Malware Analysis Report

2024-09-09 16:00

Sample ID 240614-3zfsks1gjh
Target ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118
SHA256 038a4e5796fdc062fc9ead2afcc64f55c624d367a7316d4941846f233d3a8b7a
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

038a4e5796fdc062fc9ead2afcc64f55c624d367a7316d4941846f233d3a8b7a

Threat Level: Likely malicious

The file ac1d8ae4c4a646f5c4811a55493cb143_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Requests cell location

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries information about active data network

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 23:56

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 23:56

Reported

2024-06-15 00:00

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

183s

Command Line

com.ifeng.news2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifeng.news2

com.ifeng.news2:downloadRemote

com.ifeng.news2:remote

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.newad.ifeng.com udp
US 1.1.1.1:53 iis3g.deliver.ifeng.com udp
US 1.1.1.1:53 api.iclient.ifeng.com udp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 1.1.1.1:53 stadig0.ifeng.com udp
CN 123.57.129.163:80 stadig0.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 ipush.ifengcdn.com udp
CN 152.136.234.61:80 ipush.ifengcdn.com tcp
US 1.1.1.1:53 exp.3g.ifeng.com udp
US 49.51.190.27:80 exp.3g.ifeng.com tcp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 1.1.1.1:53 api.iapps.ifeng.com udp
US 1.1.1.1:53 stadig.ifeng.com udp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
US 1.1.1.1:53 user.iclient.ifeng.com udp
US 1.1.1.1:53 dns.map.baidu.com udp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 140.143.218.126:80 user.iclient.ifeng.com tcp
US 1.1.1.1:53 api.irecommend.ifeng.com udp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 140.143.218.126:80 user.iclient.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
CN 152.136.234.61:8888 ipush.ifengcdn.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
N/A 10.0.0.172:80 tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
US 1.1.1.1:53 api.3g.ifeng.com udp
US 170.106.112.116:80 api.3g.ifeng.com tcp
US 1.1.1.1:53 stadig.ifeng.com udp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 152.136.31.76:80 ipush.ifengcdn.com tcp
CN 152.136.31.210:80 ipush.ifengcdn.com tcp
CN 152.136.31.210:8888 ipush.ifengcdn.com tcp

Files

/storage/emulated/0/baidu/.cuid

MD5 f89cf1938cfd67f0b31410c668f0061d
SHA1 63191696da2dfd6c0150c2bc460c29b064307f7e
SHA256 3439c3397cd17d5807daa9b566b3966a0e5f30f5740214017567d1c3beb1c2d4
SHA512 7dc95fb80d235dd9a2fd28d27870c1b76974968c81a80ae7cc489279d38c76f1e9841ae0dd7b06d2f472f0460b4d4b1c8c85a04ec55fbcb3048539713429d76d

/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 e2715571b104203253f00cb35e121dd7
SHA1 d6fbcc8742a27979c5b928522a6c2c4a68360e85
SHA256 3a777d1799ff9d74aed6ef63e2d244a735c3dec0f349e98a694636bbc44ab4bf
SHA512 a27d1e2f8b1ded1b6b8bf0bbd221f4649fd9b89fe165ae0be974cc12e6f17bfe96146f08a0e9acf84099dd0c2e20a7da52c18cb2f17fab7ea1a1114d841097f3

/data/data/com.ifeng.news2/databases/reading_history.db-journal

MD5 d40822a88a406d533157f871217734cb
SHA1 d4fe0521e3d53f2dbbb25567cb591aeb907e3a37
SHA256 207e0a5ff26163b5f7818c1ea1a4a5c621ef7f0df7ee27120b80b0c94ec285ca
SHA512 1a7b46b607b18b6fa780482aedcf5c9359cf155b4edcecf5435e1b07e0b33e9db96701afff427c1a6dce59b04fdf3ce0fce40f6e9d87e361362d0b2bf5b28c6f

