Analysis
-
max time kernel
149s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
07-11-2024 17:38
Static task
static1
Behavioral task
behavioral1
Sample
FortuneRabbit.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
FortuneRabbit.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
FortuneRabbit.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
FortuneRabbit.apk
-
Size
10.4MB
-
MD5
ad5d1abd0b77cbca905d48ae60302fbf
-
SHA1
5a206b1faa7b1e2faa661beeaf0f2fe4ee88f6c5
-
SHA256
1e1d226c821b02efd9d1aea0a2c7db744c38a4be0d6602b4b4903549c45f7c1c
-
SHA512
a53750f9c5459039b6b92c82cccd3d066429d07a5f369f2f248d789b0e2e92d1e273bc30445d7921716a772d4ef16c271a64083eea68b25fd104ddb0a16dc813
-
SSDEEP
196608:m8aSh5QHrECCL7cyqm8aXBRtez81RnY5qq23dG:m8vF37bqm8aD4zopdG
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.FortuneRabbit.appioc Process /sbin/su com.FortuneRabbit.app /system/bin/su com.FortuneRabbit.app -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.FortuneRabbit.appioc pid Process /system_ext/framework/androidx.window.sidecar.jar 4626 com.FortuneRabbit.app /system_ext/framework/androidx.window.sidecar.jar 4626 com.FortuneRabbit.app -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.FortuneRabbit.app -
Acquires the wake lock 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.FortuneRabbit.app -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.FortuneRabbit.app -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.FortuneRabbit.appdescription ioc Process Framework service call android.app.job.IJobScheduler.schedule com.FortuneRabbit.app -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process File opened for read /proc/cpuinfo com.FortuneRabbit.app -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.FortuneRabbit.appdescription ioc Process File opened for read /proc/meminfo com.FortuneRabbit.app
Processes
-
com.FortuneRabbit.app1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4626
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5f1427539ecc4cedfa892efc1776ba3ed
SHA1814607670e99768ae6212224860b0a1fb93733db
SHA256491c9687657ca71661a5cf42a763249f88fa222edaef20eaf552c4599458f99e
SHA512c3ebbf63c4e876e471848f810e7ad7c0cb56a946230073b5196f7b3ce5d1f144c800ec5787992ff2ee057f712d7c7f1b92b47761294aede13183c796e5ab043d
-
Filesize
8KB
MD51b2f9478acbbca0b7e293a1c7926b7e8
SHA10ff7f4df74b61f68879c0612c9fe2fcac30f91b2
SHA25611ce2afa1bca5d7d6335eb0f49c6faeeed6566b90fc3099c8dc4679c8f3ac0e5
SHA51226dc8e93ce1f67bd6a23e4d17aced2248f16ff080519ccf491954c768ac77158a5ce586feaf66db003d2c3f5467a807b45f37a34f07442262d9f59f971227b66
-
Filesize
8KB
MD5378d390f436cb4ada1429b431c2c76d0
SHA1dd03a584284af166df73c9e1f6430e3e1c9455a5
SHA25619c6f5a6b2d6fa630df1c82741508fb5ab5fc8650a306d74fee55ab4a97edfaf
SHA512586ae4981f9840dfae919773f83fc3cfd2d4b97632e634cc6707941bf9eef031119cdcf82ef0aac84a8b01f8cbe439046ecf677727475ddabe5b4c0dd851a366
-
Filesize
512B
MD55506c34e5dd269789ae8f62dcd1145f7
SHA1e62e3f4f473a826ff3743a8462e6108ecc1b9440
SHA256523a55557b5fe3ad4da19e3342e625cdfcca9de0ea0751b4521404b98a3bf28f
SHA5123fbd778969b18de6606d26b5d05385625fd05082e5d4679af098ad040b468c5bd213173e1cce67bfb38e2615abfeea7a98f5eb4c1969c763ec25393af995b60c
-
Filesize
56KB
MD530cd3cc50ca3f56dd665cc02de9dcae4
SHA1496d7c317cd3c25920b48827f68aea9a5d340a64
SHA256a996461674b3ee9b9be5fcadc135212ef1c7b85158bbd1c034ac73bac716395d
SHA5120a9af210a7124bd5f1f8971dc498f2f1b8d229ceb6e83472993459cb901c136d02efc34ae3d9401ef0bee16086e71aa61709483edc8613aa130dbedc56ca6ea8
-
Filesize
512B
MD5466d9e9eea112d221288f7dd811feecf
SHA17b597ff1897280787b180be64d0a93c548a2e075
SHA25666805f781aaa4bb6a5dd147da0affc414f895441752d085016a03ca9d3876370
SHA512dd7823ca7d56f2fb3a3d92cb14fcce08431d800a3b46a5f13bf5e009f1f3fb2817d4148801acda6880372cc078474c16c9dd3424acfe063f7cea714ffeb039b2
-
Filesize
8KB
MD59bb88b257a6a83f5c25321ddb51dfdc0
SHA130a573d2b7b44366e630aad3c43a89d7e429da32
SHA25691addf9340ac6b3ec6e4583dabdef14202bee3427552e6b1eb9bbdd8c58c94c7
SHA512d359c63f399a426a578d30e22e846dec140ae7cfb5949389f3db3fe322810a5a4e9611fa947eef31ecee395c03ecc74e764c4a2b9590ff3bed839364272051a8
-
Filesize
8KB
MD53500d199051891eb098ff082f8dc57e4
SHA136b5673d335eba870e02082f27ffe61bbc36f033
SHA25649fe37feea8bf94802ec7f8f2495c8381959fb2af8d4e43d9cef5ca01b27e063
SHA5126e3a0cbe080f888354e374d9414726307d7ece441bb90703ed4d45dc4ca121da2c5fcb9f12f11c0ffeb661d0f43db2136a3ec406d4c33354550ac4180dd96392
-
Filesize
90B
MD516ce91f2a4be8474d02839ce309b7722
SHA13156617f7ebac2bea7cbc42395d3d4bac1f8ce2d
SHA2561a9bf73b22b03947bb56a2a706e6905089586e9632338157432d4aeebffd3d39
SHA512733f8ba793e4eda1d570634ecf76fec22596596c1989d35e0fd9cb0492c7960ffd5e3845289b69013d6d30d9470926794366bb6fe13032594393ab49f96d8480
-
Filesize
567B
MD54a30893605477046ad4c37ca642fd15b
SHA160680410941fd788752f59a621a493b5f425bae1
SHA256cf2f5b97a70b537f7e35800065c8e151dcbf103a82457507dc6fd60c950709a7
SHA512f7d80ee7d33648632596e99e9e699718ed2bba99926e40f5bc9f87a74e97730ac524d84bf586c7b3cb8ef0373582320f2907462dbcbffda1ecd09c399c2f9bcb
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5661d15a9079f7511536bc7ed1d78eaac
SHA1c2feb78b87abc3e03f51e2cd9fc91ef2d6d1a06b
SHA256e715dd9d7b3c31bd74a9516cfe5dac277bc88cd831833a8fd788c98b3ae7ee32
SHA512c2886198641463d46cb5c1eee1a5fdd011aa3ac182402b849d1a900e5f687ae8309cfc1217fe10370b082ad892bbf2d09a5f85fab0ade29374858c3db3c16003
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5768c61005662723f9913c022127028ae
SHA1417f7b6f68ae2050db11ef6234d89d759a0dc563
SHA25676c295b940724f31f86781a13586c79f8bb8a5ac6784baadc1bfa649c7a5389f
SHA51209fe38cc6cd3d64e13e17af0d245f5edf83e2050e7c27f8bd837cd31a769385f1435da70ecf9ddac003a27529d6c0e2b979be1c076a0796cfe365be226aa6da0
-
Filesize
112KB
MD5d190d01aebf2e24e5d4b80432e17d804
SHA1a8d962efae27a1650f8a035c8010eb38f7a762d4
SHA256e9a6353bdec3e79a7c6497b308ee6baea97eda275309882d67420d888e215e0b
SHA512f51b36fc88a51dd78c12d2ff96853875a132e7ab9cffe05371288ab47eeca95ccb05db9ae9afad978e61ab2808692b69bdf4f72accb759ba0efb4556be8158da
-
Filesize
185KB
MD546ae91e3c7dd80eb9d97160029391094
SHA1e95df4100c24a285beeb2e575b8a8b541aa21385
SHA2569f49a4e47c9db5e0e3c0c35b6856149df89cb567c910ccaf7bf9eadfa966fda3
SHA512daf74b5e47c60d855fc5614f73b66468ba16891244396fdc9c25cb7319fc1680f6c2ca1da96e8151508ed39ab51f908d0fd451c4033928301cdf169740e4e615
-
Filesize
12KB
MD5bdf3529e80318eb14e53a5bf3720c10d
SHA125c9ace4b1af6e80ebb2572345972c56505969ba
SHA256bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA51248b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b