Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
07-11-2024 17:38
Static task
static1
Behavioral task
behavioral1
Sample
FortuneRabbit.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
FortuneRabbit.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
FortuneRabbit.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
FortuneRabbit.apk
-
Size
10.4MB
-
MD5
ad5d1abd0b77cbca905d48ae60302fbf
-
SHA1
5a206b1faa7b1e2faa661beeaf0f2fe4ee88f6c5
-
SHA256
1e1d226c821b02efd9d1aea0a2c7db744c38a4be0d6602b4b4903549c45f7c1c
-
SHA512
a53750f9c5459039b6b92c82cccd3d066429d07a5f369f2f248d789b0e2e92d1e273bc30445d7921716a772d4ef16c271a64083eea68b25fd104ddb0a16dc813
-
SSDEEP
196608:m8aSh5QHrECCL7cyqm8aXBRtez81RnY5qq23dG:m8vF37bqm8aD4zopdG
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appioc Process /sbin/su com.FortuneRabbit.app -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.FortuneRabbit.app -
Acquires the wake lock 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.FortuneRabbit.app -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.FortuneRabbit.app -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.FortuneRabbit.app -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.app.IActivityManager.registerReceiver com.FortuneRabbit.app -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.app.job.IJobScheduler.schedule com.FortuneRabbit.app -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process File opened for read /proc/cpuinfo com.FortuneRabbit.app -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process File opened for read /proc/meminfo com.FortuneRabbit.app
Processes
-
com.FortuneRabbit.app1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5130
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5e1941e84ac2269c7b1b8bb7041b14001
SHA1aed569ddb068a94e893702c297683c233d841f6f
SHA256ab03de5564295f5ec34e2fccba9811cff818911b07798e9e456a58309deeb3a7
SHA51299124fc5347f6a7e19e0e30330c4e2f0f2d9074a0fc6a0ab7be25c5bd90d8dfdc66e8abeb1852be871dadb7a5945d7046d2e72ffb4f179c385ed7ffded33c2b7
-
Filesize
8KB
MD56eff7f318194b50ff4fad442b5732fa6
SHA11b8beb200096f33cc340c018b439b84c7d140387
SHA256716af923457b8debd148dc48e1bc357d47d14ff28838dad035ec90fca84ce0e7
SHA5128a1f8ceff450a209a5fad6301873da7eeecb8b801be60f75eadbf10e820b992a83af0039664f14df2526c9f50b9197a0660553ab191538c8bf958aba0b2cfbfc
-
Filesize
8KB
MD56537c02cf893440f29424033d1c1c07f
SHA1062a01fc45965f624eafdcec956e41629b751a33
SHA25651cfe508581b5370a3c2d332c37e346881a15f0f2417a62fc183c2ccefbf8fa6
SHA512651ca3745c01979029acc1f255f24fbff965544e9d91274b481160305f211a5b4052f8ac5ce990c8016e759148d05289c63714ef2fd67b6cce2f53473136b2a4
-
Filesize
512B
MD5f3a4bdf8e2b65d828d443b9033fe1269
SHA1371b7dc9be33e98b92dbd2ce050b76f27b631c1e
SHA256d837b9a1341084c97dca5115edae22ccb7db5a2db3381905ed929d327ce0f20b
SHA512d1bd400e90bbb273a3cdb438ef5b50d79e5af7afdf52d84aabb5f3fe97620d692f6930b20baf40ab6b4f2f8e0e64dce235b70128d6e9eceb23bb29636015bc46
-
Filesize
56KB
MD576fd3b9655e422e4d6fea83b824605ff
SHA1456a637b3498bc0a26e71fb9ec21ccafd066a29c
SHA256209193d6298e38be666bf9ab16e8146a3c3646a86185c8ab634b65523f673ea5
SHA512b0b3e892cd39cbf3e3119605163ece508426b4afd32c17ad2a7c3ea4355e072ba266e6fd5a60ef09cd1c7759f7385c55d3585f352cea9520ef6e0bcb1bff2ed4
-
Filesize
512B
MD57db735f5cc0364b33a8f230bc4a861ed
SHA13cebea9ca8ec2d9dbd4c88ab022ce543cf63e399
SHA256cb985b92efe3d8ae531044d57b959da8edf06daa2e09f8ff5f8f5740203830fe
SHA512c4e4a0adb0e44fbbd62c074be3abbb986420740aec28e0c30cee7f2d80ae9fc5edfec25a7133d718daef934dc9763d44507df6890aa8fac8fc64f60a4ece8682
-
Filesize
8KB
MD545f8fe550879fcddbefd4377043bd2ba
SHA16aed99f4be60842e5406f39eed5cb613cc8a1b20
SHA25655018a856cb59f5ac1d72e682e1a7bdb861010b09c9feedf8b5cd630a16f61b4
SHA512547140d2c3f40c17d5717e2b1de8b01992fb41f3d2d89396dbefd36bb3a7a04200350f5c2b3508117ab78f2b28391b75a32da793498487b4e3db37ef1a69aae8
-
Filesize
8KB
MD58d1cb144902acb6e5a5fbbeca805a52d
SHA1e0d397405c62ee56d32c51ee266175b539909a3c
SHA2565e6e6171368ce2fd0d33539092b4a3e6618780d1a427be9f0127785f2ea9894b
SHA512ba8b7590c9f54c2e9c9f4a7d5242ef30b9d477bbc7fdf67f43831e16582c62e295b459a5471ecf2212c8f13e02edeeb4149943b301935625101d2dfd36cedd6e
-
Filesize
90B
MD5b058ee07dfbca00dc56a63ee505c9012
SHA10a24af53fc2cc9134eb5e5ca0454701949ee7668
SHA256ed53cfd1f92aea18417f6b00f1991cc86d2cbf28cb24d13b5e8e386a9346a4b0
SHA5129fd4c5bc933b4bac0d3a8eefecdd0fdecc0c6aec8cc7059520a2e1fd94568cad96993cc2996c4598dc83aea3d8344c2c4d50b4b399c7ba7b1e3832eca3d282c4
-
Filesize
569B
MD5a7530a35021ed9bd41b7761506b51966
SHA1a76dab0c0d446526d01b83f756f3e38a0497183e
SHA2569df67db24e3aa7bdf09e56072c43d1d4b0d94d3bacb1238c057f3ef527ec1226
SHA512b0cefba77b62d0499d581c5c16de2e04a74130987f517e9595101bee35096a0fc9b74a7a24dcc8e1f0164f1c736b6605f52344348e20243a6bc409d329bf6200
-
Filesize
24B
MD54dba393390e1f376409fb6c190f0ef6c
SHA1f3d7d11c08348f5c7c0646096c7221bbd7852554
SHA2562a5097a356ec919430b5d968ce05ad9c9d5e0b8c6ccb748c11d4a581a07bef0c
SHA5123639b629050a57ad7c5354adb14b602a48436fddb6c19a6bc6838b0055285b3de7b1cbe7869bfca677b128d3cbf4d1ddd0a3882fd5ee9f6a208e72904fff011b
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD59640d2355d37ad389284991d9e1fb1c0
SHA174d594606b2cd31f71802252c23c63d3486a6f5a
SHA2565621fb956f3d1c4e4b94a419d350caf0b18332d5877ba6d6cc0e2fb8f0b9c5c4
SHA5127fea9fd5b195e0d1b735afacb4feea53c474d4b8417ecdbf905a38f4cf45d734e7f3bb9709ce10308e1d87a3cd5104f789189eb080157ba9d58905a315a82016
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD55d0d064adca9f08921a20c966703622a
SHA1b3fa8d3e5d0db41bd91ff3cd4db07be2185cb109
SHA25687e3dc0b013a1d3dd1a18e586db95ba34db93124e8876fa799555bc01ab859ea
SHA5127cf1f15f5a860001354cb2ffc766c1b53d7a2c32e140cee7dcfa82d54da0a64ab45afe4b92f9f5863453257ab91ecadf05005c9e827d79bad98ec74d1672b59a
-
Filesize
112KB
MD5e7139ee7a840bdfcd83e4948a1230597
SHA10016a7227666e44e7b0db9d79755274f8e147d72
SHA2565343a182ae19452058b8b6c040eda3c515d71adf750d1aaf21738d2e6f335817
SHA51246c060bc8caadefa52c7c0f5af020908c3bc4422f207a86ef787b8c55e9d9e09905cfe8452a125255cceab0077ebb931a804fe73e71e59c203c870e50cbebddd
-
Filesize
193KB
MD50a4ce5e193d1ccc500a143a71229c8ce
SHA1cec17b74692e4186907984c5098969185948d26f
SHA256cff67179b99aced7498b75d8b40f2f3d8794d37f65eb9b34bf4820d767faa595
SHA512aaa5b58b6b2aa5a035e475d3214c63835f2e2aad12fe9b26e55e7399f54def17c6660c842f36753cbd6b113017662edbd78477ffc3650679b4d7857011a09be0