8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19

Analysis

max time kernel
109s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
16/11/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rabbitweb-1.apk
Size

12.2MB
MD5

9082d221e813e74c2842b503f1be4503
SHA1

827afdb34ca20e3fbcd9ebdd920a093d27fbe85d
SHA256

8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19
SHA512

ff4cab110cc42bf652ddb8569a2ad294109edcd67d03775e7c60f37370ea418663173b38449f52c15ded7da7353524cea18bf54f4e37fea7533ce771bc44062f
SSDEEP

196608:btd7pyOZK06nrERViibWMPdJ2vS2/gD366qnPDsIlUdtgiZpqEcWtk/SE:br7E4H6rEfiMXdkS2/c6LPblUg

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/product/framework/com.google.android.maps.jar	4933	rabbit.web3
/product/framework/com.google.android.maps.jar	4933	rabbit.web3
/data/user/0/rabbit.web3/files/audience_network.dex	4933	rabbit.web3
/data/user/0/rabbit.web3/files/audience_network.dex	4933	rabbit.web3

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	rabbit.web3

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	rabbit.web3

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	rabbit.web3

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	rabbit.web3

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	rabbit.web3

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	rabbit.web3

rabbit.web3
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4933

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b426844711115a89d562c02265be054

SHA1
c509a433cd79ef6618963d753ba7beda60e051c4

SHA256
aa5fa19d2e9629323c9ecddf657b93f2a3015e19c7f8f2f2a3e41546e8e8e74d

SHA512
ea777e6fee97d0713df7fa61bcb30de03e6e9c224bc4b3550a51e015bdcde30913de884a54fa70f7d9fea91dcf5166451175c298bb6cd5bba4b06fdecacb397f

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9d653051d5a7d798b02648d135ac499e

SHA1
fd13d3d30a0b716fbabb8cf89f4312366fe35d6f

SHA256
92ebae580631ed7c163ce97ebb415b10c464de0f1bc242dcc25cd1dcbb5b48bf

SHA512
a7ef40b1fcc4effd66b60b154b790e87fa42ad1ac292c04f781342426c867bc61b34af92333812890d5e97a902de246196e5cdf653eb7f141144a22b56e3385b

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7dbad48a3a74fc74a8138453b7b15a01

SHA1
b747183c35671446b25081d6361e17f89d0c36d3

SHA256
43f7e8679704f968f9c4f1ace266fc7acf39a34d9212cedcf43a2009d6b19348

SHA512
a62ac9f33b03ef4b41ffab1218354ba6b41e2470c8e3f2b0524bffb3452e9b13baf93c2063acc8761741577ad2284587ff70c38aedeab9e959d907812baa1cde

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
40be281f55ff697dcf6b9f2b3c701b81

SHA1
2a0a02e669b5133a9cacecdb7b68687c1aa85791

SHA256
a9be10e3d0deb454603547606f30c7ccdf306c8941204524a9fa62fa2bdc21b8

SHA512
7035d8438f367875eeb8411c54a5186f8a6fa46fbe79dc1bbc0c16ddbf23d79ab7a5d6f6b68c2d64034994ae9553db730567f68b434ee0707e3524808d5bc23e

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d8355540a6c39ce10d301708484ceed1

SHA1
ac940fce8e175c4aa91e2856821ce4a0c7ff0b78

SHA256
258a9df82b3c58cc0839d823cb12c95ba52d87565c3a72668c6a6fa0f5562f37

SHA512
068160ee1d36e574a40dd02357bbb13a2469207ee8b8ba7f45c0c5d16b325682fccdea91d0b6f299835b780dbfb1577294c34a3eb9911394c6b42c9a22ad113a

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7d76e3a4774f27a5c4eddc642f58105

SHA1
3083243f748ca5f6ae065c3a055093781b0e6237

SHA256
ff3572ed8a92872fff483534e1b593378d24932e0cc63ad37bb80ad75db3560f

SHA512
a049b8926c514f2dd0a3e78c719cc0652d676eee16b156f52f2f6d4bc10ae8ebb6b9fdbb12efdec1cdb09d33ddff6d84fda2bacee48416dff4b1b5c05bc3559f

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8224ff374afd7e2224a312ec45593a1f

SHA1
680f70c7002090834aca872f4db3c9bf0856e374

SHA256
7e4fd3abf75792c406e22b62a066753f4a1a20412a9415bf8c80f4687de02ab4

SHA512
d6e0cee0136cab7e8715983dc42e800daec950de0cefc1b4f6bb99d5194e97aa2210fb0954c69aba0998ea069668e83b5d8de31d30eb531f5d7dfe624024775d

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0a0cd6b59c907830db5c1912543d5b0d

SHA1
846955fdad2ac779d89924fa375d9fb2ffb35aa7

SHA256
636e3d51e25bb998b76a2af1fddd90dc8995f515ccc8e8f3f03d3904d1242ca6

SHA512
021594249099cb35860e4eb3115fc8e0275f176a5e8b6c3102f56489ad91f720bd9eaa4eded5a66cc7c72df3903d32f32b2409ec6352e94f73ab601857b579b0

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
060066febd4ae0efcbb99e16311331ea

SHA1
8de7bf8f09e85db5c8eb0bbc97331081aa10b18d

SHA256
08fc7f3a16a8e7cd9f0ede89e2e58515de0140ef5e078c37b5b0badb36ec0645

SHA512
3aaa375eee0aa13d602386d7474954a048a4e8bd29f34b01897197eec1667ffa6f67a6f1540328fffed53a26f7fd768c54b4fa6818456f1dd67187f99d1fa0ec

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
9cc628966f555cb229dc6695febedc68

SHA1
593275382ee4f36921aab3e80ca7f2bcf9cac092

SHA256
35026bdf58d816f866d24ed54e4e7eaea83b432bc00776f0824d2d3f379c3655

SHA512
e17a766b15b645fb51c10a8cbb5581db01933a71470eb532d860b2eac7a02aa0f98b925966019116f52e7c4622e8ec033647f861603e9250ec1df9dcd49de6aa

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
7097a5905996fef8c13644973711a41f

SHA1
a0d0d7a9ef01b751add628f1f25fd72c1f9e503a

SHA256
59c843db296b903241b8af3b6d455c33dd8f4a81ab49dabaff0eb057c433f639

SHA512
039f2dd58d0b935cf2674b11c96c53966b4b0ce63a672a5ae698367a562a161477f34dfa0c6e0e7408828dbbcd33e28c92970aee48892e93ac8cdfb2fef01254

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c9beb020d95837f01adb810c1749da6f

SHA1
6eab491ac5038a64b90055a4465256c70a04c5ef

SHA256
0ef7c726cd42d6bc03589b05ab4eeaa1d6e8ec64419181715ce7fce6d506f35d

SHA512
bf067e2673e4458cfd241a2ebdfb6998b150424e84b284a00aa68d07eae17b00e7f085e4e9e44da8e08c628e5b83744bc0cce4fca4d809e4cb2147e578c241d9

Download Submit
/data/data/rabbit.web3/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/rabbit.web3/files/UnityAdsStorage-public-data.json

Filesize
57B

MD5
371e0d441e425da5c0c6bd5a10e1804f

SHA1
50701ae04801218748e5fbe4923d198f74ddfc33

SHA256
fed45a558680be2c5fbad9b3631062d0dc6b17174182d29ea65e324731aa37c4

SHA512
7e99356fcf638e53ee627a2ec6f80908f941ebe3a6b032c779aace3771dc861a04d7e730e52435a0bb1dfdae1484dfd1d9b5fb4060a47eb2552f273492a4f7f9

Download Submit
/data/data/rabbit.web3/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/rabbit.web3/files/icohome

Filesize
137KB

MD5
a1eaf6e2163c908f6d60134f47f8408d

SHA1
be627069713f573cf7bf13c5c397a7d95d575850

SHA256
5ae510dea9920eaca1869d24070aed4a5607babff346976dff6ea828d454597f

SHA512
7de22019ce7c5626db447ecd4d454c61fe3a33dcafe3bb25b9699930198cfa2cd8e9734e104c5b757cf82cfdd6e66d7e440bc674005bac3b0de4f82963beb62e

Download Submit
/data/data/rabbit.web3/files/slider_header

Filesize
11KB

MD5
295b8076f5af566465038de2f61ffdd6

SHA1
bb9546b144bb92303df1316b281db2462d64dc80

SHA256
31a7ea8bcf71b5668ac94601c3c5960c2a0ecf5d4931886a5b1291f5174dd2d5

SHA512
46e1a6abcd9c0ef1f5306a39c58abb54a0a2710969483a03c83b26fdfa1f3c9b24b4f5d1e91129da8034b0531296d509914ffbdcabc05258822cdefc7fda3275

Download Submit
/data/data/rabbit.web3/files/splash

Filesize
160KB

MD5
c82e087eb111cc299aeed07a9b565279

SHA1
660d60f5e98ce316b51408a7ee89816169c22409

SHA256
b4cc8440ea0078c1f2c7167bd5f4e7c8fe515d62f9ca6a93e8ed7e01003210d2

SHA512
415bfd83fb61da042beb88027c0772445c81d8f89a31e82845cb03cdec790091f8066eebd89b740a815450338b5262c80deb5ad5ed94f3b5ad7632a59a08da3d

Download Submit
/data/data/rabbit.web3/files/vinebre_ac.txt

Filesize
19B

MD5
84598e23dcd52d8da96a542c86a7fea5

SHA1
7839a7d895a30cfb06c88b0bed4b3ef697a39cdf

SHA256
c075853360471df23779617f4a2f32868cfb96ea924f15b0ded057ec8bb4ba1b

SHA512
9729b2127522deaf1edd7f3f87ca83e98e812c79799f9a0dac58b56dc9787e497411a3c7216d842d334b27595bf4e19fdb2a9921001ba9e0f73b3d303c25a08a

Download Submit
/data/data/rabbit.web3/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
a473ca3575ae71728d67aa549537385d

SHA1
a896cc9327d258e7177fcec20d3351175b61fbc5

SHA256
ab0ebe2169139e0bc16eebdd0b082d7ef40eefea7ac146e87c15e395ebbc0d08

SHA512
d76507d4e2450807d295a00a3817cbfb98232d80d48ac23105c59064de31cecd3d5bc900bfdca5313923cb70c542388944512f63538b0ebf5ea49073caf36bbd

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit
/storage/emulated/0/Android/data/rabbit.web3/cache/UnityAdsCache/UnityAdsTest.txt

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/Android/data/rabbit.web3/cache/UnityAdsCache/UnityAdsWebApp.html

Filesize
2.1MB

MD5
2bf51af6fa3ea079bf34197e277fdb5d

SHA1
de6ef4f33a371a7aa1dd1c354574eb7dcb248f8e

SHA256
84b518d1a22e69deb45786862b310da4e534cfe4fd7d61381839e0e20199b3df

SHA512
064a30e4ac17b877381e6460aadb4e36c2c712f2a42f2b382cf98bc2ebd665427cdee2a224b932411eda61f545db5a9ad9c00d8e23b23dce5013b3d1e1c74f4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads