3d9db4de30932cb36bbc631f70ed516d93c90e51d481bd48b94bdfb83f8a66ec

Analysis

max time kernel
169s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13/06/2024, 02:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a37b4ad34f51957f3ecd532ab535e3ea_JaffaCakes118.apk
Size

6.7MB
MD5

a37b4ad34f51957f3ecd532ab535e3ea
SHA1

25dd7bfa664931081aaff4739ca79d696e45f3db
SHA256

3d9db4de30932cb36bbc631f70ed516d93c90e51d481bd48b94bdfb83f8a66ec
SHA512

86df591c7dd60706fd639bfcade0b9d68358c3065b8f84151e17c53d2ec5aba7b22a50be5a7b0b04dc99758baed8c3cc5cdb831d642e8763d289610e07da780d
SSDEEP

196608:qjoH3ZX4Qs01H8mGaNUXKSWjiFDNaFkR75N3VAvl/l1tm1Sqi:qj8ZIQtNUXKroDWk7NlAvNl1tmM

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/su	com.mida.messagehelper
/data/local/bin/su	com.mida.messagehelper
/data/local/xbin/su	com.mida.messagehelper
/sbin/su	com.mida.messagehelper
/system/app/Superuser.apk	com.mida.messagehelper

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.model	com.mida.messagehelper
Accessed system property	key: ro.product.name	com.mida.messagehelper
Accessed system property	key: ro.serialno	com.mida.messagehelper
Accessed system property	key: ro.bootloader	com.mida.messagehelper
Accessed system property	key: ro.bootmode	com.mida.messagehelper
Accessed system property	key: ro.hardware	com.mida.messagehelper
Accessed system property	key: ro.product.device	com.mida.messagehelper

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.kernel.qemu	com.mida.messagehelper
Accessed system property	key: init.svc.qemud	com.mida.messagehelper
Accessed system property	key: init.svc.qemu-props	com.mida.messagehelper
Accessed system property	key: qemu.hw.mainkeys	com.mida.messagehelper
Accessed system property	key: qemu.sf.fake_camera	com.mida.messagehelper
Accessed system property	key: ro.kernel.android.qemud	com.mida.messagehelper
Accessed system property	key: ro.kernel.qemu.gles	com.mida.messagehelper

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.mida.messagehelper/.jiagu/classes.dex	4175	com.mida.messagehelper
/data/data/com.mida.messagehelper/.jiagu/tmp.dex	4175	com.mida.messagehelper
/data/data/com.mida.messagehelper/.jiagu/tmp.dex	4175	com.mida.messagehelper
/data/data/com.mida.messagehelper/.jiagu/classes.dex	4435	com.mida.messagehelper:channel
/data/data/com.mida.messagehelper/.jiagu/tmp.dex	4435	com.mida.messagehelper:channel
/data/data/com.mida.messagehelper/.jiagu/tmp.dex	4435	com.mida.messagehelper:channel

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mida.messagehelper
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mida.messagehelper:channel

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.mida.messagehelper

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	com.mida.messagehelper

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
26	s.appjiagu.com
39	b.appjiagu.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mida.messagehelper
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mida.messagehelper:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mida.messagehelper

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests changing the default SMS application. 2 TTPs 1 IoCs

collection impact

SMS Messages

T1636.004

SMS Control

T1582

description	ioc	Process
Intent action	android.provider.Telephony.ACTION_CHANGE_DEFAULT	com.mida.messagehelper

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.mida.messagehelper

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mida.messagehelper:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.mida.messagehelper

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.mida.messagehelper:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mida.messagehelper
Framework API call	javax.crypto.Cipher.doFinal	com.mida.messagehelper:channel

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mida.messagehelper

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.mida.messagehelper

com.mida.messagehelper
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests changing the default SMS application.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4175
- chmod 755 /data/data/com.mida.messagehelper/.jiagu/libjiagu.so
  2⤵
  PID:4200
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4391
- sh -c ps
  2⤵
  PID:4521
- ps
  2⤵
  PID:4521
- ps daemonsu
  2⤵
  PID:4549
- ps | grep su
  2⤵
  PID:4567

com.mida.messagehelper:channel
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4435
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.mida.messagehelper/.jiagu/classes.dex --oat-file=/data/data/com.mida.messagehelper/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4589