/data/data/com.ifeng.news2/databases/reading_history.db

MD5 a61b134bb5f2df1559f1ef8049c1f990
SHA1 c1838e3f2e003bcb79ebad38a5c6cbc61e6f02f2
SHA256 1e18ad89e5b69b9791469a7d95dc6a0c61fe8af13454f816d744bf8e4b3ac84e
SHA512 4545c0dab4d2c471ce9ae5974f9cbb7810d532823a0cc84a114e5ec5b36a6217687788bc17a8ff0af18c1ac302d7f5cc7d4fa429d7a27777029a9d84d563e46e

/data/data/com.ifeng.news2/databases/reading_history.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ifeng.news2/databases/reading_history.db-wal

MD5 cb3ab042b733e961c026daf126419b5e
SHA1 3683fd674ebae8acbe02e6c3619066b349d94d5f
SHA256 15763519804be5c3aa2443c886fc3ed26fc5c7cceb48c366abdf45d9dd8a7581
SHA512 8e0fc9deb3255c9af24868dc23e814a06ab77f05753f787d52bef7725ccc9f733ad3908ec6f8dada55eb890f615ecf6cbbe38685667815a55b53aac6984f2cc6

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db

MD5 a859a4da38786ecbaa1e63a29db5cd66
SHA1 c205451303e4344af98a9597761961143439f34e
SHA256 c5b7c97f921def92c6f727b30c701db9a06f11d2ed67c2d4912f5868e5f4a77e
SHA512 220d12ee2428a72d72132b1075f22484475bbb2677b2b6f8f94a1957439e7f8780d98d40e59045c0b14998015a2f6fe13c77afc8551fb5884914737886995852

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-wal

MD5 b7c88350617e5b49e6f285d7ee3a87d8
SHA1 e83a47a359a9aa9562b8d31fb67ad879ea4affd7
SHA256 047f27f07b453c5235fe430f5009c98fc52bcf46637bf54868a67fcd2a95b5bd
SHA512 21e40536d27075f26e0a54f36c24d088a643613a5f50566875077127ee1a4068af02c06474bf978d0c39e66d5d6b7de45f49e9af5ee19263c982e00621c64165

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e

MD5 06f0dd13b9c03ca747bcbf4cdca6a8e5
SHA1 907b92460cd0a0f909854334eb4593c3ab3677c8
SHA256 dd1ba5a858edf476f20f15295bb93945eba69780b8c2f7bec4206b7e1070f33a
SHA512 0692efd28a8325a54e40d06b4061650d243698881a42bee3120541f2c034230a4769447996311a97ef568343ed207e2269b7715a37e3c10a7221f0fb93c747a2

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/cf12deac3d975d6ad7ea542728bd68

MD5 de5462eefb78070365e26a98c8c673da
SHA1 6b2a71a584ef5ccc4a346059919e831847d0a3a6
SHA256 8c52ad2cdc676d41e676f9076ea681b55ff48f10ca75519b2419761ebca30d02
SHA512 d57b8c9cd3c11f4b3986e08586bd435d6674758ddcf6bd7025049de12064cd93838f20d8558755d6e06c1bac205e15a247c8df44f662d76cf46b2a106c5ef508

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434257

MD5 bfff6e8ab473b6f42c040a6da152a783
SHA1 6b1e48510b7d2fb7c2dbbcb0c8863ac0e6e50ef4
SHA256 06490439b74077a099a2b17b2a2a5e9bf64101fff197eee90c18d2475b66dc9b
SHA512 51800761f77b07a415303de2321b2cb8d9e6182b5f26a7749caa6835c9e440761cc63bf59e66c84a0d76feebb8a39abe06ba20966b0945ecd71b4639b45d913f

/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 43ce26e3b9542b48e29bed78cc94e078
SHA1 a8bbb4f74c07ed9a2bf855dcaf52aff9d6c808a8
SHA256 3939fe85bc91b24cdbd9cc873ef69ca1e9555845818b8093630a996b5d7cd76b
SHA512 10f81c6a2b53d53f852414571f8505972f70395500a5c11f04eed7f2e32edebfea2eadc26ea3446ad6d4cab14d3d56bc9037028a86d6d7a24b4caba1b4ac72d6

/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 cf9c074eae4e3d8f658ff6670668e1bf
SHA1 e022eeeaacf0a68472529e5a72cad7e4d9116e0d
SHA256 692e77e266553486015404dd0951dcf1b0d30382bc078ae3662285c8048ab5fa
SHA512 51dd92165eaa185aebf84ebbfa9ba0914cd671f8ec29c1c3427120b15e386b1aefe4926f70f0f9d176e21c47e03edea677941c86be48ae9979a6fe8797304274

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e

MD5 85e99ab8d9dc6b513e3733bb3c47a870
SHA1 f3e81b0e35824b54ed3bcf475537827fa468c782
SHA256 87ab1ebe58a188c2572f4d5d2b6521d23976be4b5bdaf0ea941e883d3363bd28
SHA512 cf3f544c9affb281307c751cbd31c46ba28eac64ce9c7270094617e16222ad6f5f295659e4d61f9636c50e2530f76d3afa5db5f8cb75ec5baaf9da4338a080c7

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e

MD5 0b1830fc30ce4690dd4f7aa7ff6bfcd4
SHA1 bc3b2ab33448feebab8f1f3a00be8914ef912bf2
SHA256 718dfd26ac634678e625489524d0dfd3f03d25427a7652ea828f4e3deeb95014
SHA512 a30eaa951552086d2ff74174f7e918579ea4af17ba34a62da3e0ded9e43becfb2db4e5899b59cbac2db7511f04b01fc117d3a14abdfad2e462049b630358d8b3

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434746

MD5 fa3984264e9cbd4135ad81d17994c27a
SHA1 0e82980fc40b4945cd2be7e02fbc482455513301
SHA256 f941c7a9a18e5fe49263f66c73f1b980511d18fd4b4670c433d6fff69258634b
SHA512 b3e59e952e7e72f8bb23775533fb38053553a99ebf713421adbcc500dc5008fd0d5a5893eb416fe6207744a0f6bf810b28930040c610b27ceb053d829059c4a4

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434880

MD5 2f47231f6fcb911b2c7109ea21d2051d
SHA1 3c053f79afb7ae1327f7d8ad81699081fd787ab8
SHA256 e1519afc948abf22464dc3633e4abc30e98296741296cb3624a0a1c6dc56944f
SHA512 ef93c569b66034e85e3663bf8916c177e5777009acf8d326060d86119e03aaf7ea0ecb0b5ca5050dbb9b58c2eb48dfa3091b33df30ce283a11bbbd7617f180e3

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409434925

MD5 ac3199390aa745cd49d2d41cca738f70
SHA1 943d986b42fa65130d61328381a921c6e9f909a0
SHA256 05bf2426b44d9972e70c30d4bc104e9a44782dc9b4e73f9c8d7061936c760e15
SHA512 b6e49c19864a18722130a02ea7b163e7c1f001465eb0cea1a2505d8b122d838cc19216466989b120fb16ead134d064d43fe701ea33eaa0369e37cc56e54f95ef

/storage/emulated/0/baidu/tempdata/ls.db

MD5 0d3e99204c6401ea499fe9e6d9855497
SHA1 09829f00ca458eab7374d5079393a2cd69a2348a
SHA256 63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA512 8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

/storage/emulated/0/Android/data/ifeng/news/cache_temp/9c04eb4019ca78ca

MD5 2d2b486304ab39a4f42322db588586c2
SHA1 c84e94a31eb2704e0e933e57ed4e7e1a242d7749
SHA256 ccd72b94f7fe27c6797a9c6a3f5fd2ae209c9f5fc60fe95bd8be459bf9708d63
SHA512 f8f1a11ceae281354ae19f79b1ba45e3186b12bcbbd7ee72864ead851df1f9b403968cc5055d02c6ce4293a17f3d7c44f01b8da6ede1c2e9ad574cc310ff8b5b

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat

MD5 431d75b3464a079c7adba85851a34333
SHA1 15d82e9a55d386b5c40926bbfb2f0d9ae614dc43
SHA256 f5c847a1ec73d9ee6ac40befde4fe1df3af326b54f3f1531b991c351d6891976
SHA512 a569927bda80bc1a7a645005bfc959de90d7e11dbd0035a24199a1928e165cccd649ff2854116ed93d92521dc0103b1d5eba678142615960bdbfb611df438595

/data/data/com.ifeng.news2/files/ChannelConfig.txt

MD5 9915663e03dd9a8d1c17166e28d82c6b
SHA1 d63b7b39f357a0e261823c49fbcf0f615e2f3f48
SHA256 776e16eb8e9b271b19f969780daec931150414812f80700aef3df4d6f89c5116
SHA512 516cf85ba34f2856127dcc75d547275ca9d8edab0ba593f762c6edfb09f01da531d271ff9e83e5b0fd48f8283f30e3a5737e76ffb7f61eef2ec6bd8da5deed50

/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 d23118ea94073c6d5bcb5a08b0be8697
SHA1 edf411d853bd9fb3f83ad9e6c74ff35b7dc891d8
SHA256 1c5607be3bc9f41ea3e7c25644d91f2b425195432ef6549aac0578ac361b90dc
SHA512 7522e84c56df4443c89824efdecbb63bfa0862feeaee6a15deda3b939e8738f661dcf7741312c13f24095545c3aa7df5cb689b7221550be69abed1031ef832c4

/data/data/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 5fadf1169ceffd6a56ded7023b85fd04
SHA1 02d452fc7334ea76040ef38ceb7f2a456a2470c8
SHA256 40c460e6df49255b00c3b995688eb26b3a97285754ef663f2a98acaf8740d687
SHA512 9fba0b4d9b822681bed172054df84e052a6bffa86060aeb0266cf2ccf71e5683e20c5c8eff67a2a2aafe72c998621edd5acdf37f366faa758c3cfe119a5cbb52

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 23:56

Reported

2024-06-15 00:00

Platform

android-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

181s

Command Line

com.ifeng.news2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifeng.news2

com.ifeng.news2:downloadRemote

com.ifeng.news2:remote

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 api.newad.ifeng.com udp
US 1.1.1.1:53 iis3g.deliver.ifeng.com udp
US 1.1.1.1:53 api.iclient.ifeng.com udp
US 1.1.1.1:53 stadig0.ifeng.com udp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
CN 123.57.129.163:80 stadig0.ifeng.com tcp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 49.51.190.27:80 api.newad.ifeng.com tcp
US 1.1.1.1:53 m.irs01.com udp
US 1.1.1.1:53 ipush.ifengcdn.com udp
CN 152.136.31.76:80 ipush.ifengcdn.com tcp
US 1.1.1.1:53 exp.3g.ifeng.com udp
US 1.1.1.1:53 api.iapps.ifeng.com udp
US 170.106.112.116:80 api.iclient.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 1.1.1.1:53 stadig.ifeng.com udp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
US 49.51.190.27:80 api.iapps.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 api.irecommend.ifeng.com udp
US 1.1.1.1:53 user.iclient.ifeng.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
US 1.1.1.1:53 dns.map.baidu.com udp
US 1.1.1.1:53 sapi.skyhookwireless.com udp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
CN 182.61.62.50:80 dns.map.baidu.com tcp
CN 140.143.218.126:80 user.iclient.ifeng.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 39.107.88.232:80 iis3g.deliver.ifeng.com tcp
CN 140.143.218.126:80 user.iclient.ifeng.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 152.136.31.76:8888 ipush.ifengcdn.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
FR 15.188.116.26:443 sapi.skyhookwireless.com tcp
HK 103.235.46.246:80 loc.map.baidu.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 47.94.99.240:80 iis3g.deliver.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 api.3g.ifeng.com udp
US 170.106.112.116:80 api.3g.ifeng.com tcp
US 1.1.1.1:53 stadig.ifeng.com udp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
GB 216.58.201.110:443 tcp
GB 216.58.213.2:443 tcp
GB 172.217.169.10:443 tcp
CN 123.57.129.163:80 stadig.ifeng.com tcp
CN 123.57.250.119:80 stadig.ifeng.com tcp
CN 152.136.31.210:80 ipush.ifengcdn.com tcp
CN 152.136.31.210:8888 ipush.ifengcdn.com tcp
CN 152.136.181.124:80 ipush.ifengcdn.com tcp
CN 152.136.181.124:8888 ipush.ifengcdn.com tcp
CN 152.136.31.216:80 ipush.ifengcdn.com tcp
CN 152.136.31.216:8888 ipush.ifengcdn.com tcp

Files

/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 e2c58b77c8409b969743565ec4a39d38
SHA1 cf67fd7fe48b4c0d371c7038953d96ae66cee0a4
SHA256 56574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c
SHA512 768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b

/data/user/0/com.ifeng.news2/databases/reading_history.db-journal

MD5 3a56abe5497f3a41567ad7a7295c344b
SHA1 6e3fed7ec44f85b9882ce9fad297e6512c7c497e
SHA256 4cbf76f00538374986e4ed222ddc46faa029973a4bd8a1325aad1d2c9f732a77
SHA512 4472e9c12bea091fcfe574c1117f8e00935ea04642c1ae5546ec9c005420f214c64ee044c198b13df1938730a02db82b6a61ae79025e0526734525ccd070f703

/data/user/0/com.ifeng.news2/databases/reading_history.db

MD5 e75093332e7c43a2d1746f8ae14f5145
SHA1 f2172ac7be66cd63fe0c557e8233bfcdbb4eb4e2
SHA256 a4d97f6f224fc59a28151245a0ea7db24cf65adadeff4756b567b014ca70dcfb
SHA512 71e646718ea0064fa1245706df7aa3082bad3e877cd14b2810a983a78218d4b8c0e98eb61261af52a88ea89e8a9d140ed163e370bd81cda82c1d36109eb69814

/data/user/0/com.ifeng.news2/databases/reading_history.db-journal

MD5 c73a629d884c3748b0cbcf103fa4949c
SHA1 bf3ca3bb085efd37804e5b39fd8ab45be9c568cb
SHA256 96c1afb679211814849de23af5fd7780f09bea14218a9cfcd74fa553202fcd47
SHA512 a72f104cd85475d9674429c0f75c49db28805a7dedb00ff6a9b43aa487100cbbc0f6a9384f1596c703125e0b357f868a5aa73e8397b4013204821d361e779911

/data/user/0/com.ifeng.news2/databases/reading_history.db-journal

MD5 513cdff94a8bfd663ea1d7fe1a0c1ad9
SHA1 f6ca2076978775646b579b8bb0cb253c090ec628
SHA256 305d58842beb7e446abbc97c476218076c20e2a1353b1a63c92b54003bd844cb
SHA512 4a08b2cc4c52bd49d60ab9b324d16adb281e4abce7ef92c2a7e347b7395f67e7fd3b093544ecfebe3ca92105944e3356ce26ae751c2fefde4ad8b707bfe01a48

/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 92f71171ca1146e040465c608a3368f6
SHA1 9de3e692a372183cea58daf6c2ec5f831c132d3b
SHA256 aa225d9b3f9651628f7f3f92372f5fbf404567cdf3660e72ffa35cd7b68fb55d
SHA512 77644a74cea85003d47022aa25469ab4a5ec6d4eb1cf147e9ea386328d25e1608bed668a40010fa96d4b6f8be557fb61ed9107a06274eceb3a1779f2fcd6f08a

/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db

MD5 bc0eeacf62bd574454f569189a7eee54
SHA1 550c925009980ad6f38fda47ab5230a0a0c99fda
SHA256 2dbf138718615b4497d88f512371aabf45e73d4fd56df2a815fc1f3487c79016
SHA512 a59be630ffd451d72539152b083ab8410542c6a0eab928ffa0ea4c3d71478d28bd162a9be08eee5b61d2cbe848f5b91f2050aee287a7c0c6c9cfae70ee08a325

/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 61ce944b8d9db3b2672ccfa947b11d08
SHA1 b3339565dbe0be53b6def6519acc4bccbd5e3c24
SHA256 cbbb4867e929cd6f36bcd206666567448e581142a5ca64f3a6ce04319dcc37d5
SHA512 8d1739bac01182061c472c4311ca82b3b5b9ca82e1caeb5bb95842bcbd1710ce4147742b24193aa70033f072cc51313f5e4c8f141e49e70ec02e414ac6c34cd8

/data/user/0/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 6c8fd70aa7f2e0483907a44448f30b1d
SHA1 57060457fb12d818c01a0237157436e11831e23d
SHA256 96ee48ae2f71efbbffd2750e6d96f271b6f01c88ce4aa9805d1c939a3c7aa3bf
SHA512 57230ee68393a2f9129c1971d914ee339ae83042be8173a1f07dc170c2c737f13b587e1eafa2deca63bcb571e65ad27d08706fc9ee726c84934ffd0f79b075bf

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e

MD5 fdd5a40e0455ec2b3d05d320ed7cdd64
SHA1 574da9d821b26f019421f6aef2ec7e7435f91c59
SHA256 13e3fc6bf8acbdd046b369a8e612aeb9b750c3bef063cf64fc21e0524bc40691
SHA512 82fd83ba620f6ce4e3f70e02745ccf1a34df98a40000fa1fc6c65ff3dcfe44beddbbaa8e7e2d5340ebdfe0a1cb73d95821e7ff3e8976405c836037b557abb981

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/8b578cd9c8cf6688722389744fa9d70

MD5 e2d02117b7102cd0cef4940404e6e3bf
SHA1 2faad53a3032b06cd7cd492cb2f1c334dd203100
SHA256 8560c426501c56db3c9c43f909b30fe10b841168f48e558ad385205b36fe6996
SHA512 aed59c6ac00db1b7bab81811c4e8140a82fe4768f7eb5646fca55d61bf55d491067eff936a4419ac35d230204a8117cbb04e1473e6a33998e8a78b61d5455f75

/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 e2f41fe24a8676b0962567a18f5cc55c
SHA1 6c74d2b9791c7fc22f5be25172bb11ed9cfd5ae1
SHA256 93bacfe2afdfbf1a675bf5fbfaed516b0b5903e19d380edfb1249e620e8faf21
SHA512 c6fbf702fe50e72441561fd7b26d79791cf7c84e71227be20c4568bdba54abe2a4f6f996380cf7790041a797b510086767fab4bad7fe7242861c4fd6fd50cfb2

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409429860

MD5 40e3c4356c85eb33c04d1d1569a561a4
SHA1 25af91d22e3394fe8b372796d395d9db75a91188
SHA256 f7c4ae9a2790b2d86600ed8121dfca9275a51751e3a8150345d2ea4983e7eaa0
SHA512 22ae08a23bb4e4aac55fa329b0ecf82bc9439db43c8a9f2c2886efda26cdcb5b02ee748de85e121adc0bff9aa37632f7ca94a76f612995c12eff4b1d434324e2

/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 81a416795ad85900b4f6aaa10976fd8d
SHA1 01bfab1088f1b17a617cbde4aa68fbc71d513eff
SHA256 b6415756ec91cd098832b08baffbef01a9294312027318e92c765ffd13f0ab76
SHA512 0ada7b344840c4c3c98b063bd3d03570f14af7724301cb0abdff3a59ddea2bcb3a2e28f385a877857259c1acff34d063ff5947668588fa80d93b66897271a340

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e

MD5 a1169ae4b01a8dd92fb285cc8825031e
SHA1 537531c04aad31b935053845b8d332bbeb7a1f72
SHA256 80770a6bdc328f7732d8d69bd7855e69914371f8543ff715eb62d900e20fe693
SHA512 9f95f440e3ad9739de1ac29e643ab75e56e94ed3da8eeaf7fa607f094f7f969a6317b0b05f5871d83214351f15c3a4c4ae5068f4c564509d8242219dc4d19962

/data/data/com.ifeng.news2/cache/10c6570a81ee22a83f1123f825f6ba9/d41d8cd98f0b24e980998ecf8427e

MD5 381f35fa06513892e8aa0cceb73604a2
SHA1 abccd0ced7aebcb84a859c8b6b3b2bef9a3a0558
SHA256 ffbbf18070467cb9cabee30e7d0d9978ea07e803554217e34502a5f35bfbffc9
SHA512 64577860c6cc8dde3a946e1924362fa83129dbd7cbbc61b1b6948b8f077cf88b2b2ad8a8bfac7c3cde415ac06762694b4f2d07d143acdeff3354603ac6511777

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430325

MD5 d728f1e94b37c69e29200c18c794bb40
SHA1 87f32d0da1f1b080ac148b9a2aac02ac93df0b87
SHA256 f27480535aafb4a336557e21c8ac07505372ea72eddff579ddec823e33d17a4d
SHA512 5304b7fad68a822c3c28e3b26360fcfb26808cdac643abce601cdf0ff1e0c0c14d4f4dc329133b2aad61c81fc069deadac1646017e5bd8b4292c4b8ec0e21262

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430547

MD5 f942f13b00614f0ee814aa9d045e18f1
SHA1 4f8d74cc07bf922222e84e519fa339699b99d02e
SHA256 ecf9b667dfb7b944b3533bc508c73c8c70fa5d836bde14e935fdc3b5d0122224
SHA512 97a80bb05889b29d05acdc74a948e95670e164424cea5893ac33bb07f3529d7e27efd6a5f46e6a2c6b9c2ce57e2a39fd34256f6d7c9f4f1edd0cae5b9f80caf5

/storage/emulated/0/.mat/a8287206072f99534af3ddc454fdf3e6/1718409430646

MD5 d8df2607143947d384f1fbe859efc776
SHA1 96eedc6a059a6155027168e8f72e3bd0fe4743d1
SHA256 3e250982c913706ad3449ab65210bf15bc2c846bc0ae633134f60106d5fbb5cf
SHA512 aa3b9b550eaf74c80ac1c450318fd65df5ef7019f325baef5873847f241e2da1bc9dba3517f85f45931e22742d9cc139fb65302ad51935c48af31cc15b9ef6dd

/storage/emulated/0/baidu/tempdata/ls.db-journal

MD5 629bd6b9f212ac248b6e2f530c5aa51f
SHA1 dad67c9cc2249f7f704bc6e35b9836405b4ea2dd
SHA256 ff63f7cd245d0569541265eae88b49093eff4103cd75f0369b9fd3c4d69e2704
SHA512 ab02de82e744d9b1d947221c3626f90d218e9d0c1badb417ba7c1ececad3c4d63bcc0cf4dce9634a18a607ded6442ee6c5ebdf373ed0c608bb2746068b222a79

/data/user/0/com.ifeng.news2/files/ofld/ofl_location.db

MD5 0f1d016b72965660817257279fe6db8a
SHA1 c6df5e5df595298450460b93783f47d41de93da6
SHA256 28c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd
SHA512 c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773

/data/user/0/com.ifeng.news2/files/ofld/ofl_location.db-journal

MD5 76775d8aa6d1b891c6c1ec6161fcf06b
SHA1 bf3eb44f8181c2b2d2b8f1e826d107c073cc085b
SHA256 dee4e0b0e9f2af75b9c0afb3ea009157b70c38c608186eefadf9473ccc62b300
SHA512 b3d419580aafdc294def5c9ecaf30857308ba8222eec1253d78a288a1c04ad2de5befe3a7c26baef50d8dbea4d5a15907b7941384d8654c0295e3af8a9d2fc15

/data/user/0/com.ifeng.news2/files/lldt/firll.dat

MD5 7ab5f238dd1045b69d043e093bc88386
SHA1 496411d0c7a68db75983e6d919c2ba149e9dd30c
SHA256 3dcfd1012d3af1870635ce2ceda22b77387ba7e167698918bd1fedfafadf7656
SHA512 71de77ef155fb02ca6ec6e6b9a8ca69254c29d0e3ac23cab9bf3be477f5a83747d4a55303a65e72f02c098c4687e4c2ebb4dc2acb3166c3853a07f60f440f2f2

/data/user/0/com.ifeng.news2/files/ofld/ofl.config

MD5 3ea68cfb4a2e39b46f7258a8eabea551
SHA1 f5dd9c811004d8a632d7ebab340fa6cba0c1be5b
SHA256 df1177ac03a6cbc3599267d48e7b1fd2a253d566fc694a9b00f187b4a018efca
SHA512 8f89a6aca599beea5cf77cba63b7672376f949f3950bb0558bd19eeaec86b792b4333039eb59479845f67f27d2c75225f5e9491eb99a3be84cee03d957ac4b6c

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 161557b06b4a4d3ce095528dea370eb7
SHA1 8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256 f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA512 96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 5d033f789032edf4b8df197003ee7ce9
SHA1 54ef9e98954c46ea58ac61f01038c65dfc493287
SHA256 1599ea0e22bb76bb8704d4dd1338726155b2e8bc303cb16dddbb0bb55442c9fa
SHA512 8b4495cd2ca275a6b0eca018f38156a993aa2a7864b820bf0e68df12751234e00e27b38f2eda80d29b19a0710c1e2124fc4662e1ddf5451e66f862d08980dc09

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat

MD5 8d80bc8ea90e9cac010d3ddf97bda5f5
SHA1 f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256 f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA512 9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/conlts.dat

MD5 8db9f040a9ff9191bf8a555759b22587
SHA1 25145dc0c6155e0ac318c33fe44318760c40681f
SHA256 f02f73c0d6fed9ab1317b30318c0d4fafbc00ba6e100bc8987425cbd3863d6fd
SHA512 22fc7d107760db84f59cbb62784eff70e46d1c95c53f261388f40454e7775f87d273bf7c0c4226b24be8a0ac990e60844cb00fbdcdd3cf3891609417fcae6429

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 4ddc7b22f7c3c15fc006b3e998bc9705
SHA1 34c1b73995e140e853426b0ad7ef6f921ea24b10
SHA256 b422922bdd392beaa81edf8067660e6243b28e8a1ff1da7129ae1c18d437421f
SHA512 69e556b5b0f69621e69f78e05bf488226fb221f7610009318962c5d39af793207ca6ccf6083d676f293bca0d7a486d9e023ca9f7a3cfe7ab752e31f4fc57b7c8

/data/user/0/com.ifeng.news2/files/ifeng_statitics+5.5.0.dat

MD5 67adf080b3b78b36970268abe6d9423e
SHA1 bb34d7df0d8969d5d239ae9edcdd974b449c9e54
SHA256 93ed2c28356d01b80d27428d697596f474bd9367fe2fb9e30657146614643e8f
SHA512 e6d607a8e8b40a0044341425fb44a0a0fa9b42d43f0085b2426cd21f5d025129a32b17b1cd8c443cdfb528a2ac41c6d0ad1a5be709205baea61dcc8182336d7d

/storage/emulated/0/Android/data/com.ifeng.news2/files/baidu/tempdata/llg.dat

MD5 cc9882fbbdf79eda91c5a58ce9f53405
SHA1 df3d6ed9447afff9c105a7cec2a114b5bfca94c5
SHA256 22407babb714c53178d1a8b61ffac23d35d370cd0f8089a8bab7ac65cc8cba45
SHA512 97116a786c0ec825fc741d7d90445266e4507a7b459e49c93e3ccdf8f38538b095e31e54f9c9de1071856ecf60e5b806f83dc9fbfa94d8b17d8e17f5a0257a07