb09bf2960cc8b8e426e92f2

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kwvjz.tzlas/app_webview/webview_data.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kwvjz.tzlas/cache/WebView/Crashpad/settings.dat

MD5
2865c2a1a912a621dc44cde6d9d202d1

SHA1
8b40c5a01ff072c64e9915b05debae82dd19dac6

SHA256
b5320b9b09643faafe1236e5e3ebebb68b161b026f9e6748cfe3ede9c7821aad

SHA512
9e9d933a012b65eab2b5713d649206fe5233a9dfd7ba764e2dda4c23d32b9f097134e42b512e7c498f6093b3c6f9d2d60105d9dbf32f8482be321a56d9cfabc8

Download Submit
/data/user/0/com.kwvjz.tzlas/cache/org.chromium.android_webview/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/com.kwvjz.tzlas/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

MD5
2247cfb5e236ec039d4954a88c71b7fa

SHA1
e02caef45cdf8f8f068b421c3ea6b4388966e933

SHA256
f6dbaabfaaf73e61438b61451120d03de7d2e62f86cb3a231d4c09f41670e88f

SHA512
896a2c9714f068f56ca62b184e5e70e41dd2daee5852f64193ef84c9d71f0f60002dedfd5f53aa33782e0f58ce739fcd185ee8adf515d22f86cb012b23b1556b

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/WebViewChromiumPrefs.xml

MD5
1357a1d7af06755d561a7ed916373baf

SHA1
4a0a0d8b4b81bba92924dd7cf53a44d438312729

SHA256
647f3960ac648b24a8d9fa17f93f625437bd6f385636c56f10fefdd9cd447597

SHA512
61f15a595e21cb7cbf0b1a5268da72b39ce767e43195b4b1a607125e6e1d3237aa382cffbeb122bee9111f01a61ed4aebc2bef6fa646891f43154b01c32d05d4

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
2c31ece1a671e6e694c61b9b49ef47e7

SHA1
12e54b68bc492b565416787a9d8c0433a7222563

SHA256
f03af0eabbf1ae3631e2fb6a835cc96dc4df92856cf538fca5cc8c6d0257bdbf

SHA512
bb848f16ad247203541d265e8ffc8d8aec9cd9a10304b119a5cb29e4344e270cfab08eaa3b56ccb998b09dc1577fe1d2a8bd15e970808050d3c9e8b582d8e752

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
f959397819a897e22cd6bcf005e30c7f

SHA1
3cbe8bf91605af2e986f0bc55825e426f87af942

SHA256
f90487796bf67e3c4fc59a2d3c0ba929921d6bfab831b6e7351f410e7211c7d6

SHA512
48e82dddb5bf31ffee0eec30624db82cf645a778ff866758167afc8f2e40500c8f60542285726a09f2f7c99e2f01a4c02d5f554729efdecabde1bcead7c46771

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
43ec77eee74eeae9ce1942c646d237f9

SHA1
be87f482165a09f80f34e6c24f8aa61b5b15f475

SHA256
74bef455198ca125f2004b91bb93f23f709ab19f67c4dcc76b390335ac0af28e

SHA512
5452608e65313a530584720820ead6afd31426c4b215d9c568ce13ea4d63a264dd44fda10d490230f7a2ba6683718074390bd31fb2a074b76bdc876308ca4ab2

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
5d91c3c061f804f6e53c9a27997710e6

SHA1
98f39f9c624bc62fdf5fd7fd703bc7d735c8756f

SHA256
d1945d95c73404fe6b4a095b6ccb84c54779d4843e9c91ce060fba08fcacc147

SHA512
39d836fedbadff59fd54f55f07ea5a3ad8912ca0cd867148ea43a86029b7f064b9a598e9d1c3684d2541d7528c857c0ca56d433e33b109fef70b172d05ca63cb

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
41b0da82a2fd5ceace67c12c035e33a5

SHA1
84816ecc708cffc409c028fac4160d514e0e0a1d

SHA256
267f17b69176db43e6aeefa78190cc2bc66b34fad5b1903ccedf80803fdd88e1

SHA512
62697d6d0728a1bf466477cc0f5d15ba7c5e0b3a228d2c69cdb357851a1de6cb64f99c52d353137d44dc9de4e5b5b36acabf44c5f5a1d9ed39ee46c65bd6914c

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
a7f33e29f52ec5f083888100c0fd7fb1

SHA1
e0757200ad833285ced335e6bd4922380e202799

SHA256
3290d51ffdf7b8f2485c5d07ea12e26d8abb35a235d3ed4e11fe4f2d4a73d9f3

SHA512
af66b16b5458a6f1ca6f6c4993cb7aa3eed2fa18f942399d0a1c8a16df93eeec676792729afe05e355a43ae2fe0a74e37664b2877c2ca52817d32af4d9c23aab

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
9795abd37c05725bfcf1438e48649f06

SHA1
83abea8d13b3abd16977ba20638ecb6b75e6a9fa

SHA256
44b5bee241e79a08f168b7cd1d1b7294ed3f8659efe80e9f074dcfbd1e935c71

SHA512
7b60428e5bc92ba205f1003a08dc194f6f95871b459d0aca46ede6736033022f090f8611f253cf97dca1f093c3569c4afaf6c59050f1971de6a14bbe0e6473f3

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/config.xml

MD5
a26bcd1675d13c7422839bcf6aae875b

SHA1
f9d36fe70b0ea40665734b0a45f1bacff26b5ef8

SHA256
d34d37083200219349e710aed699dacd700274ff1ba500555101ff90c8be4d16

SHA512
2654d937e569e7664dfbd50339bae9e282e814fe0c75f9ca01075ef3e648e045a8935d4055e5b3714348915a3dc1c3f3f7c909e7f475c5bca129d7972dadb187

Download Submit
/data/user/0/com.kwvjz.tzlas/shared_prefs/multidex.version.xml

MD5
a31728313bca6d703d06c811d9b96973

SHA1
81b5cb9c7ebce3d5f7ea2b06c7e0a09027dad50d

SHA256
3c6314a11428e3968932481f7a3fb71ac920e8066fdc4239224cfa8cf09d9269

SHA512
d67780656cb37a29e0aa65d9728371cc48cb6855a631acf7cb8bb6615c9f9532d649f4c77f19663034fec93b3e663b781fe8c3d74155b4a45eef4cdf20de8fe1

Download Submit
/data/user/0/com.kwvjz.tzlas/zqweqrbohv/rswoprffvvmdaxv/base.apk.snssbek1.wsy

MD5
1f61a4e242421db6401dca01644e1800

SHA1
364b89eac70720bfe1719cafa34f8f362b6d5376

SHA256
6f4b510719b293a642dec3affb903ef7d3ff8d016449a2ebba90e9b22bcaad63

SHA512
778246d21d0344dde9eacc106f4fa9a3601f33b6a138713fb575e124791d1152a49d299227888c649b18411b7fc6f29901b0b8f29e37e243e853c072a491dab7

Download Submit
/data/user/0/com.kwvjz.tzlas/zqweqrbohv/rswoprffvvmdaxv/fiqjtlte.woze

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.kwvjz.tzlas/zqweqrbohv/rswoprffvvmdaxv/tmp-base.apk.snssbek428782870185766136.wsy

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/product/app/webview/webview.apk

MD5
65873ae4c99229edb108b7b4d891a947

SHA1
0701ef5acad1d09d610c50f37e6aad82561dd982

SHA256
75107c633ddda02f84bc842af93467b4489a673f56547e7c73bdf1e146b06981

SHA512
3b8c99516866c5e1f6368651fce1dc89f1ec6901d56acd39b079b93c0901d835af2a3d9ef2cfdee2a6b7b17dee46235f2c7658d9de148c6be3e97ff48ed7a180

Download Submit