Analysis
-
max time kernel
179s -
max time network
181s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
14-06-2024 23:56
Static task
static1
Behavioral task
behavioral1
Sample
ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk
-
Size
15.4MB
-
MD5
ac1d8ae4c4a646f5c4811a55493cb143
-
SHA1
3bd52893716cb6c0ad866035eedd4c5120e5441a
-
SHA256
038a4e5796fdc062fc9ead2afcc64f55c624d367a7316d4941846f233d3a8b7a
-
SHA512
26508c934f39d2e966915970027a6da10e6e4349f3856dea3adb028bbf22f9635c8cbef9f52dbbcfddb1e1b5904f486261a0165030c1c29dfc33d4c226cd7f9e
-
SSDEEP
393216:f5kC25B9JRI7fDUIzeJ1/y0CSFpauwFGg:f5y5Bu7bUeerGSFp1wFGg
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ifeng.news2com.ifeng.news2:downloadRemotecom.ifeng.news2:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ifeng.news2 Framework service call android.app.IActivityManager.getRunningAppProcesses com.ifeng.news2:downloadRemote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ifeng.news2:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ifeng.news2:remotecom.ifeng.news2com.ifeng.news2:downloadRemotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ifeng.news2:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.ifeng.news2 Framework service call android.net.wifi.IWifiManager.getScanResults com.ifeng.news2:downloadRemote -
Requests cell location 1 TTPs 4 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.ifeng.news2:remotecom.ifeng.news2com.ifeng.news2:downloadRemotedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ifeng.news2:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ifeng.news2 Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ifeng.news2:downloadRemote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ifeng.news2:remote -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.ifeng.news2com.ifeng.news2:downloadRemotecom.ifeng.news2:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ifeng.news2 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ifeng.news2:downloadRemote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ifeng.news2:remote -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ifeng.news2:remotecom.ifeng.news2com.ifeng.news2:downloadRemotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ifeng.news2:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ifeng.news2 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ifeng.news2:downloadRemote -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.ifeng.news2description ioc process Framework API call javax.crypto.Cipher.doFinal com.ifeng.news2 -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.ifeng.news21⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.ifeng.news2:downloadRemote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
-
com.ifeng.news2:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/8b578cd9c8cf6688722389744fa9d70Filesize
8KB
MD5e2d02117b7102cd0cef4940404e6e3bf
SHA12faad53a3032b06cd7cd492cb2f1c334dd203100
SHA2568560c426501c56db3c9c43f909b30fe10b841168f48e558ad385205b36fe6996
SHA512aed59c6ac00db1b7bab81811c4e8140a82fe4768f7eb5646fca55d61bf55d491067eff936a4419ac35d230204a8117cbb04e1473e6a33998e8a78b61d5455f75
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427eFilesize
8KB
MD5fdd5a40e0455ec2b3d05d320ed7cdd64
SHA1574da9d821b26f019421f6aef2ec7e7435f91c59
SHA25613e3fc6bf8acbdd046b369a8e612aeb9b750c3bef063cf64fc21e0524bc40691
SHA51282fd83ba620f6ce4e3f70e02745ccf1a34df98a40000fa1fc6c65ff3dcfe44beddbbaa8e7e2d5340ebdfe0a1cb73d95821e7ff3e8976405c836037b557abb981
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427eFilesize
8KB
MD5a1169ae4b01a8dd92fb285cc8825031e
SHA1537531c04aad31b935053845b8d332bbeb7a1f72
SHA25680770a6bdc328f7732d8d69bd7855e69914371f8543ff715eb62d900e20fe693
SHA5129f95f440e3ad9739de1ac29e643ab75e56e94ed3da8eeaf7fa607f094f7f969a6317b0b05f5871d83214351f15c3a4c4ae5068f4c564509d8242219dc4d19962
-
/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427eFilesize
8KB
MD5381f35fa06513892e8aa0cceb73604a2
SHA1abccd0ced7aebcb84a859c8b6b3b2bef9a3a0558
SHA256ffbbf18070467cb9cabee30e7d0d9978ea07e803554217e34502a5f35bfbffc9
SHA51264577860c6cc8dde3a946e1924362fa83129dbd7cbbc61b1b6948b8f077cf88b2b2ad8a8bfac7c3cde415ac06762694b4f2d07d143acdeff3354603ac6511777
-
/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.dbFilesize
16KB
MD5bc0eeacf62bd574454f569189a7eee54
SHA1550c925009980ad6f38fda47ab5230a0a0c99fda
SHA2562dbf138718615b4497d88f512371aabf45e73d4fd56df2a815fc1f3487c79016
SHA512a59be630ffd451d72539152b083ab8410542c6a0eab928ffa0ea4c3d71478d28bd162a9be08eee5b61d2cbe848f5b91f2050aee287a7c0c6c9cfae70ee08a325
-
/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journalFilesize
8KB
MD561ce944b8d9db3b2672ccfa947b11d08
SHA1b3339565dbe0be53b6def6519acc4bccbd5e3c24
SHA256cbbb4867e929cd6f36bcd206666567448e581142a5ca64f3a6ce04319dcc37d5
SHA5128d1739bac01182061c472c4311ca82b3b5b9ca82e1caeb5bb95842bcbd1710ce4147742b24193aa70033f072cc51313f5e4c8f141e49e70ec02e414ac6c34cd8
-
/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journalFilesize
8KB
MD56c8fd70aa7f2e0483907a44448f30b1d
SHA157060457fb12d818c01a0237157436e11831e23d
SHA25696ee48ae2f71efbbffd2750e6d96f271b6f01c88ce4aa9805d1c939a3c7aa3bf
SHA51257230ee68393a2f9129c1971d914ee339ae83042be8173a1f07dc170c2c737f13b587e1eafa2deca63bcb571e65ad27d08706fc9ee726c84934ffd0f79b075bf
-
/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journalFilesize
512B
MD592f71171ca1146e040465c608a3368f6
SHA19de3e692a372183cea58daf6c2ec5f831c132d3b
SHA256aa225d9b3f9651628f7f3f92372f5fbf404567cdf3660e72ffa35cd7b68fb55d
SHA51277644a74cea85003d47022aa25469ab4a5ec6d4eb1cf147e9ea386328d25e1608bed668a40010fa96d4b6f8be557fb61ed9107a06274eceb3a1779f2fcd6f08a
-
/data/user/0/com.ifeng.news2/databases/reading_history.dbFilesize
20KB
MD5e75093332e7c43a2d1746f8ae14f5145
SHA1f2172ac7be66cd63fe0c557e8233bfcdbb4eb4e2
SHA256a4d97f6f224fc59a28151245a0ea7db24cf65adadeff4756b567b014ca70dcfb
SHA51271e646718ea0064fa1245706df7aa3082bad3e877cd14b2810a983a78218d4b8c0e98eb61261af52a88ea89e8a9d140ed163e370bd81cda82c1d36109eb69814
-
/data/user/0/com.ifeng.news2/databases/reading_history.db-journalFilesize
8KB
MD53a56abe5497f3a41567ad7a7295c344b
SHA16e3fed7ec44f85b9882ce9fad297e6512c7c497e
SHA2564cbf76f00538374986e4ed222ddc46faa029973a4bd8a1325aad1d2c9f732a77
SHA5124472e9c12bea091fcfe574c1117f8e00935ea04642c1ae5546ec9c005420f214c64ee044c198b13df1938730a02db82b6a61ae79025e0526734525ccd070f703
-
/data/user/0/com.ifeng.news2/databases/reading_history.db-journalFilesize
8KB
MD5c73a629d884c3748b0cbcf103fa4949c
SHA1bf3ca3bb085efd37804e5b39fd8ab45be9c568cb
SHA25696c1afb679211814849de23af5fd7780f09bea14218a9cfcd74fa553202fcd47
SHA512a72f104cd85475d9674429c0f75c49db28805a7dedb00ff6a9b43aa487100cbbc0f6a9384f1596c703125e0b357f868a5aa73e8397b4013204821d361e779911
-
/data/user/0/com.ifeng.news2/databases/reading_history.db-journalFilesize
8KB
MD5513cdff94a8bfd663ea1d7fe1a0c1ad9
SHA1f6ca2076978775646b579b8bb0cb253c090ec628
SHA256305d58842beb7e446abbc97c476218076c20e2a1353b1a63c92b54003bd844cb
SHA5124a08b2cc4c52bd49d60ab9b324d16adb281e4abce7ef92c2a7e347b7395f67e7fd3b093544ecfebe3ca92105944e3356ce26ae751c2fefde4ad8b707bfe01a48
-
/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
349B
MD5e2f41fe24a8676b0962567a18f5cc55c
SHA16c74d2b9791c7fc22f5be25172bb11ed9cfd5ae1
SHA25693bacfe2afdfbf1a675bf5fbfaed516b0b5903e19d380edfb1249e620e8faf21
SHA512c6fbf702fe50e72441561fd7b26d79791cf7c84e71227be20c4568bdba54abe2a4f6f996380cf7790041a797b510086767fab4bad7fe7242861c4fd6fd50cfb2
-
/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
80KB
MD581a416795ad85900b4f6aaa10976fd8d
SHA101bfab1088f1b17a617cbde4aa68fbc71d513eff
SHA256b6415756ec91cd098832b08baffbef01a9294312027318e92c765ffd13f0ab76
SHA5120ada7b344840c4c3c98b063bd3d03570f14af7724301cb0abdff3a59ddea2bcb3a2e28f385a877857259c1acff34d063ff5947668588fa80d93b66897271a340
-
/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
430B
MD567adf080b3b78b36970268abe6d9423e
SHA1bb34d7df0d8969d5d239ae9edcdd974b449c9e54
SHA25693ed2c28356d01b80d27428d697596f474bd9367fe2fb9e30657146614643e8f
SHA512e6d607a8e8b40a0044341425fb44a0a0fa9b42d43f0085b2426cd21f5d025129a32b17b1cd8c443cdfb528a2ac41c6d0ad1a5be709205baea61dcc8182336d7d
-
/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.datFilesize
28KB
MD5e2c58b77c8409b969743565ec4a39d38
SHA1cf67fd7fe48b4c0d371c7038953d96ae66cee0a4
SHA25656574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c
SHA512768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b
-
/data/user/0/com.ifeng.news2/files/lldt/firll.datFilesize
16KB
MD57ab5f238dd1045b69d043e093bc88386
SHA1496411d0c7a68db75983e6d919c2ba149e9dd30c
SHA2563dcfd1012d3af1870635ce2ceda22b77387ba7e167698918bd1fedfafadf7656
SHA51271de77ef155fb02ca6ec6e6b9a8ca69254c29d0e3ac23cab9bf3be477f5a83747d4a55303a65e72f02c098c4687e4c2ebb4dc2acb3166c3853a07f60f440f2f2
-
/data/user/0/com.ifeng.news2/files/ofld/ofl.configFilesize
303B
MD53ea68cfb4a2e39b46f7258a8eabea551
SHA1f5dd9c811004d8a632d7ebab340fa6cba0c1be5b
SHA256df1177ac03a6cbc3599267d48e7b1fd2a253d566fc694a9b00f187b4a018efca
SHA5128f89a6aca599beea5cf77cba63b7672376f949f3950bb0558bd19eeaec86b792b4333039eb59479845f67f27d2c75225f5e9491eb99a3be84cee03d957ac4b6c
-
/data/user/0/com.ifeng.news2/files/ofld/ofl_location.dbFilesize
28KB
MD50f1d016b72965660817257279fe6db8a
SHA1c6df5e5df595298450460b93783f47d41de93da6
SHA25628c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd
SHA512c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773
-
/data/user/0/com.ifeng.news2/files/ofld/ofl_location.db-journalFilesize
8KB
MD576775d8aa6d1b891c6c1ec6161fcf06b
SHA1bf3eb44f8181c2b2d2b8f1e826d107c073cc085b
SHA256dee4e0b0e9f2af75b9c0afb3ea009157b70c38c608186eefadf9473ccc62b300
SHA512b3d419580aafdc294def5c9ecaf30857308ba8222eec1253d78a288a1c04ad2de5befe3a7c26baef50d8dbea4d5a15907b7941384d8654c0295e3af8a9d2fc15
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409429860Filesize
777B
MD540e3c4356c85eb33c04d1d1569a561a4
SHA125af91d22e3394fe8b372796d395d9db75a91188
SHA256f7c4ae9a2790b2d86600ed8121dfca9275a51751e3a8150345d2ea4983e7eaa0
SHA51222ae08a23bb4e4aac55fa329b0ecf82bc9439db43c8a9f2c2886efda26cdcb5b02ee748de85e121adc0bff9aa37632f7ca94a76f612995c12eff4b1d434324e2
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430325Filesize
8KB
MD5d728f1e94b37c69e29200c18c794bb40
SHA187f32d0da1f1b080ac148b9a2aac02ac93df0b87
SHA256f27480535aafb4a336557e21c8ac07505372ea72eddff579ddec823e33d17a4d
SHA5125304b7fad68a822c3c28e3b26360fcfb26808cdac643abce601cdf0ff1e0c0c14d4f4dc329133b2aad61c81fc069deadac1646017e5bd8b4292c4b8ec0e21262
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430547Filesize
8KB
MD5f942f13b00614f0ee814aa9d045e18f1
SHA14f8d74cc07bf922222e84e519fa339699b99d02e
SHA256ecf9b667dfb7b944b3533bc508c73c8c70fa5d836bde14e935fdc3b5d0122224
SHA51297a80bb05889b29d05acdc74a948e95670e164424cea5893ac33bb07f3529d7e27efd6a5f46e6a2c6b9c2ce57e2a39fd34256f6d7c9f4f1edd0cae5b9f80caf5
-
/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430646Filesize
8KB
MD5d8df2607143947d384f1fbe859efc776
SHA196eedc6a059a6155027168e8f72e3bd0fe4743d1
SHA2563e250982c913706ad3449ab65210bf15bc2c846bc0ae633134f60106d5fbb5cf
SHA512aa3b9b550eaf74c80ac1c450318fd65df5ef7019f325baef5873847f241e2da1bc9dba3517f85f45931e22742d9cc139fb65302ad51935c48af31cc15b9ef6dd
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.datFilesize
152B
MD58db9f040a9ff9191bf8a555759b22587
SHA125145dc0c6155e0ac318c33fe44318760c40681f
SHA256f02f73c0d6fed9ab1317b30318c0d4fafbc00ba6e100bc8987425cbd3863d6fd
SHA51222fc7d107760db84f59cbb62784eff70e46d1c95c53f261388f40454e7775f87d273bf7c0c4226b24be8a0ac990e60844cb00fbdcdd3cf3891609417fcae6429
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.datFilesize
418B
MD55d033f789032edf4b8df197003ee7ce9
SHA154ef9e98954c46ea58ac61f01038c65dfc493287
SHA2561599ea0e22bb76bb8704d4dd1338726155b2e8bc303cb16dddbb0bb55442c9fa
SHA5128b4495cd2ca275a6b0eca018f38156a993aa2a7864b820bf0e68df12751234e00e27b38f2eda80d29b19a0710c1e2124fc4662e1ddf5451e66f862d08980dc09
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.datFilesize
1KB
MD54ddc7b22f7c3c15fc006b3e998bc9705
SHA134c1b73995e140e853426b0ad7ef6f921ea24b10
SHA256b422922bdd392beaa81edf8067660e6243b28e8a1ff1da7129ae1c18d437421f
SHA51269e556b5b0f69621e69f78e05bf488226fb221f7610009318962c5d39af793207ca6ccf6083d676f293bca0d7a486d9e023ca9f7a3cfe7ab752e31f4fc57b7c8
-
/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.datFilesize
2KB
MD5cc9882fbbdf79eda91c5a58ce9f53405
SHA1df3d6ed9447afff9c105a7cec2a114b5bfca94c5
SHA25622407babb714c53178d1a8b61ffac23d35d370cd0f8089a8bab7ac65cc8cba45
SHA51297116a786c0ec825fc741d7d90445266e4507a7b459e49c93e3ccdf8f38538b095e31e54f9c9de1071856ecf60e5b806f83dc9fbfa94d8b17d8e17f5a0257a07
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
512B
MD5629bd6b9f212ac248b6e2f530c5aa51f
SHA1dad67c9cc2249f7f704bc6e35b9836405b4ea2dd
SHA256ff63f7cd245d0569541265eae88b49093eff4103cd75f0369b9fd3c4d69e2704
SHA512ab02de82e744d9b1d947221c3626f90d218e9d0c1badb417ba7c1ececad3c4d63bcc0cf4dce9634a18a607ded6442ee6c5ebdf373ed0c608bb2746068b222a79