fd99acc504649e8e42687481abbceb71c730f0ab032357d4dc1e95a6ef8bb7ca

Analysis

max time kernel
143s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/04/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd99acc504649e8e42687481abbceb71c730f0ab032357d4dc1e95a6ef8bb7ca.apk
Size

342KB
MD5

a38e8d70855412b7ece6de603b35ad63
SHA1

92118623c417c7b9c46b99ae71424198327698a8
SHA256

fd99acc504649e8e42687481abbceb71c730f0ab032357d4dc1e95a6ef8bb7ca
SHA512

7fb48ed59df753a79a9f42750d71c5cc5aa9a6bca976b83ba72add9ddec1fb50c799b21e874d111bfb414635b1e7f6e9d388867d679a29597f0b912a105c56a4
SSDEEP

6144:HIOn1UQtZOfKr3V33gmAIAM+WubYnmNMbwy9UXKfgWUGl:HImpOfKrF33pdAgubQmNM/SuUC

Score

8^/10

collection discovery

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.emc.pdf

Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccounts	com.emc.pdf

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.emc.pdf

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.emc.pdf

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.emc.pdf

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.emc.pdf

com.emc.pdf
1⤵
- Requests cell location
- Queries account information for other applications stored on the device.
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5046

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Location Tracking

T1430

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/The China Freedom Trap.pdf

Filesize
190KB

MD5
6b29d371194faa13a94ce51fca39e25b

SHA1
c9e2d28f1f5680ac193084127cd185bfde253d1e

SHA256
10e70e0b421a6e59f1a7ceccadb8e2846881cba8692a9ca062e1a647dec1d02e

SHA512
e9132b31aa0f8327c227c75285912065f1bc687cd80a4f6121c1a90dd4bc8ec6e99170b001ec97f7498aa0c27004664ee13962ab7fd7817f9b4eab68043c21a2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads