Malware Analysis Report

2024-12-01 03:00

Sample ID 241107-v72q1swlav
Target FortuneRabbit.apk
SHA256 1e1d226c821b02efd9d1aea0a2c7db744c38a4be0d6602b4b4903549c45f7c1c
Tags
collection credential_access discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1e1d226c821b02efd9d1aea0a2c7db744c38a4be0d6602b4b4903549c45f7c1c

Threat Level: Likely malicious

The file FortuneRabbit.apk was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Acquires the wake lock

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 17:38

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 17:38

Reported

2024-11-07 17:41

Platform

android-x64-20240910-en

Max time kernel

149s

Max time network

152s

Command Line

com.FortuneRabbit.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.FortuneRabbit.app

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 api.onesignal.com udp
US 104.16.160.145:443 api.onesignal.com tcp
US 1.1.1.1:53 siteofficialred.com udp
US 104.21.26.107:443 siteofficialred.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.169.42:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 wow.itisfine.work udp
US 172.67.144.235:443 wow.itisfine.work tcp
US 1.1.1.1:53 go.sogood678.xyz udp
US 104.21.17.220:443 go.sogood678.xyz tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 go.gmetrck.info udp
US 172.67.177.129:443 go.gmetrck.info tcp
US 172.67.177.129:80 go.gmetrck.info tcp
GB 216.58.212.226:443 tcp

Files

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-journal

MD5 9640d2355d37ad389284991d9e1fb1c0
SHA1 74d594606b2cd31f71802252c23c63d3486a6f5a
SHA256 5621fb956f3d1c4e4b94a419d350caf0b18332d5877ba6d6cc0e2fb8f0b9c5c4
SHA512 7fea9fd5b195e0d1b735afacb4feea53c474d4b8417ecdbf905a38f4cf45d734e7f3bb9709ce10308e1d87a3cd5104f789189eb080157ba9d58905a315a82016

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 5d0d064adca9f08921a20c966703622a
SHA1 b3fa8d3e5d0db41bd91ff3cd4db07be2185cb109
SHA256 87e3dc0b013a1d3dd1a18e586db95ba34db93124e8876fa799555bc01ab859ea
SHA512 7cf1f15f5a860001354cb2ffc766c1b53d7a2c32e140cee7dcfa82d54da0a64ab45afe4b92f9f5863453257ab91ecadf05005c9e827d79bad98ec74d1672b59a

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 e7139ee7a840bdfcd83e4948a1230597
SHA1 0016a7227666e44e7b0db9d79755274f8e147d72
SHA256 5343a182ae19452058b8b6c040eda3c515d71adf750d1aaf21738d2e6f335817
SHA512 46c060bc8caadefa52c7c0f5af020908c3bc4422f207a86ef787b8c55e9d9e09905cfe8452a125255cceab0077ebb931a804fe73e71e59c203c870e50cbebddd

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 0a4ce5e193d1ccc500a143a71229c8ce
SHA1 cec17b74692e4186907984c5098969185948d26f
SHA256 cff67179b99aced7498b75d8b40f2f3d8794d37f65eb9b34bf4820d767faa595
SHA512 aaa5b58b6b2aa5a035e475d3214c63835f2e2aad12fe9b26e55e7399f54def17c6660c842f36753cbd6b113017662edbd78477ffc3650679b4d7857011a09be0

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 f3a4bdf8e2b65d828d443b9033fe1269
SHA1 371b7dc9be33e98b92dbd2ce050b76f27b631c1e
SHA256 d837b9a1341084c97dca5115edae22ccb7db5a2db3381905ed929d327ce0f20b
SHA512 d1bd400e90bbb273a3cdb438ef5b50d79e5af7afdf52d84aabb5f3fe97620d692f6930b20baf40ab6b4f2f8e0e64dce235b70128d6e9eceb23bb29636015bc46

/data/data/com.FortuneRabbit.app/databases/OneSignal.db

MD5 e1941e84ac2269c7b1b8bb7041b14001
SHA1 aed569ddb068a94e893702c297683c233d841f6f
SHA256 ab03de5564295f5ec34e2fccba9811cff818911b07798e9e456a58309deeb3a7
SHA512 99124fc5347f6a7e19e0e30330c4e2f0f2d9074a0fc6a0ab7be25c5bd90d8dfdc66e8abeb1852be871dadb7a5945d7046d2e72ffb4f179c385ed7ffded33c2b7

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 6eff7f318194b50ff4fad442b5732fa6
SHA1 1b8beb200096f33cc340c018b439b84c7d140387
SHA256 716af923457b8debd148dc48e1bc357d47d14ff28838dad035ec90fca84ce0e7
SHA512 8a1f8ceff450a209a5fad6301873da7eeecb8b801be60f75eadbf10e820b992a83af0039664f14df2526c9f50b9197a0660553ab191538c8bf958aba0b2cfbfc

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 6537c02cf893440f29424033d1c1c07f
SHA1 062a01fc45965f624eafdcec956e41629b751a33
SHA256 51cfe508581b5370a3c2d332c37e346881a15f0f2417a62fc183c2ccefbf8fa6
SHA512 651ca3745c01979029acc1f255f24fbff965544e9d91274b481160305f211a5b4052f8ac5ce990c8016e759148d05289c63714ef2fd67b6cce2f53473136b2a4

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 7db735f5cc0364b33a8f230bc4a861ed
SHA1 3cebea9ca8ec2d9dbd4c88ab022ce543cf63e399
SHA256 cb985b92efe3d8ae531044d57b959da8edf06daa2e09f8ff5f8f5740203830fe
SHA512 c4e4a0adb0e44fbbd62c074be3abbb986420740aec28e0c30cee7f2d80ae9fc5edfec25a7133d718daef934dc9763d44507df6890aa8fac8fc64f60a4ece8682

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events

MD5 76fd3b9655e422e4d6fea83b824605ff
SHA1 456a637b3498bc0a26e71fb9ec21ccafd066a29c
SHA256 209193d6298e38be666bf9ab16e8146a3c3646a86185c8ab634b65523f673ea5
SHA512 b0b3e892cd39cbf3e3119605163ece508426b4afd32c17ad2a7c3ea4355e072ba266e6fd5a60ef09cd1c7759f7385c55d3585f352cea9520ef6e0bcb1bff2ed4

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 45f8fe550879fcddbefd4377043bd2ba
SHA1 6aed99f4be60842e5406f39eed5cb613cc8a1b20
SHA256 55018a856cb59f5ac1d72e682e1a7bdb861010b09c9feedf8b5cd630a16f61b4
SHA512 547140d2c3f40c17d5717e2b1de8b01992fb41f3d2d89396dbefd36bb3a7a04200350f5c2b3508117ab78f2b28391b75a32da793498487b4e3db37ef1a69aae8

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 8d1cb144902acb6e5a5fbbeca805a52d
SHA1 e0d397405c62ee56d32c51ee266175b539909a3c
SHA256 5e6e6171368ce2fd0d33539092b4a3e6618780d1a427be9f0127785f2ea9894b
SHA512 ba8b7590c9f54c2e9c9f4a7d5242ef30b9d477bbc7fdf67f43831e16582c62e295b459a5471ecf2212c8f13e02edeeb4149943b301935625101d2dfd36cedd6e

/data/data/com.FortuneRabbit.app/files/PersistedInstallation231369749618151900tmp

MD5 b058ee07dfbca00dc56a63ee505c9012
SHA1 0a24af53fc2cc9134eb5e5ca0454701949ee7668
SHA256 ed53cfd1f92aea18417f6b00f1991cc86d2cbf28cb24d13b5e8e386a9346a4b0
SHA512 9fd4c5bc933b4bac0d3a8eefecdd0fdecc0c6aec8cc7059520a2e1fd94568cad96993cc2996c4598dc83aea3d8344c2c4d50b4b399c7ba7b1e3832eca3d282c4

/data/data/com.FortuneRabbit.app/files/PersistedInstallation9118064939458207198tmp

MD5 a7530a35021ed9bd41b7761506b51966
SHA1 a76dab0c0d446526d01b83f756f3e38a0497183e
SHA256 9df67db24e3aa7bdf09e56072c43d1d4b0d94d3bacb1238c057f3ef527ec1226
SHA512 b0cefba77b62d0499d581c5c16de2e04a74130987f517e9595101bee35096a0fc9b74a7a24dcc8e1f0164f1c736b6605f52344348e20243a6bc409d329bf6200

/data/data/com.FortuneRabbit.app/files/profileInstalled

MD5 4dba393390e1f376409fb6c190f0ef6c
SHA1 f3d7d11c08348f5c7c0646096c7221bbd7852554
SHA256 2a5097a356ec919430b5d968ce05ad9c9d5e0b8c6ccb748c11d4a581a07bef0c
SHA512 3639b629050a57ad7c5354adb14b602a48436fddb6c19a6bc6838b0055285b3de7b1cbe7869bfca677b128d3cbf4d1ddd0a3882fd5ee9f6a208e72904fff011b

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-07 17:38

Reported

2024-11-07 17:41

Platform

android-x64-arm64-20240624-en

Max time kernel

149s

Max time network

134s

Command Line

com.FortuneRabbit.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.FortuneRabbit.app

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.onesignal.com udp
US 104.17.111.223:443 api.onesignal.com tcp
US 1.1.1.1:53 siteofficialred.com udp
US 172.67.135.224:443 siteofficialred.com tcp
US 1.1.1.1:53 wow.itisfine.work udp
US 172.67.144.235:443 wow.itisfine.work tcp
US 1.1.1.1:53 go.sogood678.xyz udp
US 104.21.17.220:443 go.sogood678.xyz tcp
US 1.1.1.1:53 go.gmetrck.info udp
US 172.67.177.129:443 go.gmetrck.info tcp
US 172.67.177.129:80 go.gmetrck.info tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-journal

MD5 661d15a9079f7511536bc7ed1d78eaac
SHA1 c2feb78b87abc3e03f51e2cd9fc91ef2d6d1a06b
SHA256 e715dd9d7b3c31bd74a9516cfe5dac277bc88cd831833a8fd788c98b3ae7ee32
SHA512 c2886198641463d46cb5c1eee1a5fdd011aa3ac182402b849d1a900e5f687ae8309cfc1217fe10370b082ad892bbf2d09a5f85fab0ade29374858c3db3c16003

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 768c61005662723f9913c022127028ae
SHA1 417f7b6f68ae2050db11ef6234d89d759a0dc563
SHA256 76c295b940724f31f86781a13586c79f8bb8a5ac6784baadc1bfa649c7a5389f
SHA512 09fe38cc6cd3d64e13e17af0d245f5edf83e2050e7c27f8bd837cd31a769385f1435da70ecf9ddac003a27529d6c0e2b979be1c076a0796cfe365be226aa6da0

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 d190d01aebf2e24e5d4b80432e17d804
SHA1 a8d962efae27a1650f8a035c8010eb38f7a762d4
SHA256 e9a6353bdec3e79a7c6497b308ee6baea97eda275309882d67420d888e215e0b
SHA512 f51b36fc88a51dd78c12d2ff96853875a132e7ab9cffe05371288ab47eeca95ccb05db9ae9afad978e61ab2808692b69bdf4f72accb759ba0efb4556be8158da

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 46ae91e3c7dd80eb9d97160029391094
SHA1 e95df4100c24a285beeb2e575b8a8b541aa21385
SHA256 9f49a4e47c9db5e0e3c0c35b6856149df89cb567c910ccaf7bf9eadfa966fda3
SHA512 daf74b5e47c60d855fc5614f73b66468ba16891244396fdc9c25cb7319fc1680f6c2ca1da96e8151508ed39ab51f908d0fd451c4033928301cdf169740e4e615

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 5506c34e5dd269789ae8f62dcd1145f7
SHA1 e62e3f4f473a826ff3743a8462e6108ecc1b9440
SHA256 523a55557b5fe3ad4da19e3342e625cdfcca9de0ea0751b4521404b98a3bf28f
SHA512 3fbd778969b18de6606d26b5d05385625fd05082e5d4679af098ad040b468c5bd213173e1cce67bfb38e2615abfeea7a98f5eb4c1969c763ec25393af995b60c

/data/data/com.FortuneRabbit.app/databases/OneSignal.db

MD5 f1427539ecc4cedfa892efc1776ba3ed
SHA1 814607670e99768ae6212224860b0a1fb93733db
SHA256 491c9687657ca71661a5cf42a763249f88fa222edaef20eaf552c4599458f99e
SHA512 c3ebbf63c4e876e471848f810e7ad7c0cb56a946230073b5196f7b3ce5d1f144c800ec5787992ff2ee057f712d7c7f1b92b47761294aede13183c796e5ab043d

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 1b2f9478acbbca0b7e293a1c7926b7e8
SHA1 0ff7f4df74b61f68879c0612c9fe2fcac30f91b2
SHA256 11ce2afa1bca5d7d6335eb0f49c6faeeed6566b90fc3099c8dc4679c8f3ac0e5
SHA512 26dc8e93ce1f67bd6a23e4d17aced2248f16ff080519ccf491954c768ac77158a5ce586feaf66db003d2c3f5467a807b45f37a34f07442262d9f59f971227b66

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 378d390f436cb4ada1429b431c2c76d0
SHA1 dd03a584284af166df73c9e1f6430e3e1c9455a5
SHA256 19c6f5a6b2d6fa630df1c82741508fb5ab5fc8650a306d74fee55ab4a97edfaf
SHA512 586ae4981f9840dfae919773f83fc3cfd2d4b97632e634cc6707941bf9eef031119cdcf82ef0aac84a8b01f8cbe439046ecf677727475ddabe5b4c0dd851a366

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 466d9e9eea112d221288f7dd811feecf
SHA1 7b597ff1897280787b180be64d0a93c548a2e075
SHA256 66805f781aaa4bb6a5dd147da0affc414f895441752d085016a03ca9d3876370
SHA512 dd7823ca7d56f2fb3a3d92cb14fcce08431d800a3b46a5f13bf5e009f1f3fb2817d4148801acda6880372cc078474c16c9dd3424acfe063f7cea714ffeb039b2

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events

MD5 30cd3cc50ca3f56dd665cc02de9dcae4
SHA1 496d7c317cd3c25920b48827f68aea9a5d340a64
SHA256 a996461674b3ee9b9be5fcadc135212ef1c7b85158bbd1c034ac73bac716395d
SHA512 0a9af210a7124bd5f1f8971dc498f2f1b8d229ceb6e83472993459cb901c136d02efc34ae3d9401ef0bee16086e71aa61709483edc8613aa130dbedc56ca6ea8

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 9bb88b257a6a83f5c25321ddb51dfdc0
SHA1 30a573d2b7b44366e630aad3c43a89d7e429da32
SHA256 91addf9340ac6b3ec6e4583dabdef14202bee3427552e6b1eb9bbdd8c58c94c7
SHA512 d359c63f399a426a578d30e22e846dec140ae7cfb5949389f3db3fe322810a5a4e9611fa947eef31ecee395c03ecc74e764c4a2b9590ff3bed839364272051a8

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 3500d199051891eb098ff082f8dc57e4
SHA1 36b5673d335eba870e02082f27ffe61bbc36f033
SHA256 49fe37feea8bf94802ec7f8f2495c8381959fb2af8d4e43d9cef5ca01b27e063
SHA512 6e3a0cbe080f888354e374d9414726307d7ece441bb90703ed4d45dc4ca121da2c5fcb9f12f11c0ffeb661d0f43db2136a3ec406d4c33354550ac4180dd96392

/data/data/com.FortuneRabbit.app/files/PersistedInstallation1198138673546504558tmp

MD5 16ce91f2a4be8474d02839ce309b7722
SHA1 3156617f7ebac2bea7cbc42395d3d4bac1f8ce2d
SHA256 1a9bf73b22b03947bb56a2a706e6905089586e9632338157432d4aeebffd3d39
SHA512 733f8ba793e4eda1d570634ecf76fec22596596c1989d35e0fd9cb0492c7960ffd5e3845289b69013d6d30d9470926794366bb6fe13032594393ab49f96d8480

/data/data/com.FortuneRabbit.app/files/PersistedInstallation1200604245656119698tmp

MD5 4a30893605477046ad4c37ca642fd15b
SHA1 60680410941fd788752f59a621a493b5f425bae1
SHA256 cf2f5b97a70b537f7e35800065c8e151dcbf103a82457507dc6fd60c950709a7
SHA512 f7d80ee7d33648632596e99e9e699718ed2bba99926e40f5bc9f87a74e97730ac524d84bf586c7b3cb8ef0373582320f2907462dbcbffda1ecd09c399c2f9bcb

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 17:38

Reported

2024-11-07 17:41

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

127s

Command Line

com.FortuneRabbit.app

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.FortuneRabbit.app

Network

Country Destination Domain Proto
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 api.onesignal.com udp
US 104.17.111.223:443 api.onesignal.com tcp
US 1.1.1.1:53 siteofficialred.com udp
US 104.21.26.107:443 siteofficialred.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.212.234:443 safebrowsing.googleapis.com tcp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 wow.itisfine.work udp
US 104.21.10.77:443 wow.itisfine.work tcp
US 1.1.1.1:53 go.sogood678.xyz udp
US 172.67.178.154:443 go.sogood678.xyz tcp
US 1.1.1.1:53 go.gmetrck.info udp
US 172.67.177.129:443 go.gmetrck.info tcp
US 172.67.177.129:80 go.gmetrck.info tcp

Files

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-journal

MD5 b9ded6630816f03ee59a8d90f8b60bf7
SHA1 fa295fc10a1a05e2d3ffa2ced7bee9302cb0b930
SHA256 9b76e351c50a9c9859f740c11aa976e5c304a80c13bc3275aaff02fae0d2c055
SHA512 00b4f2c28401dcca5c48e7fe21a47ad8507e1230f7804e2d9c889bf63e8b410600734abbba6add5a6750d37a06bf23750a93546a4c713ec0317c3d815adb19b8

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 05c4e8bf598e151797c985da02da166d
SHA1 19317e7212522674ad8ac83d94a56f90d4430eef
SHA256 5098f5f1a0511569c11644434b2d0141674b01e9b20ad7b8fe6d879158fc8091
SHA512 25698772dc9a41584ad665072576fa293f22b6e492a3c5a8a28e979c52b24bda87891702fe76b7ec6986556f3b8aa6fe202d2c3fc17744855ed5e112565d4f56

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 36380e8c39c1be734bf5abac7f06b1f7
SHA1 22ad7f83859b0db42525ffad004695f4de652f75
SHA256 caa6a5ae49567442aab2f2cd76ea9aa1781bc6c8d94bedc6b7c5b43b328fe427
SHA512 1f4445d038ee59441d1acea0921e83be09fc84973b089e1f0bb2248aada4c49a6d3d066d7200a4272872cb27d196c05a980c431a5ec473e059b249b949b29d7a

/data/data/com.FortuneRabbit.app/no_backup/androidx.work.workdb-wal

MD5 a45a26b42406d80a93c64c43a92e1ffa
SHA1 c3fb8e49fcc127c2c8924251243155c106c5139b
SHA256 980af4204933d086b7e1e9d31af9f0994d5872f638c69021c2e58731f7d0150f
SHA512 180958761ae0d1014b9a509262bf854d69d449442ec4c6aae7bc75d3c451954951bdc97e59d7a70984a942b85ad9691bad268d4a0209620e44b5df2539590bf8

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-journal

MD5 940283723a43de424f9daa6b5ea45947
SHA1 43927408b80a9fb44db56eb7b8d3c4ccf918c90c
SHA256 855c8e92dd9431c84860b34d332ea9ff92a7c22630e0a0be92d1b5e5625c4704
SHA512 859e3150e56c1abb5d4934e061201472b398dbac68859c0b11cb940d67598ecbf398462ee5d8d61709ee5e50d6751e192cdda776624f584c6b77f3f3e33cbfb0

/data/data/com.FortuneRabbit.app/databases/OneSignal.db-wal

MD5 ac34db34b2547b537abdda344fcdded7
SHA1 d8c6021fc9d8b883facd30b7c165857c6bdf9021
SHA256 3c335167c2a384f2905d7ed0e5e34c34b9ca2a364c5cad928ca691350918b53a
SHA512 f7f8d9e6d26f22836104eb247e99645b64e82e0d3e9ff87766d35e5bea1683f72a84bd6f82fed4f1daf30e0a3f27e6d7961338d91854d4d1e5652ba548c62243

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-journal

MD5 31abcbee1326db4ca1a9d4ece4af0714
SHA1 121ff5add469980a67bb600d039674f2605cfe8c
SHA256 0e70425ec19a44a21ddc37c506bbd766a011c520c930970dd450d3c9c1b8f01a
SHA512 2ccca8adeebff27ad5112904d69fc5bdda264f9dc2db4a13c9c9dc14e9aaa6c7356ccde74afa5345eb7900a23c415dba321773e75bb7c8b3d702f107794d1f71

/data/data/com.FortuneRabbit.app/databases/com.google.android.datatransport.events-wal

MD5 039bd0dea717f819402c1cc1a3803bb2
SHA1 816ab44abee0d75aa5ed7249a554fce4b5ea3249
SHA256 58223ea030541b036e6072f2e2fabfbca62c91a63ba520f8dacfa736104dc3b6
SHA512 d7d80a421b103db958b7e0f4b9845e7b887793a08f9e020efe0ed0168ab3ccea09907d7d8df56f888c93f5457c9ff18704ba64a325c62ac51ab26c8287604894

/data/data/com.FortuneRabbit.app/files/PersistedInstallation7064456674050503999tmp

MD5 8b026714448e0d82a187e95e475bfdc7
SHA1 c4e06ea258a59060ba58bd5a4661d5483d2c7404
SHA256 093979282d663178a967eb1ee5741e896c239a6036f9cfe38994c81da6f66a9f
SHA512 ecf75f7bdea89c95f7124805210b8060855afe141e8920ac020d54ff5213572b13261feb5062bad90d493df9411c283accce873e8d9871be1c9d4153089c85e6

/data/data/com.FortuneRabbit.app/files/PersistedInstallation964918347082100669tmp

MD5 3592d275c9aa489ba9c503ca6a266564
SHA1 3d0a3092134dda14e0978b071297f9f6b247ec57
SHA256 48504f2bc744030da7ada21a47bc5032793b88a91b6037ed2300b07b6d1b09d7
SHA512 876b58b8ff0a0f8a34280482ef5e39e93cc2fdad8da0bcc2a34bc702be0f00eff150484df4eaf76fc9cf0f138844a360b8324e0e21ae856c7f5bb5fa5a0a6a6c

/data/data/com.FortuneRabbit.app/files/profileInstalled

MD5 f0a0b50e10297b4e001d003f61440cf0
SHA1 e95a66f3d9b663b6aa86e01d5270055d7bc454d1
SHA256 6157ec8efec5b880db1af84b0e9e07f99c8b9b500855c9a570217afdc2d63c26
SHA512 16b92772f9014601b3e4659405e468ffd14014708d61dd92741c737d88ae1a8af617efe5584e82d065a565a2e0d7493c4e7f1b8bde0296688e30924a012ddb99