Malware Analysis Report

2025-01-19 04:53

Sample ID 240618-jhf78stcrh
Target ba80e4f329afa9fda68f19bef3c30022_JaffaCakes118
SHA256 efeacff00e934aeb31d8554ebd88a4bd59189061b128b76c69fe0e8e3a453bd8
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

efeacff00e934aeb31d8554ebd88a4bd59189061b128b76c69fe0e8e3a453bd8

Threat Level: Likely malicious

The file ba80e4f329afa9fda68f19bef3c30022_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Checks Android system properties for emulator presence.

Checks known Qemu files.

Checks Qemu related system properties.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Queries the phone number (MSISDN for GSM devices)

Checks known Qemu pipes.

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Requests cell location

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 07:40

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 07:39

Reported

2024-06-18 07:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

188s

Command Line

com.ifeng.news2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.qemu N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /system/bin/qemu-props N/A N/A
N/A /system/lib/libc_malloc_debug_qemu.so N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/qemu_pipe N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A
Framework API call android.hardware.SensorManager.registerListener N/A N/A
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ifeng.news2

com.ifeng.news2:pushservice

sh -c id

id

sh -c date

date

sh -c service call iphonesubinfo 1

service call iphonesubinfo 1

getprop ro.build.version.opporom

com.ifeng.news2:QS

com.ifeng.news2:remote

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

toolbox ps -p -P -x -c

com.ifeng.news2:downloadRemote

ps -P

ps -P

ps -P

ps -P

com.ifeng.news2:remote

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

ps -P

Network

Country Destination Domain Proto
GB 142.250.178.3:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 user.iclient.ifeng.com udp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
US 1.1.1.1:53 v.ifeng.com udp
US 1.1.1.1:53 api.iclient.ifeng.com udp
GB 43.132.64.151:443 v.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 1.1.1.1:53 fp-it.fengkongcloud.com udp
CN 152.136.248.158:80 fp-it.fengkongcloud.com tcp
US 1.1.1.1:53 config.nine.ifeng.com udp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 stadig0.ifeng.com udp
CN 123.57.250.119:443 stadig0.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 1.1.1.1:53 norma-external-collect.meizu.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 loc.map.baidu.com udp
HK 103.235.47.89:443 loc.map.baidu.com tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:443 api.map.baidu.com tcp
HK 103.235.47.89:443 loc.map.baidu.com tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
HK 103.235.47.89:80 loc.map.baidu.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
GB 43.132.64.151:443 v.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 1.1.1.1:53 fp-it.fengkongcloud.com udp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 1.1.1.1:53 www.qchannel01.cn udp
CN 49.233.236.43:80 www.qchannel01.cn tcp
CN 183.60.176.112:80 norma-external-collect.meizu.com tcp
CN 49.233.236.43:80 www.qchannel01.cn tcp
HK 103.235.47.89:443 loc.map.baidu.com tcp
US 1.1.1.1:53 ipush.ifengcdn.com udp
US 1.1.1.1:53 ifengad.3g.ifeng.com udp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.112:5224 sdk.open.talk.getui.net tcp
CN 152.136.181.124:80 ipush.ifengcdn.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
US 49.51.190.27:443 ifengad.3g.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
US 1.1.1.1:53 ait025.analysys.cn udp
CN 103.234.21.36:8089 ait025.analysys.cn tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
US 1.1.1.1:53 api.newad.ifeng.com udp
US 1.1.1.1:53 stadig.ifeng.com udp
US 49.51.190.27:443 api.newad.ifeng.com tcp
CN 123.57.250.119:443 stadig.ifeng.com tcp
CN 123.57.250.119:443 stadig.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
CN 152.136.248.239:80 fp-it.fengkongcloud.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
CN 123.57.250.119:443 stadig.ifeng.com tcp
CN 120.53.213.210:80 www.qchannel01.cn tcp
US 1.1.1.1:53 pv.sohu.com udp
GB 43.132.64.26:80 pv.sohu.com tcp
US 1.1.1.1:53 rturd025.analysys.cn udp
CN 103.234.21.36:8089 rturd025.analysys.cn tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
CN 152.136.181.124:8888 ipush.ifengcdn.com tcp
CN 123.57.129.163:443 stadig.ifeng.com tcp
CN 123.57.129.163:443 stadig.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
CN 123.57.129.163:443 stadig.ifeng.com tcp
HK 103.235.47.89:443 loc.map.baidu.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
US 1.1.1.1:53 mfp.deliver.ifeng.com udp
CN 39.107.88.232:80 mfp.deliver.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
CN 47.94.99.240:80 mfp.deliver.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
US 49.51.190.27:443 api.newad.ifeng.com tcp
US 1.1.1.1:53 user.iclient.ifeng.com udp
CN 39.107.88.232:80 mfp.deliver.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
CN 152.136.248.158:80 fp-it.fengkongcloud.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 1.1.1.1:53 config.nine.ifeng.com udp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
US 1.1.1.1:53 rtait025.analysys.cn udp
CN 47.94.99.240:80 mfp.deliver.ifeng.com tcp
CN 103.234.21.36:8089 rtait025.analysys.cn tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
US 170.106.112.116:443 api.iclient.ifeng.com tcp
CN 140.143.218.171:443 config.nine.ifeng.com tcp
US 1.1.1.1:53 nine.ifeng.com udp
US 170.106.112.116:443 nine.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
US 1.1.1.1:53 iis3g.deliver.ifeng.com udp
CN 39.107.88.232:443 iis3g.deliver.ifeng.com tcp
CN 140.143.218.126:443 user.iclient.ifeng.com tcp
US 1.1.1.1:53 api.pushhub.ifeng.com udp
US 49.51.190.27:443 api.pushhub.ifeng.com tcp
CN 47.94.99.240:443 iis3g.deliver.ifeng.com tcp
US 1.1.1.1:53 api.3g.ifeng.com udp
US 170.106.112.116:443 api.3g.ifeng.com tcp
US 1.1.1.1:53 fp-it.fengkongcloud.com udp
CN 152.136.248.239:80 fp-it.fengkongcloud.com tcp
CN 39.107.88.232:443 iis3g.deliver.ifeng.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 47.94.99.240:443 iis3g.deliver.ifeng.com tcp
CN 103.234.21.36:8089 rtait025.analysys.cn tcp
CN 152.136.248.158:80 fp-it.fengkongcloud.com tcp
CN 103.234.21.36:8089 rtait025.analysys.cn tcp
US 1.1.1.1:53 fp-it.fengkongcloud.com udp
CN 152.136.248.239:80 fp-it.fengkongcloud.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 120.53.213.210:80 www.qchannel01.cn tcp

Files

/data/data/com.ifeng.news2/databases/androidx.work.workdb-journal

MD5 9c8c979443b815378481c6114c5be92e
SHA1 4d9e09a47a86ad9de63b21f0015e5269454fc128
SHA256 c9a51ef374d099f9438770f084ed22910398ba64a9fed3654bfaad8bc203891a
SHA512 2fffa08fb4b0a517f1934c360ef62f4bdca2c02552d2dd463f2ae58418d71fa8afc5768ad3a70864a4b20d6cb7736c18ff29d5345ee498a5bec81517a653c383

/data/data/com.ifeng.news2/databases/androidx.work.workdb

MD5 aa99281ce0cd69a9302f8b64b918ad75
SHA1 ccafc0e5fb16198e466b209a888301f4100fafe8
SHA256 a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431
SHA512 a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

/data/data/com.ifeng.news2/databases/androidx.work.workdb-shm

MD5 a69e6cdd1febad2a70812786aeb7645d
SHA1 153f05c686a745344ae18ea4fc73db928ae48d52
SHA256 e7b5f00c99e22fe2b7fff4482fc1cdd88af9b474e957b18d3ac321743379e331
SHA512 50e2320c6c4057e86fafc024264d76113dfe9fc873ab217062611a2abba7f34d12b3fa77e6cae7f511bc82d6e727ea36264ae93e54ff9918b86c4b4a514b2505

/data/data/com.ifeng.news2/databases/androidx.work.workdb-wal

MD5 11fddd2a8b5fe3a205838fc03ebd27c3
SHA1 f6ef99382110f887ede21a01d3cc7868a001c4d2
SHA256 e5a80715e3cc9e343f5eaadf99279405f0bd836a6db70115c50029b02f029835
SHA512 0c09989266e3730aac29dd04689ddf2fd49ed3c382b8ebe251500e11bf0b9c9895569ff0645688f0474fb7243e893e51569b175caf8f970ec9e93e118b122ed1

/data/data/com.ifeng.news2/databases/androidx.work.workdb-wal

MD5 9dce4089754af0d964770df09d8a12db
SHA1 5cc643022a3b8a60aaab09acc03f0753e49ca20b
SHA256 07427df51c55498473e82d8aa22db6e47d72e0b4138dd925688795c9ef3ea7b3
SHA512 a8751c8ca48ef02a4bc912aac8e88a419f1b1533f73a77dce3f9133c5a2f4c59dc8bf67869d2f07dd51abbe34ec103a4a7a4a7aa376ecf4cf557b4bf4600cd81

/data/data/com.ifeng.news2/databases/bugly_db_-journal

MD5 3f47da2b5b90f56b7ccbf952b5c5c0fb
SHA1 62acdccb05f2484481e4c33635e4a3140efcc372
SHA256 7430c9aaa753284e7cbacc0be1e5d9960e2c076c55044ff09182630db13ba07a
SHA512 b3bafd7656bcf9a0c44ea0aee644eede6027e8905ed9c7a3a1462a2f5493857b8bc9334add5274c0dca8b2522df2b28420ed47b2ec9fa0911fd09068cd3b24b8

/data/data/com.ifeng.news2/databases/bugly_db_

MD5 63d918e4173c1fb7e33e30f2d9b3af4b
SHA1 23cd818f557e04575e4a214d90e1e9343fbeafef
SHA256 dab7c6cd07ada373205e72438956dfb2ea2157eebc39372a15e06c037d9e2a87
SHA512 d96cd932a65553279c504aa1b48cec8b05c38a969d6cf23a43500529cbaeba3b7b6823c0bca217f1b48455597b94eb07fe35f7bb987bcfbcb3bbf6d61692e410

/data/data/com.ifeng.news2/app_crashrecord/1004

MD5 2e930a537cd2cde18a3ddf40accbf58b
SHA1 b8f4325669ab73aaec0d8daa0272bc7e2b9fd334
SHA256 19eae5f3606307274e74211ff1256b7622c4d8b9c316046075d09e844b672a68
SHA512 3a1d94bf21dd946786a95cb1b428390dfdeb0d9ea00728cee2d5963a5c636af6020a63a3d25cfb0b33942d3e137726f322f24928bcb4992c1108536222dc8f99

/data/data/com.ifeng.news2/databases/bugly_db_-shm

MD5 f135b1e72f22bef87a09554b9c1e201b
SHA1 59b29e39d6b1f135e6e7e6f5fcefafdf6bb0d74c
SHA256 405ae29f6c5bbe625deca0618a04039e77a94cdc8879ffcd984c148060bbc705
SHA512 85f79f991dae32b51d8a91315705d63e5d1a087db5e1a9ab0b69ebe4cd87d76ce7d9f131e3bf6219a5058927f31678b09fa71ee7e2da6c2224969cc3150f04bc

/data/data/com.ifeng.news2/databases/bugly_db_-wal

MD5 44c6d3892d1b22b483e080489468e335
SHA1 28c12f11c29c831eb3a8cfc35050cd4afe5ab413
SHA256 5e7931ac79aad3a69615e1028c620ac51103a60642c4c7ea67eef3c2ab791470
SHA512 f22312cb4faead42427e3f2a288316c0200a8e6db620463398fc12fea6ccf01e0e2b9c374c691fb3ed79c515233d8aeb1b3e8ab87878c813c7d31db2cf5509c0

/data/data/com.ifeng.news2/app_crashrecord/1004

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.ifeng.news2/app_crashrecord/1002

MD5 39ac0e2fd848fe26ee88798707586ef5
SHA1 f2b7d0b5227254d93f3399d067feba5d6482d64a
SHA256 9b05cf6cac02031f073ec63bea1d2ac66fcb943a3a343e14336e4e6cea94cc82
SHA512 0d2d1ea9de48c3d13578029915d16734fd8c121bffa07af561dee4e53e58ac6c167dbd8dd67ba92d72cef725ac333491b1ef9595430899fbc500442a3f15ece4

/data/data/com.ifeng.news2/app_crashrecord/1002

MD5 9007634f6598d0ad7d77e910e51b2f9d
SHA1 9f8730d2fdacba77023fe3d5526df3bfdc90a452
SHA256 d80f63e17930a262819920b67eb5ebddc32373c37e0f5c7d7bea0e90496b6b59
SHA512 cab9ed426cd89f00ef2c097187972ec9b7895edf455018723e0b774767cbabf61f69dd11d994bc3f6e5061ef0570b3056b3628a24fde3016bfd78ab991da4123

/storage/emulated/0/shumei.txt

MD5 8ddf1711caee3f9ea7e04702989455d4
SHA1 3a50cac1cbd6bd72745199cc0ed33bcba6e7cba9
SHA256 b56d4b63f71a37386ebe7de8e9d121e2c305258572371e2eb9803f6d3034f52b
SHA512 4042b15cee5a15a4d0f9a06d55278df09adea4c8ffa33412c322b04993044f64a14c8c1193067441a04ef5d0ba3aaf6cdb78d3d166dea6ebd9f4d7a498cd1b81

/data/data/com.ifeng.news2/databases/tracker.db-journal

MD5 c707c701586d0eb0d370ff7e77c79baf
SHA1 4353b2ffda7ae29a566f68ff940558ee576118a7
SHA256 124f5ae93cd07cef7d63b5676b057161ecd93503625581b1e864c3d94ba505a5
SHA512 98340e0443e93ea42f9cf30087c8f3faafe4e479dae6c907d13af41d859fbb91c2ba4bc5fc0f629c041be2ad56c72f5158c15dcf414913a3edf4875d676c73d6

/data/data/com.ifeng.news2/databases/tracker.db

MD5 1deb6b895a2280f63ea2f3783f0a5ebd
SHA1 c01eee51a200d2007d3972b551e2515fc8f96d95
SHA256 c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d
SHA512 269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

/data/data/com.ifeng.news2/databases/tracker.db-shm

MD5 6e7f43531b097faf1095774cb2a5eef2
SHA1 87b20b52aa937407682b8f9f0f5a9a4bebe6a43b
SHA256 19a2c453d099d231896cba1d1bfade344516a71f8092b3e65fc14e8345946dc9
SHA512 993237c9380689e2b81145071ab3d23ae492e4676f8609243c9369ee50f036ba406fdb7ca78866143443d9e55a9aa9380190b449f282e101f65b4728edbb5faa

/data/data/com.ifeng.news2/databases/tracker.db-wal

MD5 0d13c5ac966ce6fea03fbe1391fa13bd
SHA1 0fc1a7b71f63f4f5d23d6f2c8973a81f88405495
SHA256 0c1e862272f290512d4268a43994581d61aa56de7a6f1f57724651a167f1f2bb
SHA512 a3ae7143884ae3aa18a1d2e07d5af332bbd216fa3c6458f006ef0ff98ad03c90a135c8290b66d2d395c1900c6334abacab29ed62cbb6505e389adca5287a3504

/data/data/com.ifeng.news2/databases/ifeng_main.db-journal

MD5 f02fea347074fd7acdcdb0eb06432923
SHA1 7d36fc8a4b79175bc9b04db199d05c0cd10fd265
SHA256 e011b27717980dffcac767e0d323bb56ba1ca0d6bce22a4840d6008f0686e230
SHA512 29a3e5207b5ca7337ddc6137d296994f48208ea8b671584e0f4e574e850468e77ca30f1d86de8c9571f9b09cf849a3cba76e65b066f329e67afbde79873a268c

/data/data/com.ifeng.news2/databases/ifeng_main.db

MD5 0e534fca1427fec33437c230c354b306
SHA1 75d7827d29768046285165113baf02eadb436749
SHA256 c60d866d68a7563fc5b327a1881666c66e98f2390de21bd7a9351244c231f33e
SHA512 8dd097f64a4db53bbbf171483211bfb3fb707d6efe0ae93c0c59745a0a1d97c40cc4036eb2543b03e61a11b29620f79b6c79b1ebfe767495be8e06c9543788cb

/data/data/com.ifeng.news2/databases/ifeng_main.db-shm

MD5 5d69a62b72879b631cda40e960378828
SHA1 2361245e2a99c15a44454f033392f78c1557662c
SHA256 d443e16241c199c29571e3f52fd1090a560a9bfe7e3ef4ff7f563bb42cfeb721
SHA512 8faf4422005e64e7c25b077c77d971644a1fc60b882bc46804bfa900c3c48542bd29197bcdecd62d233d8f16fc290d035ffaea39a88f9d116ad1dd3ff7417a69

/data/data/com.ifeng.news2/databases/ifeng_main.db-wal

MD5 9e505168835967945f43c791c246b588
SHA1 eca4890388bf62640add76e86abcda5aa2028ec4
SHA256 8a71ec5d00e973a2be182b1ce7c516ff068edf5feaeaa852692b5c5a387b054b
SHA512 15cbd22bd390784e4abc4289be25e65a15124e4f37f34b484ca91b0e70f2b2661686b616e484a53d34f6561df45ac4fe1e0e47ec953ccbb2a839af72d8127596

/data/data/com.ifeng.news2/databases/eanag.data-journal

MD5 75a741d6855e4f35f41586ef7c86e6f6
SHA1 7b772dbdf94efc3ada2a99fc0ad48dc24bd5d6f8
SHA256 1e7389df1bbcd6f9f7122eef9480b1b67c88836ddfff4f2d352219b3ac785afa
SHA512 7917a7c89d067ebebc8cae36ffcfa61cda8f279e18d0e00d0c27e44304734948e432a3076189a67cc2aaed556a731b959d3520ecb97b80ddb76a9146654e5eff

/data/data/com.ifeng.news2/databases/eanag.data

MD5 677c758c21733a50334d89a97a6a3af3
SHA1 8411ac366504a7f444285183b2935a7526de7ddb
SHA256 057873d1af8e5f69372f1444721f8dffb23320e1020377a469c60fe89d3efcea
SHA512 4fd71e844c16e41acbd449498328de138ded5445adb9890109db79b381362486fc5ff98b25d6cdcf63d980ae12180e51df591455bd11d8b11ae1f23fef12ed62

/data/data/com.ifeng.news2/databases/eanag.data-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ifeng.news2/databases/eanag.data-wal

MD5 1607517258e69f657dfd82fc78387aa2
SHA1 5353027ce737983a425e9f6325d475b048d48e11
SHA256 ba5ce2ca2dccdebe246eb5edc256396cd7c2f314c52f5747d2750bf7d8202c4b
SHA512 10285d7b842fa8c2e0a9fcd1437a1f26be5aec10ea6f8a6963e049d1dd56bde62f34f946149f28778b2ff495525208a2d0614732a61813a1f669c2983fa62f97

/data/data/com.ifeng.news2/databases/push_record.db-journal

MD5 a22d2742e85bf5609ad4148ec917eaad
SHA1 48b28f64847a416ea8d72f3cad58a441af1495d7
SHA256 4cd91e97b658b575ddaf3c6eab5063e8e48596a00cf62cf3a62998ef678f2165
SHA512 05186cf3ecd93635ca3f44aa84fe4c0ba32aacf56fd8d28ec235bfbbefe12ac9209f21242c02eda233798b8fa5ec0ce213723d2bded8d756b3ec44996d5d66a8

/data/data/com.ifeng.news2/databases/push_record.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ifeng.news2/databases/push_record.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.ifeng.news2/databases/push_record.db-wal

MD5 0786d6b700342c547194657b03430914
SHA1 ceff5599ad02643b2fc5b27ae43d2edef3d8e4cf
SHA256 0405ca6b88f776b985ee8c1a9c7add1ee9b1eecbda74b004c89bd1b555f594d2
SHA512 34f1a8d7615fdb9f0710c61a1d2f5c221328d98e363e658e76b63d015d8658fb0a87068443e80fe62a471e76e4ece9b610d0ca9dcf00863f6eb94ed761364f24

/data/data/com.ifeng.news2/databases/deanag.data-journal

MD5 2f29ca3dce083f2e4e3fbd3803f2d97b
SHA1 c30676a0a79014343e06b97091efb20c64402431
SHA256 74a601c4a263ab680806a1cccedfd9ab960145101e5f85a5292aefe6d0a2e778
SHA512 cdb6fd814c54ad512c9e3787c5b6bfd01cb83e4ceb764a9764dfaac861c21c56f4c5d4294ea0095336fed7c7bd4f0dc89da5b7bf17674172ebbc0ad00deb718a

/data/data/com.ifeng.news2/databases/deanag.data

MD5 b958a9f24c864caf1039d5464b37531d
SHA1 58c81fb563dc23efadf21f6945d84f73d3599e77
SHA256 1e6b28d48c9a4f7937ae7fa15622cd722a01b286f3c30b9134442290cbbfab7a
SHA512 08f63163aa7aec22b44543f62609df86860243b14319404804518e13d8ba0709e00c440ebd4314b998b93af6333851f1f0d2895ac2d85280d129aed58452457a

/data/data/com.ifeng.news2/databases/deanag.data-wal

MD5 ab30cdea81111327d48c03e7887a99d4
SHA1 0d334cb76b357ab9b2c130c2488a4d252adc54f3
SHA256 7f0010a7f6dc3db629959f0d8c19247d6c1c25c70a220a6ac6102cdc085b8065
SHA512 73a86f8fa25ef2a39ebda9906d7cc183c019b48a8fcbbc8005aee6de5d3dfed315f992173daf209ea9481ea6f18222afa6ccda6563fba9e8559c52913708a2ea

/data/data/com.ifeng.news2/databases/pushsdk.db-shm

MD5 0c444f9d86b45147579982385e397712
SHA1 feceae260900d0c5693b42522467a1260cbbd8c1
SHA256 8f599ec4fa1eb2990e7e1d3d9c9b06a89ba9f0ff699d4fe5b53f800e4a09a878
SHA512 67573da9a7f4f45f32b451bec0167ea809286cb8e6cd21bf878953c31e267e73bbbbb18af3ac4db4f4d0243ea0f1eb186ae4d1d27f4fa34b175dc0af58f31a08

/data/data/com.ifeng.news2/databases/pushsdk.db-wal

MD5 5cbbbcff3fcb154046629bc853eca1f6
SHA1 f98cfc7d4aca246fa713386dae1ebcc98248e40e
SHA256 5da9aca28940e1a5a11d7a64040c1bd22c5d8085d3bb5b134e253d4323751545
SHA512 f2bde5e97cec602f6bf830e385022040003911b236911db8025e3ced54d7e52fadf91f51c9e320f804b89737fb511986ae153f67da97bbd9f0404af883e5354f

/data/data/com.ifeng.news2/databases/deanag.data-wal

MD5 4419e1ec239c7a756619c71a76a496f2
SHA1 e41dee3c8d43b1754f2b82e52c4fceb42768954c
SHA256 8d6c67f9d8da477afbabc4becaa3c43e522a53608ca6ecb61c4ace6d29b0f3df
SHA512 58a6ed7df3640599b5256a085aa0ba8959970cfa6c22eba7fdaecd6af53dd5753207d5586330f7ae4846208a3f26ba41c18216bc5b6d8b2d04dcc99f7dae9a00

/data/data/com.ifeng.news2/databases/deanag.data

MD5 eab3b84607ff867577f25d65817e59f4
SHA1 be0fb853bddc5d5e761a5219e4a8663a72f120f5
SHA256 2b062ac016919c7f3096a0c9314bd94e1789bd2705ae71e588d95215baf23bf6
SHA512 24bff7b40713cbed7f43f2d4299b63da780fef8148c33c2a9ad033e6598a25cf0644b8d45cd5e540b59d81decd56df6bddf415858fdc6a48f0fa1109adf1ebd2

/data/data/com.ifeng.news2/files/ifeng_statitics+6.5.5.dat

MD5 34c3579b32847e5bac7e179c034e3483
SHA1 5d0db0595e0fccbcd8d006579648ec57d38cf8c6
SHA256 15c24af106ef6b738b0e268479be9823d7cf144ea7a1546902e05fed8de23823
SHA512 ca60bbf8aba14913d2e840f079db48e860225d2fa052ee2b9e6e5b8b9675cacef336492bc2554bd1fc97724dc440f8bd8992ec44d025a31de50da803d4deb32c

/data/data/com.ifeng.news2/databases/reading_history.db-journal

MD5 f6ee2c2a81127566b1172b1fcc392094
SHA1 912dcc62bf97ec9ceb4ba553fedd498c47ae53b7
SHA256 cb5654ded55676482fa5369263b3888cf54e5b3538bcdbf457416a64635d37b2
SHA512 8fa315f93abb9fb35953c44b06feb4b7997a34b2b32735bd3d0b8e25dd0c6220c6348191bb62ddf84f10e5bdda1c976777257cf09a3d3fab86475eed5165c548

/data/data/com.ifeng.news2/databases/reading_history.db

MD5 fe03a8b1792c0cd8cf99e930ff3497da
SHA1 36fe03d44ec7a7077fcd9b18672aa2c51338c8c1
SHA256 f1ebb4e8797d572b4799b7cd9fbbf8aaec6d8336082382c0c35aef23304fe5fd
SHA512 9cfd66251997635cad1222ebeab48a91c96f594d306c8bfdf3ad038584042136eaa7b7c587e1d9fa155973a1d6657a5222f9dc71e305a738e7103e07d0c23d5a

/data/data/com.ifeng.news2/databases/reading_history.db-wal

MD5 a4c5d9d335b7bc2cf6953d266a8627e5
SHA1 1f895135e37bc7a5bc74039757eb45ab9eeba1a9
SHA256 a259090698f1eee1d408a26a24aee07602f147e10fbb67790bd2e456cf24d65b
SHA512 92a2d700607b75f49072ff0ba2db2d3ee16ff38b39bcccaeae1c33676fa9676e5d4b0b5eee25a6da54a9a5c2ba3f0f9e42b79e77045f48f9277b9f549bba4e9d

/data/data/com.ifeng.news2/databases/deanag.data-wal

MD5 bca8204bc638c1dd058141f32e12031d
SHA1 4c796f0fad51cbc1f75922f034ca138b9bb83454
SHA256 f95a12f5a614cf61eb3629fd19a5a349fdfaa5e49a041fce97411824d12326cb
SHA512 01d39ef61e60772520d5a61565e42fc5f49d7185d01a78a8312b18562c3c45e576d0f9ea093deca8174bb7962aaa5e3ae1e35d352687f3441f79340835a1b44b

/data/data/com.ifeng.news2/databases/deanag.data

MD5 ccab766b16c6b29afb8079102fa3c531
SHA1 7e5c9d32a4e1f2eaf5caee36707bfb87c553a899
SHA256 fc1f388c9b244b03e75bc7c6c5b4d47320efe573d8c6ad20a06f437733e05fc7
SHA512 e059695a47d0dff068d44adec4a35393fe4f3f8190cbb0f800d68cce0e680757075368a814fa2f5b4880f4fbedc31b8cd90ead282a14b3ed987dae20a6b86c8c

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-journal

MD5 1bdefd5992433cb39b1a09b011c96e10
SHA1 029afd92e0d20d72538d6755b8778a654b21cee6
SHA256 1db0effcbd1202ec814750a22d8b62e21fef1c9fb99c88fe0da0ce975b52ca4f
SHA512 f2f1e67064f9f22121b925599262d8352fb29faed5385a50c770a1aa5ebc9d646de300c60a9940831cd5627f8d17c953097527cc1981146b500f321c4d5a3133

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db

MD5 88117d0a6dc0057b46d8d9adafc71165
SHA1 020a7201082dd6dd12fce803bd91e9695db4e008
SHA256 021d47fa8c11a11a4a83f071bcc9aec424f6577bb536698156101fa4fa63bb54
SHA512 b39b7bdcc75c48530d08ca5b5416624d2138e10ce47c0a4b038d5b0ec524bfd417c89590fd5bef47843b86127c0d8f771ea65f442248f033a82910905a8a9e21

/data/data/com.ifeng.news2/databases/COMMENTS_DB.db-wal

MD5 7899fef4bb209f1e5b9500a216af1ced
SHA1 e16e3d8af46952705f02ebe225ff643ad5969b88
SHA256 b993029442e8ac1678096804f6f2357235f43108dc7418c97d73a2cb3acf8020
SHA512 8f8b0c3cffdef5f4b53acf46b58b64f0154c8e7a07c8f5ff87de7cb8899c251f9620fe906c01dbba82b0a2215979c49e02f053faedd53c9ced63ba48c0687fd5

/data/data/com.ifeng.news2/files/init_c1.pid

MD5 7a969a8f970f4e575577c5405b8d8ecf
SHA1 475292cb76c426c43abb462127fe04229fde5904
SHA256 080aa78c4e02f3788edd526ecad8e8cb5fd06675e3fca5ed36c59b9465eb603e
SHA512 5d3780589570c7f106a06ade910b2d0627fe33d8b139b19b9a8090650797bd60edbb2b998f9d4fd16e30e576b5a153684eb45afdd223218df44693e113b27198

/storage/emulated/0/libs/com.ifeng.news2.bin

MD5 2975983441312c9135f5f94eb876dab1
SHA1 5d9078efd7168ff2c2f0df442682a192c5a28324
SHA256 e67163da61fa0771314d1555471b4a05e8f02eec74ee3f3da57fef267a484743
SHA512 63111e5ff53944d557682d4ca9a314a4c8dfdd613c0c6c87e1eedce613b2bab5fe7b2589cb8c21ff91d8d3113b9db0c87f6fdb144cee42ba835dc981cf94392e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 07:39

Reported

2024-06-18 07:40

Platform

android-33-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 tcp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A