Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    07-11-2024 17:38

General

  • Target

    FortuneRabbit.apk

  • Size

    10.4MB

  • MD5

    ad5d1abd0b77cbca905d48ae60302fbf

  • SHA1

    5a206b1faa7b1e2faa661beeaf0f2fe4ee88f6c5

  • SHA256

    1e1d226c821b02efd9d1aea0a2c7db744c38a4be0d6602b4b4903549c45f7c1c

  • SHA512

    a53750f9c5459039b6b92c82cccd3d066429d07a5f369f2f248d789b0e2e92d1e273bc30445d7921716a772d4ef16c271a64083eea68b25fd104ddb0a16dc813

  • SSDEEP

    196608:m8aSh5QHrECCL7cyqm8aXBRtez81RnY5qq23dG:m8vF37bqm8aD4zopdG

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.FortuneRabbit.app
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4626

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.FortuneRabbit.app/databases/OneSignal.db

    Filesize

    52KB

    MD5

    f1427539ecc4cedfa892efc1776ba3ed

    SHA1

    814607670e99768ae6212224860b0a1fb93733db

    SHA256

    491c9687657ca71661a5cf42a763249f88fa222edaef20eaf552c4599458f99e

    SHA512

    c3ebbf63c4e876e471848f810e7ad7c0cb56a946230073b5196f7b3ce5d1f144c800ec5787992ff2ee057f712d7c7f1b92b47761294aede13183c796e5ab043d

  • /data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

    Filesize

    8KB

    MD5

    1b2f9478acbbca0b7e293a1c7926b7e8

    SHA1

    0ff7f4df74b61f68879c0612c9fe2fcac30f91b2

    SHA256

    11ce2afa1bca5d7d6335eb0f49c6faeeed6566b90fc3099c8dc4679c8f3ac0e5

    SHA512

    26dc8e93ce1f67bd6a23e4d17aced2248f16ff080519ccf491954c768ac77158a5ce586feaf66db003d2c3f5467a807b45f37a34f07442262d9f59f971227b66

  • /data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

    Filesize

    8KB

    MD5

    378d390f436cb4ada1429b431c2c76d0

    SHA1

    dd03a584284af166df73c9e1f6430e3e1c9455a5

    SHA256

    19c6f5a6b2d6fa630df1c82741508fb5ab5fc8650a306d74fee55ab4a97edfaf

    SHA512

    586ae4981f9840dfae919773f83fc3cfd2d4b97632e634cc6707941bf9eef031119cdcf82ef0aac84a8b01f8cbe439046ecf677727475ddabe5b4c0dd851a366

  • /data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

    Filesize

    512B

    MD5

    5506c34e5dd269789ae8f62dcd1145f7

    SHA1

    e62e3f4f473a826ff3743a8462e6108ecc1b9440

    SHA256

    523a55557b5fe3ad4da19e3342e625cdfcca9de0ea0751b4521404b98a3bf28f

    SHA512

    3fbd778969b18de6606d26b5d05385625fd05082e5d4679af098ad040b468c5bd213173e1cce67bfb38e2615abfeea7a98f5eb4c1969c763ec25393af995b60c

  • /data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events

    Filesize

    56KB

    MD5

    30cd3cc50ca3f56dd665cc02de9dcae4

    SHA1

    496d7c317cd3c25920b48827f68aea9a5d340a64

    SHA256

    a996461674b3ee9b9be5fcadc135212ef1c7b85158bbd1c034ac73bac716395d

    SHA512

    0a9af210a7124bd5f1f8971dc498f2f1b8d229ceb6e83472993459cb901c136d02efc34ae3d9401ef0bee16086e71aa61709483edc8613aa130dbedc56ca6ea8

  • /data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    466d9e9eea112d221288f7dd811feecf

    SHA1

    7b597ff1897280787b180be64d0a93c548a2e075

    SHA256

    66805f781aaa4bb6a5dd147da0affc414f895441752d085016a03ca9d3876370

    SHA512

    dd7823ca7d56f2fb3a3d92cb14fcce08431d800a3b46a5f13bf5e009f1f3fb2817d4148801acda6880372cc078474c16c9dd3424acfe063f7cea714ffeb039b2

  • /data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    9bb88b257a6a83f5c25321ddb51dfdc0

    SHA1

    30a573d2b7b44366e630aad3c43a89d7e429da32

    SHA256

    91addf9340ac6b3ec6e4583dabdef14202bee3427552e6b1eb9bbdd8c58c94c7

    SHA512

    d359c63f399a426a578d30e22e846dec140ae7cfb5949389f3db3fe322810a5a4e9611fa947eef31ecee395c03ecc74e764c4a2b9590ff3bed839364272051a8

  • /data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    3500d199051891eb098ff082f8dc57e4

    SHA1

    36b5673d335eba870e02082f27ffe61bbc36f033

    SHA256

    49fe37feea8bf94802ec7f8f2495c8381959fb2af8d4e43d9cef5ca01b27e063

    SHA512

    6e3a0cbe080f888354e374d9414726307d7ece441bb90703ed4d45dc4ca121da2c5fcb9f12f11c0ffeb661d0f43db2136a3ec406d4c33354550ac4180dd96392

  • /data/data/com.FortuneRabbit.app/files/PersistedInstallation1198138673546504558tmp

    Filesize

    90B

    MD5

    16ce91f2a4be8474d02839ce309b7722

    SHA1

    3156617f7ebac2bea7cbc42395d3d4bac1f8ce2d

    SHA256

    1a9bf73b22b03947bb56a2a706e6905089586e9632338157432d4aeebffd3d39

    SHA512

    733f8ba793e4eda1d570634ecf76fec22596596c1989d35e0fd9cb0492c7960ffd5e3845289b69013d6d30d9470926794366bb6fe13032594393ab49f96d8480

  • /data/data/com.FortuneRabbit.app/files/PersistedInstallation1200604245656119698tmp

    Filesize

    567B

    MD5

    4a30893605477046ad4c37ca642fd15b

    SHA1

    60680410941fd788752f59a621a493b5f425bae1

    SHA256

    cf2f5b97a70b537f7e35800065c8e151dcbf103a82457507dc6fd60c950709a7

    SHA512

    f7d80ee7d33648632596e99e9e699718ed2bba99926e40f5bc9f87a74e97730ac524d84bf586c7b3cb8ef0373582320f2907462dbcbffda1ecd09c399c2f9bcb

  • /data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

  • /data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    661d15a9079f7511536bc7ed1d78eaac

    SHA1

    c2feb78b87abc3e03f51e2cd9fc91ef2d6d1a06b

    SHA256

    e715dd9d7b3c31bd74a9516cfe5dac277bc88cd831833a8fd788c98b3ae7ee32

    SHA512

    c2886198641463d46cb5c1eee1a5fdd011aa3ac182402b849d1a900e5f687ae8309cfc1217fe10370b082ad892bbf2d09a5f85fab0ade29374858c3db3c16003

  • /data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    768c61005662723f9913c022127028ae

    SHA1

    417f7b6f68ae2050db11ef6234d89d759a0dc563

    SHA256

    76c295b940724f31f86781a13586c79f8bb8a5ac6784baadc1bfa649c7a5389f

    SHA512

    09fe38cc6cd3d64e13e17af0d245f5edf83e2050e7c27f8bd837cd31a769385f1435da70ecf9ddac003a27529d6c0e2b979be1c076a0796cfe365be226aa6da0

  • /data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

    Filesize

    112KB

    MD5

    d190d01aebf2e24e5d4b80432e17d804

    SHA1

    a8d962efae27a1650f8a035c8010eb38f7a762d4

    SHA256

    e9a6353bdec3e79a7c6497b308ee6baea97eda275309882d67420d888e215e0b

    SHA512

    f51b36fc88a51dd78c12d2ff96853875a132e7ab9cffe05371288ab47eeca95ccb05db9ae9afad978e61ab2808692b69bdf4f72accb759ba0efb4556be8158da

  • /data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

    Filesize

    185KB

    MD5

    46ae91e3c7dd80eb9d97160029391094

    SHA1

    e95df4100c24a285beeb2e575b8a8b541aa21385

    SHA256

    9f49a4e47c9db5e0e3c0c35b6856149df89cb567c910ccaf7bf9eadfa966fda3

    SHA512

    daf74b5e47c60d855fc5614f73b66468ba16891244396fdc9c25cb7319fc1680f6c2ca1da96e8151508ed39ab51f908d0fd451c4033928301cdf169740e4e615

  • /system_ext/framework/androidx.window.sidecar.jar

    Filesize

    12KB

    MD5

    bdf3529e80318eb14e53a5bf3720c10d

    SHA1

    25c9ace4b1af6e80ebb2572345972c56505969ba

    SHA256

    bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

    SHA512

    48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b