70e20eab673c9763dede8b25bb6cf6917f09b66fc68a772e80327efe6f3cd116

Analysis

max time kernel
70s
max time network
88s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
26/05/2024, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RabbitLauncher_0883_RAW01.apk
Size

80.8MB
MD5

beb8dc41dabf890208980f7c326edf68
SHA1

107bf6a7535d7285dc5630c854618a81f0ea6468
SHA256

70e20eab673c9763dede8b25bb6cf6917f09b66fc68a772e80327efe6f3cd116
SHA512

976f426351c9209ddfade0dcb8aa26193e47b8d3c0ec6afda038b93b64ff0df0985231a88d8187d495e707b0227df7af2507dc014ec1204e0c903b90fcf44d5d
SSDEEP

786432:zDMrSaHR1r3aYEKJtljW1gl9hDIxikjkOCNXj0l9QpZ2zjjHFanbNuEOlQjfnb/P:CvDVlnrJOCNXY9EZ2zXlu5jfbwO

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	tech.rabbit.r1launcher.r1
/system/bin/su	tech.rabbit.r1launcher.r1
/system/app/Superuser.apk	tech.rabbit.r1launcher.r1

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	tech.rabbit.r1launcher.r1

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/system_ext/framework/androidx.window.extensions.jar	4346	tech.rabbit.r1launcher.r1
/system_ext/framework/androidx.window.extensions.jar	4346	tech.rabbit.r1launcher.r1
/system_ext/framework/androidx.window.sidecar.jar	4346	tech.rabbit.r1launcher.r1
/system_ext/framework/androidx.window.sidecar.jar	4346	tech.rabbit.r1launcher.r1

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tech.rabbit.r1launcher.r1

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	tech.rabbit.r1launcher.r1

tech.rabbit.r1launcher.r1
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Loads dropped Dex/Jar
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4346

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.options-cache/environment.json

Filesize
12B

MD5
dedcf97dec548910cc8edae172ab5bec

SHA1
a37f222f2a89b4098cf681951ee75d76bd1f75e5

SHA256
80be2eb0944c0453a6ad339a56e1c8f39f8cc57a4e627758246ccfd274176fd8

SHA512
5e0d2b9be27ce24d6baa109ec8b2cb7e7ed3deb5622bd87ea621428857a8b8cbda98871552eb7e26df145485e83b2b3397cdbeaa4d806e955b4eeafb4a85d13a

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.options-cache/release.json

Filesize
61B

MD5
809d81d3ea805d7c34712eb3fa8ed3a4

SHA1
229f36e72e878fdebd9d952a2fb3c4fd0d349e2c

SHA256
39e66c7e1a25bfc4ea1f3128b3a8bf6fec2d6808d594216cce4b3368b05e2bcb

SHA512
b80856e46e5457ce9a3e636544a986818995c6ee242d5eb86eaad9bc40ea797b000a49dfd7b14bd4bce5c94e9ed355ac8ff60a52cd1fd07fe501b8c2044c3503

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.options-cache/sdk-version.json

Filesize
691B

MD5
a7334da838b4c9d35a0f7abaf1a41b1b

SHA1
f3b6c3ddba29ff8a30bbe14ea683816bde1030a1

SHA256
ed65edc27bb3edc7c4ae1965eb42118420044562bf4ab49f2647a5a14eeaa1d9

SHA512
b8a5c375f22b9fb92fca1e8dd8928c75b955d2d318d23736ba316f40bd3d375089be7468c5cd11939d70595318ef786353b629243e27974881a84e2a2766725d

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.options-cache/tags.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.scope-cache/breadcrumbs.json

Filesize
768B

MD5
c2865ff8d2dfd089161be917d18fb2bc

SHA1
9cd7c7b8d4f978ff65748e74f3560da8b265c8ec

SHA256
e398dd7c75f36991fc9f85e643f2c1410353188b5587c48b522a4495d4412c2c

SHA512
e69d7e4141153d2b43fb91c74b661d213a712fe5debc9fa558f569dd17f155e37cda632d7fb35c5c332ae98f9d337201b23627b2f4beaa472083d863db491061

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.scope-cache/breadcrumbs.json

Filesize
1KB

MD5
d1d7e39854b94f8f84d6404c553d3513

SHA1
ff6d607fe0198ecf1f2730616128d603b0c1632d

SHA256
ea6d24d54019377e473a3c1d8ccc7db48864872cc812176aca4a03f093248632

SHA512
909a126ddc066514617525a184524e1f89f40fc72850844fd66b1fe23cd813284f177f713800f152328402f156a26b7512364676980a9bda64669549dc5099f6

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.scope-cache/breadcrumbs.json

Filesize
2KB

MD5
425844fce731c0b563199738980ca43c

SHA1
97930da6cd07a689f630f03d567e76303676b34d

SHA256
a3805addcc104d61ad345fded22be69729fa3f57791df4f3da1e2d747d48b2c9

SHA512
9f54d276fa9d4e59463f524b0622130821fe371346a1df10dc1395f319006c208fd2531338c9a5a771bbcde7ccfd4fd0286f6d0b9491a3d300705094c1f82701

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/.scope-cache/breadcrumbs.json

Filesize
126B

MD5
59a7551443f192802401988a10f0990a

SHA1
31d83d7426107ce2a06ccade60fe63f2b0995055

SHA256
e383526d3168300bc967d81f014153d7fdbabc8cf66c8b909caba823b7aad6f4

SHA512
6f20b4bfe754a180565f23cac1ce8c3753e6d86418f3371f6d1ea8c616000efb8ac3fe66ac2bd61b0da14d573dc832cce081db9ea3444633229fa02de2c444e4

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/05bd255a-2697-4efa-9471-ec8d871af4e8.envelope

Filesize
1KB

MD5
4d6e68d4f599dc357042a5315c9a513f

SHA1
79f41534cda22d5a46e1c4f670d6bb6f440c24d8

SHA256
7233812d9c3f9cc87234499d3dd55276aec1296bad43c671e7da89801c762f65

SHA512
b82f4d277a9c43f023da2a93a01274bdae38771b537fe11af6a8e5ee04ae668367e53b3b37ef9befa75508d9eee564b674da2d3c1d80fe322071716ba8199a2b

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/252d15b9-70da-447b-a7d3-dde29f2ed50c.envelope

Filesize
1KB

MD5
edd9d4f57323083e3ee3a67e415fd76e

SHA1
bbe36b0743d461126a336d22199ababffec31152

SHA256
41572da808c2e5ef5fa583c30d4b39c41c9b0bcf92520aaea424880e7a29b12f

SHA512
42b4a71773a76d9eff24189f00db0ae6728ee9d0b16b6ebc68d898315b40f2709c9cfa376429fe75b4d74496ff67b3086a5fd6fb4b557f077d5164fc350a7869

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/55eba267-f187-414c-be12-5641945fba7e.envelope

Filesize
1KB

MD5
5b08552fc08a0032773849fa3e89f2b7

SHA1
14928ee1d4ed4d539c56892d8689b1300874b90f

SHA256
3ad489d7b51d5c683012261c7a7fd41b33f16709f563d7c18852fc262d707e5f

SHA512
a435538e826aeaa4f08afb8ec48301595c2a0d2fa293fa49c0288f4763844ca60748d10f97cf989ba02ded7bd2c386427a0a8f13b4b4a6b52b62b090cbf3b4b1

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/session.json

Filesize
313B

MD5
0c52c66a3a10a1a4d32f9b040d7960e4

SHA1
7c3b4fcf367434dda2338bfe898c5d370a5120be

SHA256
d48882a68840b5a99df9d12f4290b6344484c506c5e218e8c96a247350751fbf

SHA512
b90e67179e3447c9a95ff0036a4a899134a61f89f284acc82f7033907767bcea21c6424ab9d421c943a67b3697f8fedf2701f097785d18c17074d03828deb3ce

Download Submit
/data/data/tech.rabbit.r1launcher.r1/cache/sentry/85839f75023999a2162173be6a6d908597215ffc/session.json

Filesize
313B

MD5
5d99e9afbd4b4c06c0ecf4886fa18fa5

SHA1
646235e0eb5c01c47a3435712343d88b469a1965

SHA256
a6f74aba07cad6a18d37042d4e3b72599853ff2ec29863ee09d85dd60bedf433

SHA512
0138ac7371052d81068757059de5d3500aabcfceafe75b20b6f99f4cbe3b8772399ce05a5ea5702dbddbdaa22e991946a0aededa4b1f10929d1729bcc8aaeab7

Download Submit
/data/data/tech.rabbit.r1launcher.r1/files/INSTALLATION

Filesize
36B

MD5
54c0ceaaa5d02ffc500d9a87696f24b0

SHA1
ad43664e202d0ff2f8645d6105dd1f4678afeeda

SHA256
cfa336129f0d3ac96204ae85629b1c48ad3bd9e19d8410dbdf849a2fa431c789

SHA512
4d9a297ca02c400ef10bbc5d88e2486b4503f41f91b61b2145e55a6fa6fd5ea45905da3d87c9d924752b71ea6a2ef83c9e27e9a5f261a10a1c7ec0366ef60ce1

Download Submit
/data/data/tech.rabbit.r1launcher.r1/files/profileInstalled

Filesize
24B

MD5
4309d27fecc761611cb694b7b2b93093

SHA1
93276daa6287ec7a3dff897cc3a494b2d34dc388

SHA256
43c2c32809492cab7686db1cd52311c107d2d72b180d4d6be0fb7646ef923163

SHA512
028672b2e8cdaf6cc40c2209c8229208dfdd86e385007a59aef89d38e310db71f252ebc3f00d9ced542ec5e7069a8d2f76704e3093a948f3851cce900efb2b12

Download Submit
/data/data/tech.rabbit.r1launcher.r1/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
1ebe72f492c10839a2a200639be45683

SHA1
7ebd5840548f339c29fdc5ee89d4fe655b0ebf7b

SHA256
774f15a74b1f4020e6723cb8a41ec831a44e0271278be941b822f51df9f94340

SHA512
f4f490ecc3906dffc0e9925986c7b94a6f2fbe1b53a2cc62ff9e1b9682901af83b6765b6f63fb5d91d6d424b3881b61b86a8570971f00a3c1293676c1c4c88e3

Download Submit
/data/data/tech.rabbit.r1launcher.r1/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/tech.rabbit.r1launcher.r1/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
4d9eb266ab0184b804e1bd18ce6165c3

SHA1
4715dc8d71c0d8646162cbd8bb0f41eeb72f42c7

SHA256
40a536ec08149b721bd94e4be98ff8c00204bf145875e0d5d7c54c73db87645f

SHA512
cb201beca7d5eb7bd7e62681ae991c87fa95e67c17ea1747e55d608c2c31734c3685c58222441513dde5059827977fd97120644e49b1444d7c3d06a9f3e8bd70

Download Submit
/data/data/tech.rabbit.r1launcher.r1/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/tech.rabbit.r1launcher.r1/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
704462716df306a422af9d70eb1fbdfe

SHA1
9c58fab8f57929af7955591d06d7cd643b097b8f

SHA256
d02cb775b6547647260d98860fca2f248950d830b14a7f195bbb130c04cd258b

SHA512
d0e90ab0c8d9917576463b4553cf938ef932e92555e40ae1c5fd525db79281d793ab5d80d9b300027b8c8b960f520c2c77f6e3f96309b7935fd30e9593bff799

Download Submit
/data/data/tech.rabbit.r1launcher.r1/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
f8c6e843e6e2f500d65c294ff0540933

SHA1
7efcd1107d0e0760b3a01f7174b4135408934549

SHA256
ee341228ac6700523eb44cbd6eec3067e4c1a85faec2af43912d2868c7069595

SHA512
4fe10334283028e1b2faa68a1a76484fcc6801a727f878b33c51d99f8c32ef9a007116f358e22818218118fdd0bcd309b65caa802a98be9be241fb99a3af0d7f

Download Submit
/data/misc/profiles/cur/0/tech.rabbit.r1launcher.r1/primary.prof

Filesize
9KB

MD5
913d73cf889630d8e6772274bb5cd7e5

SHA1
662dfd9fb2f591eb55e118fe23ca613ddaa920a8

SHA256
f86afe3496de3dfe858427a9a8f2ff7edf0dd6d8bb3a00f1d834502d4cdbd22c

SHA512
5e8ad9bc9956f93f4bc811d890a0da1085f8ab1c1d506c5b97d3ab74d6cc464034179e2ba6ec1f4d45ff00879569ec6f988d1531a0a856e87280a82a44a89ec3

Download Submit
/data/misc/profiles/cur/0/tech.rabbit.r1launcher.r1/primary.prof

Filesize
10KB

MD5
52919204ab8ee4ae76612c4adc2ae98b

SHA1
a3d584aaeaeba91556ede5385b3e4cb625ab951a

SHA256
3bfb9313e3988159c8aac042a703065d4170f66ebdc2159a52ab73a336b731b1

SHA512
533fa5e96da891eba41a9fb65d1bd68d1831c24543bf917b439f0cef1454b8a49582591e956a3b90899fd3bfbc73b84495185f186dd2819ef72dabff422b7977

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads