8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19

Analysis

max time kernel
68s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
16/11/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rabbitweb-1.apk
Size

12.2MB
MD5

9082d221e813e74c2842b503f1be4503
SHA1

827afdb34ca20e3fbcd9ebdd920a093d27fbe85d
SHA256

8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19
SHA512

ff4cab110cc42bf652ddb8569a2ad294109edcd67d03775e7c60f37370ea418663173b38449f52c15ded7da7353524cea18bf54f4e37fea7533ce771bc44062f
SSDEEP

196608:btd7pyOZK06nrERViibWMPdJ2vS2/gD366qnPDsIlUdtgiZpqEcWtk/SE:br7E4H6rEfiMXdkS2/c6LPblUg

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/rabbit.web3/files/audience_network.dex	4247	rabbit.web3
/data/user/0/rabbit.web3/files/audience_network.dex	4376	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/rabbit.web3/files/audience_network.dex --output-vdex-fd=93 --oat-fd=91 --oat-location=/data/user/0/rabbit.web3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/rabbit.web3/files/audience_network.dex	4247	rabbit.web3

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	rabbit.web3

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	rabbit.web3

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	rabbit.web3

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	rabbit.web3

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	rabbit.web3

rabbit.web3
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4247
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/rabbit.web3/files/audience_network.dex --output-vdex-fd=93 --oat-fd=91 --oat-location=/data/user/0/rabbit.web3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4376

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
355fbbce5b640c5a5d0a51ee1e98335c

SHA1
8b1ef899c6783b07b6829c571b82ceb84d580af7

SHA256
32d36b35ade10f18cffadda66906f7c38735d1e7b9d65fc265524a57633acf3f

SHA512
6626d59426b4aa8f1b1329b4e40fb157139596f62686d6fe4ef72be64eeefe4cc8f2d931883fafeaa8842b1d4f3c2d1208c005ec598c8acd03b7abbf8ef8b557

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d8eda0adf548d3102621703245870622

SHA1
f446df82215b2c00c7da8b6ef8ff00164e60fcd0

SHA256
9c2ac3e6c00a769605885f8aa8d58e89707108aff72618587a9d76d616a05ef7

SHA512
6bf2c80fd81c60114cf347ee9d6e401f08c092c75d3930d8705162c523a5a8e576a8121adbe22364de46cc068ea4f4e1fd26df2034e7f1c7a5bc8a31947436f5

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
63c81882229f1856e080387338d58090

SHA1
b20b5c70407f688d3a4683c41d6132b51e7d6aa6

SHA256
8350f385571af76288ef47429a9d2634731773b2dbe91ecbfce403640f1c22a3

SHA512
081b1a26edb52fe789b226e0979c0bd3afe812c001d81c804724771375349eaa5bc5380a050cc161f736b5da6397edd8693db1ba48e267f839a8f0a8748a6d87

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
391fcbe4b9ce78010897a406bb4d2e4a

SHA1
fc76d05a46eb35017a32bdc920af95ecbb957e70

SHA256
8199dbb77b394246f7ae885a4febc3cfbd6a8d64b06b99159c38201f7e32ffe5

SHA512
d14a04677af3638c20f9b684cd5a2c28370233bc1b3b75d97d2c931011a8be5a4599ac3dfe3b598aa93fdf5f0f07cd4b7975fda2a685d987b101ccafed15bfca

Download Submit
/data/data/rabbit.web3/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/rabbit.web3/files/vinebre_ac.txt

Filesize
19B

MD5
c0f6398ef405dcf36ce2cb9a29abf754

SHA1
cf50d7dc8599b5a3e190f09348ac16b200edeed5

SHA256
079d78b28295f8fa8f3198e929e783348e5fac6b1deb9274a0eeceba695f8bf6

SHA512
83cbee8fbd9e55b492217a8f76645787fe1f74ba6789f54b0dba3ea12bc1cd33818f0efbc97da5899c8d341f5b912d98adb97ecad4cebf67fb57a9d2dcc79afe

Download Submit
/data/data/rabbit.web3/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
62438a4dafb4dba05afbf14e261c1d7d

SHA1
d9de981d63889722ed505e4f792e6e113b7a1cdb

SHA256
8aee3adec0ae5803b7dfb1b771b7372b79e3db78caa150680fddc8d10022902c

SHA512
d683ef343e39afdc99ae2f83e8594d08a173df43e3de482849db69b7be9314fc732319387412d3db3a607cf7d563d45900c9bd8de06797b417c2088296184dfa

Download Submit
/data/user/0/rabbit.web3/files/audience_network.dex

Filesize
3.2MB

MD5
d437cdd3ce661e6966ac9f31a5413561

SHA1
013662ffcab50bb8c56557031cf16e2fd84f4a7c

SHA256
db97838bf29d022b67acffd5f7c931ba63746eb645718a04d02ec78c576cca46

SHA512
fad474e16d5bb5f34ccd1a32d63d6f9e307f6c1052253665bbb7ad4af20b1f331f61aa9738939a122ee3fa212098a226544b4f96dfb38bfbc6abad029901ef16

Download Submit