Analysis

  • max time kernel
    179s
  • max time network
    181s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    14-06-2024 23:56

General

  • Target

    ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118.apk

  • Size

    15.4MB

  • MD5

    ac1d8ae4c4a646f5c4811a55493cb143

  • SHA1

    3bd52893716cb6c0ad866035eedd4c5120e5441a

  • SHA256

    038a4e5796fdc062fc9ead2afcc64f55c624d367a7316d4941846f233d3a8b7a

  • SHA512

    26508c934f39d2e966915970027a6da10e6e4349f3856dea3adb028bbf22f9635c8cbef9f52dbbcfddb1e1b5904f486261a0165030c1c29dfc33d4c226cd7f9e

  • SSDEEP

    393216:f5kC25B9JRI7fDUIzeJ1/y0CSFpauwFGg:f5y5Bu7bUeerGSFp1wFGg

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 1 TTPs 4 IoCs

    Uses Android APIs to to get current cell information.

  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.ifeng.news2
    1⤵
    • Checks if the Android device is rooted.
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4453
  • com.ifeng.news2:downloadRemote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4521
  • com.ifeng.news2:remote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/8b578cd9c8cf6688722389744fa9d70
    Filesize

    8KB

    MD5

    e2d02117b7102cd0cef4940404e6e3bf

    SHA1

    2faad53a3032b06cd7cd492cb2f1c334dd203100

    SHA256

    8560c426501c56db3c9c43f909b30fe10b841168f48e558ad385205b36fe6996

    SHA512

    aed59c6ac00db1b7bab81811c4e8140a82fe4768f7eb5646fca55d61bf55d491067eff936a4419ac35d230204a8117cbb04e1473e6a33998e8a78b61d5455f75

  • /data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e
    Filesize

    8KB

    MD5

    fdd5a40e0455ec2b3d05d320ed7cdd64

    SHA1

    574da9d821b26f019421f6aef2ec7e7435f91c59

    SHA256

    13e3fc6bf8acbdd046b369a8e612aeb9b750c3bef063cf64fc21e0524bc40691

    SHA512

    82fd83ba620f6ce4e3f70e02745ccf1a34df98a40000fa1fc6c65ff3dcfe44beddbbaa8e7e2d5340ebdfe0a1cb73d95821e7ff3e8976405c836037b557abb981

  • /data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e
    Filesize

    8KB

    MD5

    a1169ae4b01a8dd92fb285cc8825031e

    SHA1

    537531c04aad31b935053845b8d332bbeb7a1f72

    SHA256

    80770a6bdc328f7732d8d69bd7855e69914371f8543ff715eb62d900e20fe693

    SHA512

    9f95f440e3ad9739de1ac29e643ab75e56e94ed3da8eeaf7fa607f094f7f969a6317b0b05f5871d83214351f15c3a4c4ae5068f4c564509d8242219dc4d19962

  • /data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e
    Filesize

    8KB

    MD5

    381f35fa06513892e8aa0cceb73604a2

    SHA1

    abccd0ced7aebcb84a859c8b6b3b2bef9a3a0558

    SHA256

    ffbbf18070467cb9cabee30e7d0d9978ea07e803554217e34502a5f35bfbffc9

    SHA512

    64577860c6cc8dde3a946e1924362fa83129dbd7cbbc61b1b6948b8f077cf88b2b2ad8a8bfac7c3cde415ac06762694b4f2d07d143acdeff3354603ac6511777

  • /data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db
    Filesize

    16KB

    MD5

    bc0eeacf62bd574454f569189a7eee54

    SHA1

    550c925009980ad6f38fda47ab5230a0a0c99fda

    SHA256

    2dbf138718615b4497d88f512371aabf45e73d4fd56df2a815fc1f3487c79016

    SHA512

    a59be630ffd451d72539152b083ab8410542c6a0eab928ffa0ea4c3d71478d28bd162a9be08eee5b61d2cbe848f5b91f2050aee287a7c0c6c9cfae70ee08a325

  • /data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journal
    Filesize

    8KB

    MD5

    61ce944b8d9db3b2672ccfa947b11d08

    SHA1

    b3339565dbe0be53b6def6519acc4bccbd5e3c24

    SHA256

    cbbb4867e929cd6f36bcd206666567448e581142a5ca64f3a6ce04319dcc37d5

    SHA512

    8d1739bac01182061c472c4311ca82b3b5b9ca82e1caeb5bb95842bcbd1710ce4147742b24193aa70033f072cc51313f5e4c8f141e49e70ec02e414ac6c34cd8

  • /data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journal
    Filesize

    8KB

    MD5

    6c8fd70aa7f2e0483907a44448f30b1d

    SHA1

    57060457fb12d818c01a0237157436e11831e23d

    SHA256

    96ee48ae2f71efbbffd2750e6d96f271b6f01c88ce4aa9805d1c939a3c7aa3bf

    SHA512

    57230ee68393a2f9129c1971d914ee339ae83042be8173a1f07dc170c2c737f13b587e1eafa2deca63bcb571e65ad27d08706fc9ee726c84934ffd0f79b075bf

  • /data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journal
    Filesize

    512B

    MD5

    92f71171ca1146e040465c608a3368f6

    SHA1

    9de3e692a372183cea58daf6c2ec5f831c132d3b

    SHA256

    aa225d9b3f9651628f7f3f92372f5fbf404567cdf3660e72ffa35cd7b68fb55d

    SHA512

    77644a74cea85003d47022aa25469ab4a5ec6d4eb1cf147e9ea386328d25e1608bed668a40010fa96d4b6f8be557fb61ed9107a06274eceb3a1779f2fcd6f08a

  • /data/user/0/com.ifeng.news2/databases/reading_history.db
    Filesize

    20KB

    MD5

    e75093332e7c43a2d1746f8ae14f5145

    SHA1

    f2172ac7be66cd63fe0c557e8233bfcdbb4eb4e2

    SHA256

    a4d97f6f224fc59a28151245a0ea7db24cf65adadeff4756b567b014ca70dcfb

    SHA512

    71e646718ea0064fa1245706df7aa3082bad3e877cd14b2810a983a78218d4b8c0e98eb61261af52a88ea89e8a9d140ed163e370bd81cda82c1d36109eb69814

  • /data/user/0/com.ifeng.news2/databases/reading_history.db-journal
    Filesize

    8KB

    MD5

    3a56abe5497f3a41567ad7a7295c344b

    SHA1

    6e3fed7ec44f85b9882ce9fad297e6512c7c497e

    SHA256

    4cbf76f00538374986e4ed222ddc46faa029973a4bd8a1325aad1d2c9f732a77

    SHA512

    4472e9c12bea091fcfe574c1117f8e00935ea04642c1ae5546ec9c005420f214c64ee044c198b13df1938730a02db82b6a61ae79025e0526734525ccd070f703

  • /data/user/0/com.ifeng.news2/databases/reading_history.db-journal
    Filesize

    8KB

    MD5

    c73a629d884c3748b0cbcf103fa4949c

    SHA1

    bf3ca3bb085efd37804e5b39fd8ab45be9c568cb

    SHA256

    96c1afb679211814849de23af5fd7780f09bea14218a9cfcd74fa553202fcd47

    SHA512

    a72f104cd85475d9674429c0f75c49db28805a7dedb00ff6a9b43aa487100cbbc0f6a9384f1596c703125e0b357f868a5aa73e8397b4013204821d361e779911

  • /data/user/0/com.ifeng.news2/databases/reading_history.db-journal
    Filesize

    8KB

    MD5

    513cdff94a8bfd663ea1d7fe1a0c1ad9

    SHA1

    f6ca2076978775646b579b8bb0cb253c090ec628

    SHA256

    305d58842beb7e446abbc97c476218076c20e2a1353b1a63c92b54003bd844cb

    SHA512

    4a08b2cc4c52bd49d60ab9b324d16adb281e4abce7ef92c2a7e347b7395f67e7fd3b093544ecfebe3ca92105944e3356ce26ae751c2fefde4ad8b707bfe01a48

  • /data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat
    Filesize

    349B

    MD5

    e2f41fe24a8676b0962567a18f5cc55c

    SHA1

    6c74d2b9791c7fc22f5be25172bb11ed9cfd5ae1

    SHA256

    93bacfe2afdfbf1a675bf5fbfaed516b0b5903e19d380edfb1249e620e8faf21

    SHA512

    c6fbf702fe50e72441561fd7b26d79791cf7c84e71227be20c4568bdba54abe2a4f6f996380cf7790041a797b510086767fab4bad7fe7242861c4fd6fd50cfb2

  • /data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat
    Filesize

    80KB

    MD5

    81a416795ad85900b4f6aaa10976fd8d

    SHA1

    01bfab1088f1b17a617cbde4aa68fbc71d513eff

    SHA256

    b6415756ec91cd098832b08baffbef01a9294312027318e92c765ffd13f0ab76

    SHA512

    0ada7b344840c4c3c98b063bd3d03570f14af7724301cb0abdff3a59ddea2bcb3a2e28f385a877857259c1acff34d063ff5947668588fa80d93b66897271a340

  • /data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat
    Filesize

    430B

    MD5

    67adf080b3b78b36970268abe6d9423e

    SHA1

    bb34d7df0d8969d5d239ae9edcdd974b449c9e54

    SHA256

    93ed2c28356d01b80d27428d697596f474bd9367fe2fb9e30657146614643e8f

    SHA512

    e6d607a8e8b40a0044341425fb44a0a0fa9b42d43f0085b2426cd21f5d025129a32b17b1cd8c443cdfb528a2ac41c6d0ad1a5be709205baea61dcc8182336d7d

  • /data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat
    Filesize

    28KB

    MD5

    e2c58b77c8409b969743565ec4a39d38

    SHA1

    cf67fd7fe48b4c0d371c7038953d96ae66cee0a4

    SHA256

    56574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c

    SHA512

    768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b

  • /data/user/0/com.ifeng.news2/files/lldt/firll.dat
    Filesize

    16KB

    MD5

    7ab5f238dd1045b69d043e093bc88386

    SHA1

    496411d0c7a68db75983e6d919c2ba149e9dd30c

    SHA256

    3dcfd1012d3af1870635ce2ceda22b77387ba7e167698918bd1fedfafadf7656

    SHA512

    71de77ef155fb02ca6ec6e6b9a8ca69254c29d0e3ac23cab9bf3be477f5a83747d4a55303a65e72f02c098c4687e4c2ebb4dc2acb3166c3853a07f60f440f2f2

  • /data/user/0/com.ifeng.news2/files/ofld/ofl.config
    Filesize

    303B

    MD5

    3ea68cfb4a2e39b46f7258a8eabea551

    SHA1

    f5dd9c811004d8a632d7ebab340fa6cba0c1be5b

    SHA256

    df1177ac03a6cbc3599267d48e7b1fd2a253d566fc694a9b00f187b4a018efca

    SHA512

    8f89a6aca599beea5cf77cba63b7672376f949f3950bb0558bd19eeaec86b792b4333039eb59479845f67f27d2c75225f5e9491eb99a3be84cee03d957ac4b6c

  • /data/user/0/com.ifeng.news2/files/ofld/ofl_location.db
    Filesize

    28KB

    MD5

    0f1d016b72965660817257279fe6db8a

    SHA1

    c6df5e5df595298450460b93783f47d41de93da6

    SHA256

    28c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd

    SHA512

    c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773

  • /data/user/0/com.ifeng.news2/files/ofld/ofl_location.db-journal
    Filesize

    8KB

    MD5

    76775d8aa6d1b891c6c1ec6161fcf06b

    SHA1

    bf3eb44f8181c2b2d2b8f1e826d107c073cc085b

    SHA256

    dee4e0b0e9f2af75b9c0afb3ea009157b70c38c608186eefadf9473ccc62b300

    SHA512

    b3d419580aafdc294def5c9ecaf30857308ba8222eec1253d78a288a1c04ad2de5befe3a7c26baef50d8dbea4d5a15907b7941384d8654c0295e3af8a9d2fc15

  • /storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409429860
    Filesize

    777B

    MD5

    40e3c4356c85eb33c04d1d1569a561a4

    SHA1

    25af91d22e3394fe8b372796d395d9db75a91188

    SHA256

    f7c4ae9a2790b2d86600ed8121dfca9275a51751e3a8150345d2ea4983e7eaa0

    SHA512

    22ae08a23bb4e4aac55fa329b0ecf82bc9439db43c8a9f2c2886efda26cdcb5b02ee748de85e121adc0bff9aa37632f7ca94a76f612995c12eff4b1d434324e2

  • /storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430325
    Filesize

    8KB

    MD5

    d728f1e94b37c69e29200c18c794bb40

    SHA1

    87f32d0da1f1b080ac148b9a2aac02ac93df0b87

    SHA256

    f27480535aafb4a336557e21c8ac07505372ea72eddff579ddec823e33d17a4d

    SHA512

    5304b7fad68a822c3c28e3b26360fcfb26808cdac643abce601cdf0ff1e0c0c14d4f4dc329133b2aad61c81fc069deadac1646017e5bd8b4292c4b8ec0e21262

  • /storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430547
    Filesize

    8KB

    MD5

    f942f13b00614f0ee814aa9d045e18f1

    SHA1

    4f8d74cc07bf922222e84e519fa339699b99d02e

    SHA256

    ecf9b667dfb7b944b3533bc508c73c8c70fa5d836bde14e935fdc3b5d0122224

    SHA512

    97a80bb05889b29d05acdc74a948e95670e164424cea5893ac33bb07f3529d7e27efd6a5f46e6a2c6b9c2ce57e2a39fd34256f6d7c9f4f1edd0cae5b9f80caf5

  • /storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430646
    Filesize

    8KB

    MD5

    d8df2607143947d384f1fbe859efc776

    SHA1

    96eedc6a059a6155027168e8f72e3bd0fe4743d1

    SHA256

    3e250982c913706ad3449ab65210bf15bc2c846bc0ae633134f60106d5fbb5cf

    SHA512

    aa3b9b550eaf74c80ac1c450318fd65df5ef7019f325baef5873847f241e2da1bc9dba3517f85f45931e22742d9cc139fb65302ad51935c48af31cc15b9ef6dd

  • /storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

  • /storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat
    Filesize

    152B

    MD5

    8db9f040a9ff9191bf8a555759b22587

    SHA1

    25145dc0c6155e0ac318c33fe44318760c40681f

    SHA256

    f02f73c0d6fed9ab1317b30318c0d4fafbc00ba6e100bc8987425cbd3863d6fd

    SHA512

    22fc7d107760db84f59cbb62784eff70e46d1c95c53f261388f40454e7775f87d273bf7c0c4226b24be8a0ac990e60844cb00fbdcdd3cf3891609417fcae6429

  • /storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

  • /storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat
    Filesize

    418B

    MD5

    5d033f789032edf4b8df197003ee7ce9

    SHA1

    54ef9e98954c46ea58ac61f01038c65dfc493287

    SHA256

    1599ea0e22bb76bb8704d4dd1338726155b2e8bc303cb16dddbb0bb55442c9fa

    SHA512

    8b4495cd2ca275a6b0eca018f38156a993aa2a7864b820bf0e68df12751234e00e27b38f2eda80d29b19a0710c1e2124fc4662e1ddf5451e66f862d08980dc09

  • /storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat
    Filesize

    1KB

    MD5

    4ddc7b22f7c3c15fc006b3e998bc9705

    SHA1

    34c1b73995e140e853426b0ad7ef6f921ea24b10

    SHA256

    b422922bdd392beaa81edf8067660e6243b28e8a1ff1da7129ae1c18d437421f

    SHA512

    69e556b5b0f69621e69f78e05bf488226fb221f7610009318962c5d39af793207ca6ccf6083d676f293bca0d7a486d9e023ca9f7a3cfe7ab752e31f4fc57b7c8

  • /storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat
    Filesize

    2KB

    MD5

    cc9882fbbdf79eda91c5a58ce9f53405

    SHA1

    df3d6ed9447afff9c105a7cec2a114b5bfca94c5

    SHA256

    22407babb714c53178d1a8b61ffac23d35d370cd0f8089a8bab7ac65cc8cba45

    SHA512

    97116a786c0ec825fc741d7d90445266e4507a7b459e49c93e3ccdf8f38538b095e31e54f9c9de1071856ecf60e5b806f83dc9fbfa94d8b17d8e17f5a0257a07

  • /storage/emulated/0/baidu/tempdata/ls.db-journal
    Filesize

    512B

    MD5

    629bd6b9f212ac248b6e2f530c5aa51f

    SHA1

    dad67c9cc2249f7f704bc6e35b9836405b4ea2dd

    SHA256

    ff63f7cd245d0569541265eae88b49093eff4103cd75f0369b9fd3c4d69e2704

    SHA512

    ab02de82e744d9b1d947221c3626f90d218e9d0c1badb417ba7c1ececad3c4d63bcc0cf4dce9634a18a607ded6442ee6c5ebdf373ed0c608bb2746068b222a79