fd99acc504649e8e42687481abbceb71c730f0ab032357d4dc1e95a6ef8bb7ca

Analysis

max time kernel
141s
max time network
155s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
24/03/2025, 04:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The China Freedom Trap.apk
Size

342KB
MD5

a38e8d70855412b7ece6de603b35ad63
SHA1

92118623c417c7b9c46b99ae71424198327698a8
SHA256

fd99acc504649e8e42687481abbceb71c730f0ab032357d4dc1e95a6ef8bb7ca
SHA512

7fb48ed59df753a79a9f42750d71c5cc5aa9a6bca976b83ba72add9ddec1fb50c799b21e874d111bfb414635b1e7f6e9d388867d679a29597f0b912a105c56a4
SSDEEP

6144:HIOn1UQtZOfKr3V33gmAIAM+WubYnmNMbwy9UXKfgWUGl:HImpOfKrF33pdAgubQmNM/SuUC

Score

6^/10

discovery impact

Malware Config

Signatures

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.emc.pdf

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.emc.pdf

com.emc.pdf
1⤵
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4735

Network

DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.212.206
DNS

www.youtube.com

Remote address:

1.1.1.1:53

Request

www.youtube.com

IN A
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.178.14
DNS

blackbeekey.com

Remote address:

1.1.1.1:53

Request

blackbeekey.com

IN A

Response

blackbeekey.com

IN A

65.20.96.138
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

geomobileservices-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

geomobileservices-pa.googleapis.com

IN A

Response

geomobileservices-pa.googleapis.com

IN A

142.250.178.10

geomobileservices-pa.googleapis.com

IN A

142.250.200.10

geomobileservices-pa.googleapis.com

IN A

142.250.179.234

geomobileservices-pa.googleapis.com

IN A

142.250.180.10

geomobileservices-pa.googleapis.com

IN A

142.250.187.234

geomobileservices-pa.googleapis.com

IN A

216.58.201.106

geomobileservices-pa.googleapis.com

IN A

142.250.187.202

geomobileservices-pa.googleapis.com

IN A

172.217.169.42

geomobileservices-pa.googleapis.com

IN A

216.58.212.202

geomobileservices-pa.googleapis.com

IN A

172.217.169.10

geomobileservices-pa.googleapis.com

IN A

172.217.16.234

geomobileservices-pa.googleapis.com

IN A

216.58.204.74

geomobileservices-pa.googleapis.com

IN A

142.250.200.42
DNS

k7k7.co

Remote address:

1.1.1.1:53

Request

k7k7.co

IN A

Response

k7k7.co

IN A

34.132.102.6

k7k7.co

IN A

34.136.111.81
DNS

k7k7.co

Remote address:

1.1.1.1:53

Request

k7k7.co

IN A
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.179.232

142.250.187.238:443

www.youtube.com

tls, https

1.5kB
40 B
1
1
142.250.178.14:443

android.apis.google.com

tls

4.7kB
8.0kB
23
20
142.250.178.14:443

android.apis.google.com

tls

5.5kB
7.3kB
21
18
65.20.96.138:2239

blackbeekey.com

240 B
4
216.239.38.223:443

tls, https

788 B
11
172.217.16.238:443

www.youtube.com

tls

4.8kB
9.6kB
24
15
142.250.178.10:443

geomobileservices-pa.googleapis.com

tls

3.7kB
8.1kB
28
19
172.217.16.238:443

www.youtube.com

tls

1.4kB
8.9kB
13
9
34.132.102.6:2239

k7k7.co

1.1kB
788 B
19
15
142.250.179.232:443

ssl.google-analytics.com

tls

1.4kB
6.3kB
10
9
142.250.187.238:443

www.youtube.com

tls

135 B
40 B
2
1
142.250.200.10:443

geomobileservices-pa.googleapis.com

tls, https

8.6kB
40 B
4
1
216.58.212.193:443

tls

135 B
40 B
2
1
142.250.187.225:443

tls

135 B
40 B
2
1
216.239.38.223:443

tls, https

128 B
40 B
2
1

224.0.0.251:5353

3.9kB
13
1.1.1.1:53

www.youtube.com

dns

122 B
303 B
2
1

DNS Request

www.youtube.com

DNS Request

www.youtube.com

DNS Response

172.217.16.238

216.58.213.14

142.250.187.206

142.250.180.14

216.58.204.78

142.250.178.14

216.58.212.238

142.250.200.14

216.58.201.110

142.250.187.238

142.250.179.238

142.250.200.46

216.58.212.206
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.178.14
1.1.1.1:53

blackbeekey.com

dns

61 B
77 B
1
1

DNS Request

blackbeekey.com

DNS Response

65.20.96.138
1.1.1.1:53

ssl.google-analytics.com

dns

140 B
2

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com
172.217.16.238:443

www.youtube.com

https

5.5kB
54 B
4
1
1.1.1.1:53

geomobileservices-pa.googleapis.com

dns

81 B
289 B
1
1

DNS Request

geomobileservices-pa.googleapis.com

DNS Response

142.250.178.10

142.250.200.10

142.250.179.234

142.250.180.10

142.250.187.234

216.58.201.106

142.250.187.202

172.217.169.42

216.58.212.202

172.217.169.10

172.217.16.234

216.58.204.74

142.250.200.42
1.1.1.1:53

k7k7.co

dns

106 B
85 B
2
1

DNS Request

k7k7.co

DNS Request

k7k7.co

DNS Response

34.132.102.6

34.136.111.81
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.179.232

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/The China Freedom Trap.pdf

Filesize
190KB

MD5
6b29d371194faa13a94ce51fca39e25b

SHA1
c9e2d28f1f5680ac193084127cd185bfde253d1e

SHA256
10e70e0b421a6e59f1a7ceccadb8e2846881cba8692a9ca062e1a647dec1d02e

SHA512
e9132b31aa0f8327c227c75285912065f1bc687cd80a4f6121c1a90dd4bc8ec6e99170b001ec97f7498aa0c27004664ee13962ab7fd7817f9b4eab68043c21a2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.