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

SMS Control

T1582

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mida.messagehelper/.jiagu/classes.dex

Filesize
3.1MB

MD5
a48506bd2578830c5df386e74aea63f4

SHA1
648910706f768e0cef01feeb805e4579c996eda5

SHA256
56cb5bcc778f899d96aa6ce005615e17f94a79d05998bd11ae70f64aaa457e79

SHA512
9be724646a8504ee031b8836e6d29b43b9e75f70e5af6f4c9fe933eb05af3e19e4b3537a7986d828c4e223de833f567d4c336d8cb0ffe0576a3bb5f0e51fe7cd

Download Submit
/data/data/com.mida.messagehelper/.jiagu/classes.dex

Filesize
5.9MB

MD5
40c3f0229a49ec43ebe166338a4832ce

SHA1
f873387967223971c406c5b85928bb3f87c973ec

SHA256
cec0c50334c9a527d2dc2e1ba010850beaf2e63eeb914c0c333e54ba21d07b8f

SHA512
bc6efc3e3d76305333f6ecac782f59967adb7e19e997179806c170bd9080c5c7186b5ffd2ccc2568e5c15748f8612125765f06c8b0feba4e6444ec65eb8655a8

Download Submit
/data/data/com.mida.messagehelper/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.mida.messagehelper/.jiagu/tmp.dex

Filesize
284B

MD5
0fff15d3b34a8550f60a9a3badcbfc03

SHA1
9c22373a6ab2f0de6d76711a590471bb6a9933f7

SHA256
cbc16c371064ea26f46ff80bbc4377c8b9d79aebfea7d9bf6efc302c7e5b36ed

SHA512
e696649c331d5b6a7f4ab42be2e9e527ca0d23801bd526290459ec952a33eda2f6453faa486c25f5baf0cd251f4f7145aa26e36b227bc2fefd3ee05ce7a39507

Download Submit
/data/data/com.mida.messagehelper/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.mida.messagehelper/databases/MessageStore.db

Filesize
4KB

MD5
09f9201985f13ab6b9e18bcbe7650dc3

SHA1
1d2570f41f93d21bfef268b1c62e64c27b2fe5c1

SHA256
e3f28ffe91bd2df5797a031cdf2266d4c992c3d7288667955b44141cb9ab484d

SHA512
0ba9d113ef15dcb69f1a45fa00cb1d564d9f86aa5c52edfcc315b87cd4c6234ef0b3494c8e3bcb12ad5571d28b304847083dc5b5d4a116a53b3767ccaf6d684b

Download Submit
/data/data/com.mida.messagehelper/databases/MessageStore.db-journal

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.mida.messagehelper/databases/MessageStore.db-shm

Filesize
48KB

MD5
c1f0a01780112d24f4ec3feff91912ef

SHA1
269836c3cbe93cd11e1069d6c240a5452176a48e

SHA256
1648f3c68c98502b99bce7f46baa8d91f99865243bcc1058877d190524e00b49

SHA512
41ceb0e41d1ed935ff7200cefad1d13b83bc7a53f3c581d59023a9c7ea88aed3469bfab43674d12f4ef714dd6bec82dd40a7b8da01795ebe6f35b01287928e29

Download Submit
/data/data/com.mida.messagehelper/databases/MessageStore.db-wal

Filesize
152KB

MD5
56db6031344f1c1e9394e9737fbf6052

SHA1
db58051bfa9c641ea6831377938097dffd18a6db

SHA256
7660b92bd4ba5bfcb3f5e32e79eef2d5f85347c00c1bb5abe48e970d9cd3fd1a

SHA512
5660393609744738ea1cde44035740ae0b4adbdb7ca7028f35933f7e8481620a32c0836826907ac043cc313ef615b948e5d089282d76b2cf6aa90147ef91ac9f

Download Submit
/data/data/com.mida.messagehelper/databases/MsgLogStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mida.messagehelper/databases/MsgLogStore.db-journal

