00815e7fbff0ca3e338352ca30c458ffb579c846035288cc1107d9607abddeae

Analysis

max time kernel
115s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24-07-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69ea1427e416cd21fa894a1cf168dbeb_JaffaCakes118.apk
Size

11.9MB
MD5

69ea1427e416cd21fa894a1cf168dbeb
SHA1

ac9c49648753b91a68cdd28cae927f12637a7f1d
SHA256

00815e7fbff0ca3e338352ca30c458ffb579c846035288cc1107d9607abddeae
SHA512

b3ba3dc86a344b0cf56e0f01a2bf88a94329641b753639d864548d19409c351a26fd44281ff31d30fcb2806dff3aadb6782dcb9157d906dd94d2012c237dae7a
SSDEEP

196608:JkXhnBBO5muBELxKIDmXm68sOUZ/TRVUbzwUbF2lQ+6NQVUbzwUbF2lQ+6JH:qBYAuMgXmiOUZ/TM3lFVNL3lFVZ

Score

7^/10

banker collection discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lanmai.toomao
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lanmai.toomao:emchatservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lanmai.toomao:deamontemservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lanmai.toomao:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lanmai.toomao:deamontemservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.lanmai.toomao
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.lanmai.toomao:remote

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.lanmai.toomao:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lanmai.toomao

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
16	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lanmai.toomao
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lanmai.toomao:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lanmai.toomao
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lanmai.toomao:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lanmai.toomao

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lanmai.toomao
Framework service call	android.app.IActivityManager.registerReceiver	com.lanmai.toomao:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lanmai.toomao

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lanmai.toomao

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lanmai.toomao

com.lanmai.toomao
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4265

com.lanmai.toomao:emchatservice
1⤵
- Queries information about running processes on the device
PID:4411

com.lanmai.toomao:deamontemservice
1⤵
- Queries information about running processes on the device
PID:4436

com.lanmai.toomao:remote
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4489

sh -c am startservice --user 0 -a deamon_service
1⤵
PID:4714

/system/bin/sh /system/bin/am startservice --user 0 -a deamon_service
1⤵
PID:4714
- cmd activity startservice --user 0 -a deamon_service
  2⤵
  PID:4750

com.lanmai.toomao:deamontemservice
1⤵
- Queries information about running processes on the device
PID:4884

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lanmai.toomao/databases/lanmai.db

Filesize
48KB

MD5
4092c3f0729b4b20c913625d1c88d376

SHA1
b8fa7758b449ebb2ea03da4d22ce3823015eb986

SHA256
89f3039c9a9122043626a6141921cc9a4dda0713ee8a096cbfeebc83c8fb5a5c

SHA512
e7f5d5b9d464b598561317aad57b38fe52b169f4c23a8e2c9eddd13880480d18e45b2526828ef9454dd7d6a86f2831d7542e4d37d93d5288bf5e270d92a523fd

Download Submit
/data/data/com.lanmai.toomao/databases/lanmai.db-journal

Filesize
32KB

MD5
0d2a772b18001a90beeb1064bf085dfa

SHA1
9fa5750f1942455acc17f3b01e9e72928f7054d6

SHA256
8195804b3ffb3b9d9e30a16a7fcbdeef7844fb747f637eee9e94c0b03df1106a

SHA512
f088d1634f4ad5d0c2272b4e645f3155b318bd83a762fa7d1ad69f56fd33c085e099b6abe0a273876977106d3a7fac68f57b8699be7012c872004f6b47538d56

Download Submit
/data/data/com.lanmai.toomao/databases/lanmai.db-shm

Filesize
32KB

MD5
c3284a10f833bd06ecafc525fd8c05f5

SHA1
3ffe3c9ba8ef3ed99184746768cd6a8812045488

SHA256
e5f20a91723a9b4ffc44c5f86f72ecd2be748e83f5ef42a8dad00a535706ae1a

SHA512
e3991762c9369fb364c8ee284a4b5ebb3b24cbbd8fc40d82ebf07ce4e5ebc248f9eb25f7848928d3966b994fcdd33d834dd7373c472383ba6689640b398e77d6

Download Submit
/data/data/com.lanmai.toomao/databases/lanmai.db-wal

Filesize
56KB

MD5
ab6f3766ca144b05f52c4cd923a917e9

SHA1
28c9a38ba4446ac8aecdf284b63118607d14d216

SHA256
6f0ac3679289ceefff5a66e7583a07118c30f854d069afd17fb445b658053093

SHA512
ee866a254e791c6790e5692f9fc543c25cd556fd002838ee77ce162df720ad1d1d0f22e496fb4fa368bdd4fcde11b3f980262e61898efab25af9606649a49b7a

Download Submit
/data/data/com.lanmai.toomao/databases/mechat.db

Filesize
28KB

MD5
962636ecf9ed2400e9588626892349f3

SHA1
d8bb628b9a872e9c609452ae2a50c26f76aa3923

SHA256
a58701fa7c020a028c7f16fcbe1c8ff639f9b8f5454f3f09a1364b2e5621fc8a

SHA512
7e7c99e10cb4b6f3e887cc8a7e142df7e60f8e77f8f09919b238c828b9ebfa233bad0aa8ca660e0aa35b42bea3fe0d7fb2762efe72b501bdccb7de03bbf6f78c

Download Submit
/data/data/com.lanmai.toomao/databases/mechat.db

Filesize
32KB

MD5
25d563166788cd44f0c5295c4cae79c8

SHA1
e7e019e74ed0abe0aa4f11a680149eaa58de23ce

SHA256
abea6757dcddc4a1ec23733f1c6ee7b8a184a34d75cbe0b416f47c56cfe83356

SHA512
5e025dde176161bdf0419ba55fe940296c50cb6da34d3265e2e85c0a9daa03ba47626226f5e9322c781b8ff87515ff57222ab6f8217ed3a6cdb63831e9086181

Download Submit
/data/data/com.lanmai.toomao/databases/mechat.db-journal

Filesize
512B

MD5
675e3fdde8ab9ff99bd269e9a3e28b2a

SHA1
44c24c77ae6dd38eb5850bc034dbe162834be04d

SHA256
31073d5666868d9bf41cb5cdc44f7b1fca9000819ce7e38f97dc6b02e30dd71b

SHA512
8550988fc1729be0d18f1eb94fa599ea15a876000948292162ef260f9eec3dce63d75dcfd19352ea8106db64d82f4400352ae9b85e18075ca1a0d139bf9c02fd

Download Submit
/data/data/com.lanmai.toomao/databases/mechat.db-shm

Filesize
32KB

MD5
267442d1eff3a5b1a76ea51f715a01d6

SHA1
71fea0037c4203c32d1cadad5f7e7d3c35e55ff9

SHA256
3cb8bf46ec9ffc599c47a98b15f1bb3def367f6973f82badf6f14e06daef3405

SHA512
8fe0d7a4fa41b019e98c71024f89fa4da4bae85fad75aa40d52dbbdcc89464db865c2ad485d4fc10f3ed9f49887279d3c06db76858618062d8c0be02b84d4e2e

Download Submit
/data/data/com.lanmai.toomao/databases/mechat.db-wal

Filesize
48KB

MD5
e4e98b6f2478265ab3ee406ab468defc

SHA1
6fa4ca18ae97712795f873d44bc76451474e482a

SHA256
786d539d1de237c4ef46de1e469e19b72ea728549b4010260d1b62911e0bf568

SHA512
3581a072365d8fdb76ee1ee8074ba07b5d77e0c54daccaa5b84f60358e85f6fdd96d697a21acb7203dd52133c69e48a9827ea6c6a403950bbdfa357a3e7bea11

Download Submit
/data/data/com.lanmai.toomao/databases/mechat.db-wal

Filesize
12KB

MD5
bddc6b5a5e002ae9ef40b722e167a179

SHA1
01ad628b9018e651354df2a9be248987bdc24cfe

SHA256
9cf89d19feaba90fa3ab32d455df15ad75fa6b412aefd476847f1d21c584e0d0

SHA512
b54e1faef7db497178f5023992369fcb8cbfaf487f2beb0d442b8854da02a223c9fc47fb470805f43d4d54d876d4849d3c7ab1fe3cf2739549425cb3ae03c819

Download Submit
/data/data/com.lanmai.toomao/databases/rep.db

Filesize
156KB

MD5
3ba22e5c7d612adad0f9f5dd000f9e49

SHA1
2ff7db7ff379bccd675703f6e0041098b7f49c4b

SHA256
0630faee5511da836839692566f26e03338ccdb7313d88bbb56195d124f5d41b

SHA512
8c4d65a87fb67a01446958ad8f704f4ec3667e696812e92d009c45c8f6c1e16a70ff31ee376cd31144523a1157ea1b340b65ab48fa04d036bb64892e1e2d66fd

Download Submit
/data/data/com.lanmai.toomao/databases/rep.db-journal

Filesize
32KB

MD5
8cadde977b6e99431190ce77d93e38bc

SHA1
f08033beed2320f30684cfecce0d72d1ccd8f979

SHA256
272943f2a1ef2b4e3ff922ca32596dcd3c2fd2434a0702e86667ccd160ea968d

SHA512
5d273346433e976a904c9179e28df74ca610a0c5159be76535589375d03a95dc76dd30636e768ba4ce16abbd4d687b040f01bf9a2134bc716ce2d6eee3e41710

Download Submit
/data/data/com.lanmai.toomao/databases/rep.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lanmai.toomao/databases/rep.db-wal

Filesize
36KB

MD5
5077388034e6568dd33fa7778def191b

SHA1
7d14cb377d43766069ef94b72840bb6472b3bb0f

SHA256
e39b4721911418006e1f2a9263b7b9f25061234a24696a3ac92e0bc9526c66fb

SHA512
19a1df5a7e2fdf1fbf286c2697f812f841044e7719c5357a1d32355cc05a1aeb8bcd67a73aff6d7c9b5bf01614f7998bc788ee4c1b71a2fb6e852b58591f42c7

Download Submit
/data/data/com.lanmai.toomao/files/umeng_it.cache

Filesize
310B

MD5
e1e54d6a928f6070540a176a03b1eeed

SHA1
c68b4b1a5292f330acefbe4aef43594a1942a774

SHA256
4657141545c029543b8f23a6d8f2b0a065799418fff95511f08f9217445ceaed

SHA512
779d73d21a881b6bd0ffb840502c48417d41d42654b83dd062fef1d225434becc63562d3ef2be69eff8b70bf5726857ef3c17215b7d78ca1a7c48b513a9d3ed4

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/cache/uil-images/journal.tmp

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/conlts.dat

Filesize
136KB

MD5
55946aeaee65cbaadff2253e04513529

SHA1
fef8d39bac12cba26014ceb73eac3559357ef56a

SHA256
6c5e43715e40ad772436bcbcfbaa5a26ee9a46870fb282e3de2c0a658b664643

SHA512
cb0581972118f074c16e808ea4aec32845bb76946e5881ff7c9095b4dfff0dc288a65e038feddfee78f7e2d294a0fc87d716a8d7429f687bd6087abda53b292d

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/llg.dat

Filesize
168KB

MD5
b8028eb02d6d8521b3eb31a57da31c53

SHA1
0dfc385e4279169023669c02757a5cbcb802408f

SHA256
b456d8ba91d85b7153d7aa4506819e2f655824d393a95a42cad8405747c78ca1

SHA512
03c91728bd0c8203bbe026d32e69e493abe9de3b70b0fa4cc5fc055975e71896b109cb4455bfd6f7056bbc4aea02764a2385bf1883458bdb6dedfacee730e3c0

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
cfdeeed21abc6de2f34ad8eb06b6f24f

SHA1
0b4bbb52019e850fbdb0fa20e492a22cb80e7b61

SHA256
026d620637a5209859b7a67f0bdeccec763ac37f259de7a517e7b726fb254e23

SHA512
b2000d5f6e6d947780c658053e2024bc466e3ac17f48274d1e0176d7eae11d91cb1834dad5c375176733984dde2b158c5b236a28ac374e00d969ddc158bd3b72

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/llg.dat

Filesize
6KB

MD5
25b56ee53cd8a1b5c4fe87c2057b4a04

SHA1
db3d9e49ec783278f902f1442040ae022099c2e8

SHA256
71087f3f2b294389d3c3beb68ec6fcedd00264c7529b8ef8423ee51568e4cfc0

SHA512
e1b4a5b7ca998d0255b5d8cc6cee508782722fbbbfb59dfa7b92c72aba34351fea3509297d449289b0e6031e4adecbc5b02876ff178ff70380fb60b22ef7545c

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/yoh.dat

Filesize
512B

MD5
2c3d638d842ef1c3caa8faed4f61e5f7

SHA1
e7531e938d1c67661dd1343ab9b3532908484b74

SHA256
aefa32cfa11fb30b8b02007b6a21e8e9233b6616b906dd4dbd3161d6d0da3ef5

SHA512
71b03ae60484a53ab77ce96225193bd5a82ecc64dd257df8a8e2d7b638b3d90ab589ee897d9c88c426db56af5c452d334fe12fa433cfc205f11861d5590e8438

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/yoh.dat

Filesize
32KB

MD5
82a820ff864228a0eca67b3cefc2d5b4

SHA1
94a2b3ede7f0bf583d2051b0ad89d81d56393b94

SHA256
a258e80b6c4a734c29c8506eb220c81a7b7b1d4b850dbc1259355144eabf7f44

SHA512
ccdab9851337cc4508c2f9fb797e2bb069338f2f369c1f75dcf319e82f0eeecbe058972cd6614d04b2ceb4b3203179a63935c9523142760fc9913ff6fb544e46

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/yoh.dat

Filesize
20B

MD5
441018525208457705bf09a8ee3c1093

SHA1
6768033e216468247bd031a0a2d9876d79818f8f

SHA256
de47c9b27eb8d300dbb5f2c353e632c393262cf06340c4fa7f1b40c4cbd36f90

SHA512
d296b892b3a7964bd0cc882fc7c0be948b6bbd8eb1eff8c13942fcaabf1f38772dd56ba4d8ecd0b626ff5cef1cd045a1b0a76910396f3c7430b215a85950e9c3

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/yom.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/files/baidu/tempdata/yom.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/lanmal#toomao/log/20240724/000.html

Filesize
172B

MD5
c1f8b4754b09730a2a131d66e5d6f6ad

SHA1
5c92e12a4bfc4cebb254bae9acce0bc8356af834

SHA256
981da63df32988078d17634bda3eb07f1a423d52e2fe1de72c4bb971f24b4066

SHA512
70d649f035d2e73da564cbb6d040c03854519d2eeb6be932e8a5a0678c4a1e1ee7c28bbea576b41e88cfdca954229f4927de239ab82143265ab2fd49d28eca44

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/lanmal#toomao/log/20240724/000.html

Filesize
96B

MD5
bea8ddd3ae21040d46638d0afa3196d0

SHA1
02486ad78d21085b66df781d738ba694517a5c1c

SHA256
6e0eede50ece01741190b181fcd11c7c9ed5f807199d41a85720a9ce10e3d2c6

SHA512
43fe951607b2f0f47939143c95b83ac368927698366bcda39849790410ce3f7c6333b2b9c4a57384b1738c0ba9b6ecf3201b303992d0e4ad13633f51b48c51d4

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/lanmal#toomao/log/20240724/000.html

Filesize
82B

MD5
daf779decf67b2893820084f3e926f0f

SHA1
7140c12803fe1834232da6549f242ba8154206d2

SHA256
82b9f35d65b69538afff8f806cda7fac12deb4b5c2ade376ed27a04522e3b594

SHA512
2ae307ad0d83ebde2647385d434a85b092bf92c02226171ead05ae96d320d4a8e5ab6283ee79a482f746a135ac105ce4d16a898e2bf5551b0f4dc21a3e62ce7f

Download Submit
/storage/emulated/0/Android/data/com.lanmai.toomao/lanmal#toomao/log/20240724/000.html

Filesize
512B

MD5
00c13ad591e311d63786eb76a3f95ac2

SHA1
0d12a056c3f54e3587ec95ed50438b009868d062

SHA256
068ce65f848fa1600f799e62d6b31af0442f457bed4002654a52f94547ef437f

SHA512
0aac9738bf320d26e11d50ea626d4148818f8da5107f4f686e23d889bf29e2925bb66623c60b7b3b921dbac9e5434f118252e071c7bb2dde0de9b17b33f07cf3

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
d2cddfdd4e524accbe94078f31cfdce9

SHA1
94f61f7c9c9ffcd3a9d6dae587c394337c1b1f31

SHA256
f64f5b7dbfed24b013e64404daa21daa2058ff0d3935a44f3090f79dbd3b74aa

SHA512
7a80ecfaa3f323ea74a0f1560d2faa01672a7bedef2312d0588089752cf65c917e842e5f0514bc42ab620ce2ecd186a663737b5ae6e542c75f9e29c729e75fb4

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
591B

MD5
d729f42679974b6596ad504b99870c7a

SHA1
e385880c5fbcd72d9b0610191e847db08a1007c0

SHA256
caf95ab36fa77637c251f8daa421f8946842307f65c175b07cd25cc1a9c605c2

SHA512
94f80c09a12a73aa9c1acf879271fd26276bb46a5ec0895308921acff94634ad83ed6c399a4317a8488289a70e1c9d197acb09025a98693f2fabc1834638c902

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
1bf1b2605ef177971bff35388db5453a

SHA1
f239f0e76f8c53f7a33e3e356c5fc6cebcdefc00

SHA256
a85b9ce23a44dfab40118b4eff522aa64ba1cf1f814067eb2263d6c95dc1f824

SHA512
dc4d0075aadb145b3f065f99b8194521fad63df45294ad8ed54ccd12a80738ed1e3e6f32e270f2b5cb562714bdc0be482a396b7f5d7f7e2600c6e5980e6ffe6c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
7326e270490b9c870cab165c000c8de0

SHA1
5c2805856387bfa24612f5588364c7de7a18a5af

SHA256
b7aced332ece4bb2c39391e3aec83b89472d4cd3e9e24a92ffeb3d64aaf09421

SHA512
9320976a8780d09616e9065092dcf10ae58eef6036bac353200d1d80e0ecfa1b32e0e32ca82d226129dcb3ff0eaf0b97e631dcab913a623d5ad8272e6232b765

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
b0ec499b5d782bc49a0c9845e9dbee7b

SHA1
c9e46d4501af2c7e3fd9f51de0b6da2fe450fcca

SHA256
bef6b16cb6f19e36ec0b32091674f2973e8b1c9efeea3e3bec2228a67d1ba03b

SHA512
e2b70f6c0a9e6cb48f01aeaae96ac7d01200df953fe73578f2816f497798f209dfa297319a7c38de873d8c21882af3f0f5945e8bd0da959fbc589b810c2a3d8d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads