Analysis
-
max time kernel
179s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 23:56
Static task
static1
Behavioral task
behavioral1
Sample
ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk
-
Size
15.4MB
-
MD5
ac1d8ae4c4a646f5c4811a55493cb143
-
SHA1
3bd52893716cb6c0ad866035eedd4c5120e5441a
-
SHA256
038a4e5796fdc062fc9ead2afcc64f55c624d367a7316d4941846f233d3a8b7a
-
SHA512
26508c934f39d2e966915970027a6da10e6e4349f3856dea3adb028bbf22f9635c8cbef9f52dbbcfddb1e1b5904f486261a0165030c1c29dfc33d4c226cd7f9e
-
SSDEEP
393216:f5kC25B9JRI7fDUIzeJ1/y0CSFpauwFGg:f5y5Bu7bUeerGSFp1wFGg
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.ifeng.news2ioc process /system/bin/su com.ifeng.news2 /system/xbin/su com.ifeng.news2 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ifeng.news2:downloadRemotecom.ifeng.news2:remotecom.ifeng.news2description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ifeng.news2:downloadRemote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ifeng.news2:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ifeng.news2 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ifeng.news2com.ifeng.news2:downloadRemotecom.ifeng.news2:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ifeng.news2 Framework service call android.net.wifi.IWifiManager.getScanResults com.ifeng.news2:downloadRemote Framework service call android.net.wifi.IWifiManager.getScanResults com.ifeng.news2:remote -
Requests cell location 1 TTPs 4 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.ifeng.news2:remotecom.ifeng.news2com.ifeng.news2:downloadRemotedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ifeng.news2:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ifeng.news2 Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ifeng.news2:downloadRemote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ifeng.news2:remote -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.ifeng.news2:downloadRemotecom.ifeng.news2:remotecom.ifeng.news2description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ifeng.news2:downloadRemote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ifeng.news2:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ifeng.news2 -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ifeng.news2com.ifeng.news2:downloadRemotecom.ifeng.news2:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ifeng.news2 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ifeng.news2:downloadRemote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ifeng.news2:remote -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.ifeng.news2description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ifeng.news2 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.ifeng.news2com.ifeng.news2:downloadRemotecom.ifeng.news2:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ifeng.news2 Framework service call android.app.IActivityManager.registerReceiver com.ifeng.news2:downloadRemote Framework service call android.app.IActivityManager.registerReceiver com.ifeng.news2:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.ifeng.news2description ioc process Framework API call javax.crypto.Cipher.doFinal com.ifeng.news2 -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.ifeng.news21⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.ifeng.news2:downloadRemote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ifeng.news2:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/cf12deac3d975d6ad7ea542728bd68Filesize
156KB
MD5de5462eefb78070365e26a98c8c673da
SHA16b2a71a584ef5ccc4a346059919e831847d0a3a6
SHA2568c52ad2cdc676d41e676f9076ea681b55ff48f10ca75519b2419761ebca30d02
SHA512d57b8c9cd3c11f4b3986e08586bd435d6674758ddcf6bd7025049de12064cd93838f20d8558755d6e06c1bac205e15a247c8df44f662d76cf46b2a106c5ef508
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427eFilesize
512B
MD506f0dd13b9c03ca747bcbf4cdca6a8e5
SHA1907b92460cd0a0f909854334eb4593c3ab3677c8
SHA256dd1ba5a858edf476f20f15295bb93945eba69780b8c2f7bec4206b7e1070f33a
SHA5120692efd28a8325a54e40d06b4061650d243698881a42bee3120541f2c034230a4769447996311a97ef568343ed207e2269b7715a37e3c10a7221f0fb93c747a2
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427eFilesize
414B
MD585e99ab8d9dc6b513e3733bb3c47a870
SHA1f3e81b0e35824b54ed3bcf475537827fa468c782
SHA25687ab1ebe58a188c2572f4d5d2b6521d23976be4b5bdaf0ea941e883d3363bd28
SHA512cf3f544c9affb281307c751cbd31c46ba28eac64ce9c7270094617e16222ad6f5f295659e4d61f9636c50e2530f76d3afa5db5f8cb75ec5baaf9da4338a080c7
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427eFilesize
506B
MD50b1830fc30ce4690dd4f7aa7ff6bfcd4
SHA1bc3b2ab33448feebab8f1f3a00be8914ef912bf2
SHA256718dfd26ac634678e625489524d0dfd3f03d25427a7652ea828f4e3deeb95014
SHA512a30eaa951552086d2ff74174f7e918579ea4af17ba34a62da3e0ded9e43becfb2db4e5899b59cbac2db7511f04b01fc117d3a14abdfad2e462049b630358d8b3
-
/data/data/com.ifeng.news2/databases/COMMENTS_DB.dbFilesize
16KB
MD5a859a4da38786ecbaa1e63a29db5cd66
SHA1c205451303e4344af98a9597761961143439f34e
SHA256c5b7c97f921def92c6f727b30c701db9a06f11d2ed67c2d4912f5868e5f4a77e
SHA512220d12ee2428a72d72132b1075f22484475bbb2677b2b6f8f94a1957439e7f8780d98d40e59045c0b14998015a2f6fe13c77afc8551fb5884914737886995852
-
/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journalFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-walFilesize
48KB
MD5b7c88350617e5b49e6f285d7ee3a87d8
SHA1e83a47a359a9aa9562b8d31fb67ad879ea4affd7
SHA256047f27f07b453c5235fe430f5009c98fc52bcf46637bf54868a67fcd2a95b5bd
SHA51221e40536d27075f26e0a54f36c24d088a643613a5f50566875077127ee1a4068af02c06474bf978d0c39e66d5d6b7de45f49e9af5ee19263c982e00621c64165
-
/data/data/com.ifeng.news2/databases/reading_history.dbFilesize
32KB
MD5a61b134bb5f2df1559f1ef8049c1f990
SHA1c1838e3f2e003bcb79ebad38a5c6cbc61e6f02f2
SHA2561e18ad89e5b69b9791469a7d95dc6a0c61fe8af13454f816d744bf8e4b3ac84e
SHA5124545c0dab4d2c471ce9ae5974f9cbb7810d532823a0cc84a114e5ec5b36a6217687788bc17a8ff0af18c1ac302d7f5cc7d4fa429d7a27777029a9d84d563e46e
-
/data/data/com.ifeng.news2/databases/reading_history.db-journalFilesize
512B
MD5d40822a88a406d533157f871217734cb
SHA1d4fe0521e3d53f2dbbb25567cb591aeb907e3a37
SHA256207e0a5ff26163b5f7818c1ea1a4a5c621ef7f0df7ee27120b80b0c94ec285ca
SHA5121a7b46b607b18b6fa780482aedcf5c9359cf155b4edcecf5435e1b07e0b33e9db96701afff427c1a6dce59b04fdf3ce0fce40f6e9d87e361362d0b2bf5b28c6f
-
/data/data/com.ifeng.news2/databases/reading_history.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ifeng.news2/databases/reading_history.db-walFilesize
32KB
MD5cb3ab042b733e961c026daf126419b5e
SHA13683fd674ebae8acbe02e6c3619066b349d94d5f
SHA25615763519804be5c3aa2443c886fc3ed26fc5c7cceb48c366abdf45d9dd8a7581
SHA5128e0fc9deb3255c9af24868dc23e814a06ab77f05753f787d52bef7725ccc9f733ad3908ec6f8dada55eb890f615ecf6cbbe38685667815a55b53aac6984f2cc6
-
/data/data/com.ifeng.news2/files/ChannelConfig.txtFilesize
16KB
MD59915663e03dd9a8d1c17166e28d82c6b
SHA1d63b7b39f357a0e261823c49fbcf0f615e2f3f48
SHA256776e16eb8e9b271b19f969780daec931150414812f80700aef3df4d6f89c5116
SHA512516cf85ba34f2856127dcc75d547275ca9d8edab0ba593f762c6edfb09f01da531d271ff9e83e5b0fd48f8283f30e3a5737e76ffb7f61eef2ec6bd8da5deed50
-
/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
349B
MD543ce26e3b9542b48e29bed78cc94e078
SHA1a8bbb4f74c07ed9a2bf855dcaf52aff9d6c808a8
SHA2563939fe85bc91b24cdbd9cc873ef69ca1e9555845818b8093630a996b5d7cd76b
SHA51210f81c6a2b53d53f852414571f8505972f70395500a5c11f04eed7f2e32edebfea2eadc26ea3446ad6d4cab14d3d56bc9037028a86d6d7a24b4caba1b4ac72d6
-
/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
388B
MD5cf9c074eae4e3d8f658ff6670668e1bf
SHA1e022eeeaacf0a68472529e5a72cad7e4d9116e0d
SHA256692e77e266553486015404dd0951dcf1b0d30382bc078ae3662285c8048ab5fa
SHA51251dd92165eaa185aebf84ebbfa9ba0914cd671f8ec29c1c3427120b15e386b1aefe4926f70f0f9d176e21c47e03edea677941c86be48ae9979a6fe8797304274
-
/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
2KB
MD5d23118ea94073c6d5bcb5a08b0be8697
SHA1edf411d853bd9fb3f83ad9e6c74ff35b7dc891d8
SHA2561c5607be3bc9f41ea3e7c25644d91f2b425195432ef6549aac0578ac361b90dc
SHA5127522e84c56df4443c89824efdecbb63bfa0862feeaee6a15deda3b939e8738f661dcf7741312c13f24095545c3aa7df5cb689b7221550be69abed1031ef832c4
-
/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
303B
MD55fadf1169ceffd6a56ded7023b85fd04
SHA102d452fc7334ea76040ef38ceb7f2a456a2470c8
SHA25640c460e6df49255b00c3b995688eb26b3a97285754ef663f2a98acaf8740d687
SHA5129fba0b4d9b822681bed172054df84e052a6bffa86060aeb0266cf2ccf71e5683e20c5c8eff67a2a2aafe72c998621edd5acdf37f366faa758c3cfe119a5cbb52
-
/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
52KB
MD5e2715571b104203253f00cb35e121dd7
SHA1d6fbcc8742a27979c5b928522a6c2c4a68360e85
SHA2563a777d1799ff9d74aed6ef63e2d244a735c3dec0f349e98a694636bbc44ab4bf
SHA512a27d1e2f8b1ded1b6b8bf0bbd221f4649fd9b89fe165ae0be974cc12e6f17bfe96146f08a0e9acf84099dd0c2e20a7da52c18cb2f17fab7ea1a1114d841097f3
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434257Filesize
32KB
MD5bfff6e8ab473b6f42c040a6da152a783
SHA16b1e48510b7d2fb7c2dbbcb0c8863ac0e6e50ef4
SHA25606490439b74077a099a2b17b2a2a5e9bf64101fff197eee90c18d2475b66dc9b
SHA51251800761f77b07a415303de2321b2cb8d9e6182b5f26a7749caa6835c9e440761cc63bf59e66c84a0d76feebb8a39abe06ba20966b0945ecd71b4639b45d913f
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434746Filesize
841B
MD5fa3984264e9cbd4135ad81d17994c27a
SHA10e82980fc40b4945cd2be7e02fbc482455513301
SHA256f941c7a9a18e5fe49263f66c73f1b980511d18fd4b4670c433d6fff69258634b
SHA512b3e59e952e7e72f8bb23775533fb38053553a99ebf713421adbcc500dc5008fd0d5a5893eb416fe6207744a0f6bf810b28930040c610b27ceb053d829059c4a4
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434880Filesize
873B
MD52f47231f6fcb911b2c7109ea21d2051d
SHA13c053f79afb7ae1327f7d8ad81699081fd787ab8
SHA256e1519afc948abf22464dc3633e4abc30e98296741296cb3624a0a1c6dc56944f
SHA512ef93c569b66034e85e3663bf8916c177e5777009acf8d326060d86119e03aaf7ea0ecb0b5ca5050dbb9b58c2eb48dfa3091b33df30ce283a11bbbd7617f180e3
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434925Filesize
873B
MD5ac3199390aa745cd49d2d41cca738f70
SHA1943d986b42fa65130d61328381a921c6e9f909a0
SHA25605bf2426b44d9972e70c30d4bc104e9a44782dc9b4e73f9c8d7061936c760e15
SHA512b6e49c19864a18722130a02ea7b163e7c1f001465eb0cea1a2505d8b122d838cc19216466989b120fb16ead134d064d43fe701ea33eaa0369e37cc56e54f95ef
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.datFilesize
16KB
MD5431d75b3464a079c7adba85851a34333
SHA115d82e9a55d386b5c40926bbfb2f0d9ae614dc43
SHA256f5c847a1ec73d9ee6ac40befde4fe1df3af326b54f3f1531b991c351d6891976
SHA512a569927bda80bc1a7a645005bfc959de90d7e11dbd0035a24199a1928e165cccd649ff2854116ed93d92521dc0103b1d5eba678142615960bdbfb611df438595
-
/storage/emulated/0/Android/data/ifeng/news/cache_temp/9c04eb4019ca78caFilesize
81B
MD52d2b486304ab39a4f42322db588586c2
SHA1c84e94a31eb2704e0e933e57ed4e7e1a242d7749
SHA256ccd72b94f7fe27c6797a9c6a3f5fd2ae209c9f5fc60fe95bd8be459bf9708d63
SHA512f8f1a11ceae281354ae19f79b1ba45e3186b12bcbbd7ee72864ead851df1f9b403968cc5055d02c6ce4293a17f3d7c44f01b8da6ede1c2e9ad574cc310ff8b5b
-
/storage/emulated/0/baidu/.cuidFilesize
512B
MD5f89cf1938cfd67f0b31410c668f0061d
SHA163191696da2dfd6c0150c2bc460c29b064307f7e
SHA2563439c3397cd17d5807daa9b566b3966a0e5f30f5740214017567d1c3beb1c2d4
SHA5127dc95fb80d235dd9a2fd28d27870c1b76974968c81a80ae7cc489279d38c76f1e9841ae0dd7b06d2f472f0460b4d4b1c8c85a04ec55fbcb3048539713429d76d
-
/storage/emulated/0/baidu/tempdata/ls.dbFilesize
28KB
MD50d3e99204c6401ea499fe9e6d9855497
SHA109829f00ca458eab7374d5079393a2cd69a2348a
SHA25663ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA5128d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68