Filesize
512B

MD5
5d3a56202883d7bdcc98227380f54582

SHA1
424ca4e0459005a76f00d02374345b421a435eb1

SHA256
9a74080aa4dc857356f89711453650818f2079e3ec5e5a2e9173effedd7888b8

SHA512
491c9f190d4eda4cafb2eadc9dd67d37562f7ff16cb2d0f39406c0664540f5004145a945e5589fde580649b85babe92e42b061f5f258873a0bb9a8d6ff6457ee

Download Submit
/data/data/com.mida.messagehelper/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mida.messagehelper/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
fc3d9968a662a013f5364b109c8ac16d

SHA1
c0494bcf6833bfac5ea2ab5802ac63adefac1424

SHA256
ccd373061dd0b037494070f8f4ccc2664c027fe869eb482e6f6dd40a97957b1f

SHA512
e9071a47654ed6672701ddf29310c3252fc2b72a8db352752da6725359661483ec28606c646917e782332d4a8feccd591be4b6ebbcbcab0aa6fea98dc07e054e

Download Submit
/data/data/com.mida.messagehelper/databases/accs.db-journal

Filesize
512B

MD5
ed77631f578b2f7706ae8451cb87385c

SHA1
3f83ab06db129b2c904c02c944ef7585fd8fe0fc

SHA256
bcef6f8326d4212581fe0683a03b8c3a1889847c34f44ccfc870ed279f0df5cb

SHA512
e98588976d9b342c2be7f8da31285c12167b72e72fdb1beefb2886a1b89d4d1da098a47456a42b4c7b9392684c9becfcce1ea4e653501ebc24bf626fa9895b84

Download Submit
/data/data/com.mida.messagehelper/databases/accs.db-wal

Filesize
32KB

MD5
0e0414fa38135f5ed0467e16f51453b6

SHA1
b67052ed78456e4a330b15942036edf95b572fd7

SHA256
2275373666907ffdb7b10cc60fc6f86a671615812fc039cd7e87ef829518d33c

SHA512
3e4b70fb3b349f2949578be290316b9c1a4bb3af4bd597e1a9903ded23292a82c57b0e1253de0b0ef56446a54945309ec604e3e1198560ed100d2045c75aeb51

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db

Filesize
24KB

MD5
ea1954bac7f3ac3d00ca2d44fa696642

SHA1
06f78b42a9114f9078e021c5536f5a7b182b25b5

SHA256
8d35e86110346fa41f37de8dd1dea24f1c0f755e2221cce46b75619e9cce0e55

SHA512
736f3994c1a62406d240868cbbdfbd3475800822777b3b54384a3218aec95f5a2b00a7befc2356de985bc775712eede60f0c3d8b3133d1ee6ee2e30158826491

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db

Filesize
16KB

MD5
92d6a296afb9fc21c7308733ac7982ca

SHA1
c0527bc02b398e131ef519d4f8f4fefc800ec0b5

SHA256
fb496f5e3e29cc439f13a47619e3a3485787eda78db69932b485cd4e791c25e9

SHA512
fda068b7be07fecd58f11f8f33019fb42f9fb3c0d2a8e533495ce3360d2873c4d265ed3158d4c8d81e2b7ca64ed55b21e9c60817c895a6ca2c5988dc4a5becd9

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db

Filesize
16KB

MD5
708e8a9216226b0db6412f09fa3ac2fd

SHA1
c2a9692eac7249cb0b84299bcfdcfe5f35ced3e5

SHA256
c0e98696fb13237ac4b732cfc3817feb8c49d1fc966e634e19c43e3f5ad73838

SHA512
fb18bf4e155b65d0aa4ce218861f3af6863f36cca71909f978e9185db84450554c8f01920095d346930d13891aa003663abaf724d2eed4e94bd4dd0e2a2e9561

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db-journal

Filesize
512B

MD5
d4ccdcb706b67d4a2aca0d6c76094ce3

SHA1
c816ebb171530ed10bfceaedeba467716b4fc675

SHA256
e6dc66b5bb50fc2968bdf0cc60a0b8a9c808187837598bd361573cdefe6289d7

SHA512
6f6b0d466dc2ad536b2f25da9bd13cc11188d3749cb0c21386205bd948d43e9b25c0e5ae53c8f45c013db216376010c5c3db8e6b001d86ea32b44221d6554f06

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db-wal

Filesize
48KB

MD5
9a938b67f50f40b6afe60f21887ca558

SHA1
4e7171c54aab5815fac9cafe20a80940addb23bb

SHA256
40d8c11a1577c0ca21cbf1acfe9f55ee8d14ca3f6c2f88f1205c047ec9caf990

SHA512
1789dc7b8fed4665c85848e8be30652d01cb8c10fd480ff2f52c2aba488621580c30142183bd99b1358f0adbd9cbbd95d2771f68443341a7075c2b973f8efabf

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db-wal

Filesize
12KB

MD5
2186b0b6fc037815b43f9511ddd8dab9

SHA1
299f0369884155e7c43860b57add29a6a08cfcff

SHA256
f9116497fa24f43c8156097a4fbd09bfd55bd2239234dd762c2482713f2a08bd

SHA512
9693d01c95faa17bc2b87d6dc8be1e1bda5f72d3611ffe7e87521f5ec3b5496f057f37acdfc645627767b0d8996a5dc9f11a07ceb2833b76528d01cb556ceb13

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db-wal

Filesize
4KB

MD5
9cb9f446e909fef748966d8b80c9577a

SHA1
3d31fc1f9295b77af541668b0867755879d6a7da

SHA256
38d9c73a48615ece34e0f3a63509f336105f0b329214d3ac9854e7768f4754d1

SHA512
fad9c37f7901e2105d0b1fcc7cf263c5a65e64ee64406e841dd3f455dcac240991f86797d35e69a34dba5369f70023d1866085d5e928142f58a18d33fcc12c16

Download Submit
/data/data/com.mida.messagehelper/databases/ua.db-wal

Filesize
4KB

MD5
250ecbbd1503554d5be3b42bf08ef438

SHA1
ad1bcd6e92554e390911dbb1a8d7781b0364bd86

SHA256
7801e2e5a503a43feeb884efea4edacd52a5ecb3a9aa4632e4bbf10383eb2325

SHA512
8a985073543ceebe2172bd397709dc87ddba1a6b200b36069d206d4255f86113d038e023cc181fb1cc409143546b859bb519e6f8421b9e70f015fe12d603ebc9

Download Submit
/data/data/com.mida.messagehelper/files/.envelope/a==7.4.1&&1.4.2_1718244305593_envelope.log

Filesize
1KB

MD5
b6767363daba0fe68ec08984d0d75f14

SHA1
834b89d212d3c3a576eaee2e7604385f246f14a7

SHA256
47fee18f338c10864dea19dd6681e3411a0528d74bacfe34922d680941409981

SHA512
1f21881bd5806db19efe0b8392165646881e23c3095a9683fee532a1816be5afec02aee3183f3d8ac21b62b0321ef88f9026bec83f5e0159847876a54fd0f350

Download Submit
/data/data/com.mida.messagehelper/files/.envelope/i==1.2.0&&1.4.2_1718244302301_envelope.log

Filesize
2KB

MD5
66a60d440ca0a44421299103a7269b85

SHA1
ddb9e9c843109a88db35cd416d6ae10682222c0d

SHA256
ad5ff25d6af1633c0456f22b42032878b39c8e75e354897afbd9e0a37a47853e

SHA512
ccba159db9831b7025cce89dd0fcf5a3389e65a9368d155dedace4a61e56afcb16fdeb93c5ebd10c7f98eca696280dbf082c221f890cd2fe1243a528bbff1743

Download Submit
/data/data/com.mida.messagehelper/files/.jglogs/.jg.ac

Filesize
167B

MD5
86fd528d8acdb461fb5b5a2cb7d2df86

SHA1
d4d076ac787307a5f1478d94bc90802831f534a5

SHA256
6d4294e850e9a002e9207056923e5854a21c37d56de5a55c7f83db1b1e3f4bb2

SHA512
33caa48e196966e3ed95499b3acc683594b7519df2df43d2439c334ff90e68caf90c2f78dbceb55f6e67b46637633c262dd06d1972e8d28f5b2e4a6f3f73a109

Download Submit
/data/data/com.mida.messagehelper/files/.jglogs/.jg.ac

Filesize
40B

MD5
3b4ca5e2af0e9696d2550d5d287ba6e6

SHA1
42b6eaf5215b7e97669e13a79291a31273791bfd

SHA256
d1cf540d7702a2e96b35478530bd69aa01c4d20676fc10cb0ff502832b5f3048

SHA512
5be9224c854c0d1882285221569700d728c747d57871cb546367ae8bcba710e3863d3feac52ee820797d3e0069b420ca66d60e9e36323319f7b3dc0d802015dd

Download Submit
/data/data/com.mida.messagehelper/files/.jglogs/.jg.di

Filesize
32KB

MD5
b97e8906857874d0f8a3eff49eee620c

SHA1
d4036d1790e8f960f098391802b49371b4f3b230

SHA256
a727ed51e9645e98e0374a9dc01a2d347b1d941e97d4388ab303ed72e63876d4

SHA512
eb48693994dd9438ae7b9cb8ad27494c2fab0d012c6bb9ce7098b9fac64a96a44f655387edca4449728fe10f73b8edede22abe87515c71a946f3a05f590e9c3f

Download Submit
/data/data/com.mida.messagehelper/files/.jglogs/.jg.di

Filesize
340B

MD5
fff6278996ee5e74473af968b400bf25

SHA1
d3a59e6047b3ad26cd1dc510478fd9fd44abc005

SHA256
c2c8822e978ba7c0905ab7aed99b5c0dfc8abf446dd7d1ae8e924075145bb085

SHA512
eb9c7ff62a55ac574ccc00efbe04641b77aca08137ee9669b668c06e7629ea099f7a52588e2860a29aed04f56607ef40488967a4a76207a9059d23f1960a271c

Download Submit
/data/data/com.mida.messagehelper/files/.jglogs/.jg.ic

Filesize
40B

MD5
11eb329c688b45b26fd452236415c88e

SHA1
ec4291410b54e899d5e8688243ffb2d60996665f

SHA256
e16eb10ff95957c4cc483031fb95de85b49723882e9a56ae0b5c34e745311de8

SHA512
6fccf616d9c601005b178ee5d2e2350143b3755d4a6f3e0be99e2e1e189e09bbe07e8ef42908bdd7f5ece49d602ab8d87c49176fcf66c4312356575f4dcd1443

Download Submit
/data/data/com.mida.messagehelper/files/.jglogs/.jg.ri

Filesize
314B

MD5
803f73f3b3ba59814ee8ce50f63d4a9b

SHA1
9281b463c8bd6e20cd5fc8d00b93f43bef5a74cf

SHA256
e69634d8a9ec165c2b72370b3ccb68d2a547c2ba70e527abd5527fe37f5f83a6

SHA512
e8193b96b11e3009d03e3cb2e548926f41528bd5ef677f5140fbf360304e494591aab54eb83099e02ff78456c72bb8c8dbc3a5925ba025e32e09d6de7d8e1277

Download Submit
/data/data/com.mida.messagehelper/files/.jiagu.lock

Filesize
213B

MD5
001699482f1ae3962ba7f5aeeeb1f225

SHA1
318671308a7db17f029ab779528cb7a02f17fa7c

SHA256
8435ce23744fddbf624d187c149e284ece5c33b137de32f7c73e18c6bdd993fc

SHA512
05fb5bc022c2f9210e93a63615e54d845dd0fe22d90e29d9882a899a696ccdb3c7a28664b5095b7a6b30eead9a77af41b0efbc2f10a1b858799e70464a33f383

Download Submit
/data/data/com.mida.messagehelper/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f27d5904e9af317e49fee0bb8c7068d5

SHA1
1a838f89e9a3627baa6f6a3fb36c337d4efc7ffd

SHA256
bff0d7e3557acdb9dfb8bc0b2341a8f7492fc5c155dc12b77e3a7a50bd563363

SHA512
27052cf1f9d7c9bbf2eed4a5ea4b06ec532eebec0ef0dd40bbc18b8c997377e8ff1bd81b3cdf28eba8674f5b8ede785bcbadf29acd0b52f196fc028d998fc699

Download Submit
/data/data/com.mida.messagehelper/files/exid.dat

Filesize
56B

MD5
697af77aa5c818747c96dc973bec9591

SHA1
6cdd297ed45825fd6631ba58cd8a2b6176a72d53

SHA256
97ea09062fe2e20c9a3186a334ffa9891085687bdf0027ce6d858bdc725dcda0

SHA512
d9f39a82b05d03ac8308bf57456ce854ffb838809afcf75c71bad93a523cb5affeb7d9cb45db3d14251e45511deb503fb5da485895ba46658a9f11d0c4da47de

Download Submit
/data/data/com.mida.messagehelper/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjQ0Mjk4MDEx

Filesize
1KB

MD5
e6bfd9575d112c086b41d667c4b531be

SHA1
f21123686c16eaf7386a8a747828c8826127aaad

SHA256
f9d321320685c37a357a31913eddfae392bb1df645adf7305a7cc01eb4b4b476

SHA512
b6a49778f12ba2d637655f2c97174edf586f45068f436814b4a956e8f3c8fabec54776f87898c9bcc3cffa1a8e3159d2f6b40affdabc2f71cdd85be713b94f00

Download Submit
/data/data/com.mida.messagehelper/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MjQ0MzMzOTk1

Filesize
1KB

MD5
5e2c76d8498bf52c62b10167ef9a2b81

SHA1
58908fb9796e1ebef134c23684de960bab804083

SHA256
ba9322e27f58774b03ed2160d72e5ba04118ff925828cd2f32d419d8ae3b434d

SHA512
62f0313797e2c891f9c3725aa1922d70360b1ab68eb82bf5bad059dc10e84c15ed608dd96ab9ac19bca26aedda3d9549848a00cede64375bd17a43664eee6e3a

Download Submit
/data/data/com.mida.messagehelper/files/umeng_it.cache

Filesize
498B

MD5
a3a5a1221f09f1a9b2f97e58280d8212

SHA1
35cc9e69f9b92040db12615bb76b51ae5be66232

SHA256
7899cb7d660cdce7d4894fb2803ad52488e747ce16b59bcba0a57313c37b6355

SHA512
2b851a773133b9d20cb42a36d3688341f29d42648a7a1c464f27d17fdea7df99790f6e06359975e2f68a6bde4e23162627893878ba1804ca8e1038288b0b1ef6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
d22a2143a8c63395ce40e671c2bf89fe

SHA1
c33393efe3d27576bdc83007b732b0de257cccf7

SHA256
faf850edfd32f697cecccda2f0189f2a2caaf2672fe77b9840788edbc9ddf87e

SHA512
9f39221e6c8d1be2b4b177b7d5289e3142c741f7ad15e227d607e7ffa55f3dc49ade4136b794f3a60dc1af35d8eef2de92087961983516430b02598248b0336a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
c6876f6c68cae6541ff15278c91324a6

SHA1
32bdad3980dd3c3321c92b8e4973fae5b962d8ca

SHA256
90ec026a087a06f72fb148deadc8f97e9fcf056c3eac6bf8409cd05ac74f70a8

SHA512
87b7487c7b9b6ab82bf5a08c0adf687d388e9353f07032403d98e50154c6ef3185dc2c0b284c188b40c7ffbe3f9bdc038888cf7d3aa93bf9bab96bf24fa71090

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
8ea822177e044b2c3ce0f19c81781056

SHA1
0ef643752014739ed5eadb287401ca7c98a205a5

SHA256
1b7b14db0af9e1a792d3be816a121983a44feb047fb77d5abf5c6f8c3a07f6dc

SHA512
c90feaa7e55510298409ab1d509ba3b838afb961a39b0d42c7ab8ded9fd7b36f724d5e0fb289eb3cf38e486490b919073217fbe98ac0ba5a9bc085eb3fdb460b

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
87c79e5628af05167e8db387a6ae93e1

SHA1
5b8e3ef8d360f1f13db9aa19f30450298fd8e2ae

SHA256
9a1731820080d24981829f86c8da616bf2bc3b564e9000bd47b515494fd623fd

SHA512
254e5c9b9881777d7632ff5a13e17dd436d06e320ea797b9a53c0140a47752211fbd84d5e152fb7a091271443a175c8019120667ff20f61351730210ddeac42a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads