8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19

Analysis

max time kernel
77s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17-11-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19.apk
Size

12.2MB
MD5

9082d221e813e74c2842b503f1be4503
SHA1

827afdb34ca20e3fbcd9ebdd920a093d27fbe85d
SHA256

8e429d7bd40d37e90fa6b7573c55ca207bbd0f8bd02ff7243f8608b6548fbf19
SHA512

ff4cab110cc42bf652ddb8569a2ad294109edcd67d03775e7c60f37370ea418663173b38449f52c15ded7da7353524cea18bf54f4e37fea7533ce771bc44062f
SSDEEP

196608:btd7pyOZK06nrERViibWMPdJ2vS2/gD366qnPDsIlUdtgiZpqEcWtk/SE:br7E4H6rEfiMXdkS2/c6LPblUg

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

rabbit.web3/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/rabbit.web3/files/audience_network.dex --output-vdex-fd=100 --oat-fd=96 --oat-location=/data/user/0/rabbit.web3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	Process
/data/user/0/rabbit.web3/files/audience_network.dex	4270	rabbit.web3
/data/user/0/rabbit.web3/files/audience_network.dex	4394	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/rabbit.web3/files/audience_network.dex --output-vdex-fd=100 --oat-fd=96 --oat-location=/data/user/0/rabbit.web3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/rabbit.web3/files/audience_network.dex	4270	rabbit.web3

Acquires the wake lock 1 IoCs

Processes:

rabbit.web3

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	rabbit.web3

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

rabbit.web3

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	rabbit.web3

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

rabbit.web3

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	rabbit.web3

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

rabbit.web3

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	rabbit.web3

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

rabbit.web3

description	ioc	Process
File opened for read	/proc/meminfo	rabbit.web3

rabbit.web3
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4270
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/rabbit.web3/files/audience_network.dex --output-vdex-fd=100 --oat-fd=96 --oat-location=/data/user/0/rabbit.web3/files/oat/x86/audience_network.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4394

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1954adde6379241c1f9312f2863144fd

SHA1
2e758ca5624a53303495d46584a3589561dd0366

SHA256
57e925d0992924ae44981f027a446106de4a6d755fe87dea40f724d3b9869ea9

SHA512
0801655b3555300ca7fdf9f671e80a0b33342517a06f14dd4d952f86e91925d7034098f590fff5a9c75ff0440c5f490d02ae65962cbe7e9bae80ea58add42cd2

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a7522c0fe13aac7b8f5e4b32afa9486f

SHA1
559035208e4a9dbb18383943eab0a9362297670f

SHA256
cb10f79d0123713acf0d11b8faca88f8208730831fdd1b01674b63fb44b32ba0

SHA512
a9cfe0066e1fae839b2f6f02aadbd315e63dab9cade955a751aec1f09807282750f6f1ad7d3cd8da69780fd25d6c30221325dae9f4fb736602627b84d8315e2f

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
b23c10b75bffe67d945d6bf45a947ea3

SHA1
6de47fc9906ba166d4f7c96bd1649df21dde35fe

SHA256
461bf5d24d017d0e1764701dbcc927a22356565f8e2f26923a59fbab787ee9c8

SHA512
06158494575c1967252f8b481fd6659bb139992034d5eca7d9a1741c11401276f8cab5477aa245d4bf7369efe1a6e87e1149c3122bf27437b611f66accd615b4

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9dab19764224ce7700e43f985dd5e669

SHA1
a73d97a0878496a96c993ab78a42f9d3afe41470

SHA256
78975dcd7989ed20ff6cf48685ab0b00f02d9e9294ad4b9c4b92c555deef3243

SHA512
41dba22cdfe6c2f4db361ce90de3f3404c53da4399c3a1539b209c7852f7217aeb2f9f664e14b2ff12f4631c3610e54940cde1d90e071e756a5e7ddc6f673e4e

Download Submit
/data/data/rabbit.web3/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
c2a8c43ed9c007f2c14e210c96f71f1c

SHA1
ff04c39f5a5536a90b823adc09fe9897c1cd8574

SHA256
81da455cbf1d7a32a9de2b51dc972e5da1a01844b2a35667ec7e030e1267202f

SHA512
7ab1fdf81af17de43c03e8e2d7bbce5dd90fdbbe899beb9638c6883ec3e931d3272192a3f3b1c29a6fdfbdb1210e649c8a57e2b8a3d203f98169a99990e2cb99

Download Submit
/data/data/rabbit.web3/files/audience_network.dex

Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/data/rabbit.web3/files/vinebre_ac.txt

Filesize
19B

MD5
3dd1128d8d97716e1e98a6b012d7024a

SHA1
682a44080396d9302b96b7d1b298af781bcad89d

SHA256
639ec3e749021c7b9a9dc7dd1568daa1c4d59721cc604b87cad2fbff2bc086b3

SHA512
3ffdf0c62a10fa72d6a88ec48786a6fcdfa56a12a014e075eb42bd67805e47a26c770382dcc3747e15e70c73390180cda1e078ff4e281e229d0dfdd73924ed69

Download Submit
/data/data/rabbit.web3/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
cdc5590fd819b45a6557dc6ac99d68f8

SHA1
88aaec8c67b65242704a232ebaaf46ef75f02557

SHA256
56180f4b66fbfa7f12fac0e3918143138b1d0814798a28138b5755c4c1b06f1e

SHA512
a5ec5465666312eba9b02abd40b7d6c57567b69923f954b7daba0a2e3c3a8847b8159efcad5203d443ecb2f19665e03959660fc7cd930b10b5bd19a7f93a596d

Download Submit
/data/user/0/rabbit.web3/files/audience_network.dex

Filesize
3.2MB

MD5
d437cdd3ce661e6966ac9f31a5413561

SHA1
013662ffcab50bb8c56557031cf16e2fd84f4a7c

SHA256
db97838bf29d022b67acffd5f7c931ba63746eb645718a04d02ec78c576cca46

SHA512
fad474e16d5bb5f34ccd1a32d63d6f9e307f6c1052253665bbb7ad4af20b1f331f61aa9738939a122ee3fa212098a226544b4f96dfb38bfbc6abad029901ef16

Download Submit