Malware Analysis Report

2024-09-09 16:12

Sample ID 240502-e4j4ssgh5v
Target 0d80fd995c8960f6caae96903fb04c12_JaffaCakes118
SHA256 85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76
Tags
banker discovery persistence irata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76

Threat Level: Known bad

The file 0d80fd995c8960f6caae96903fb04c12_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

banker discovery persistence irata

Irata family

Irata payload

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Looks up external IP address via web service

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-02 04:29

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-02 04:29

Reported

2024-05-02 04:32

Platform

android-x64-20240221-en

Max time kernel

47s

Max time network

164s

Command Line

com.rayhan.soft.kabab

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.rayhan.soft.kabab

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 wtfismyip.com udp
CA 198.27.70.99:443 wtfismyip.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp

Files

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 df99b0e628348e4b78d10ace05c6fdec
SHA1 199c8ba199cc0ebf477aeb4c716738dbdf2dac50
SHA256 e5c31c526271270a4fff7d8d586fc18254e95902e86472c8633e9f1ac74838bb
SHA512 076e5807d26ff8346573ab79c334c97789dff786ee40474a0e3c0927487147ca8d7939d30dcdaacafab5a71895505c12692ba8f06949838f1539ab5e45211081

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db

MD5 d32445201d618c005ee9bd26f92a69f0
SHA1 15d23734a270e18630500545d7ffacb4b12cdd1b
SHA256 55bf08d633b01deffc18c5426dd6ed203ec5857e2b6bed4c5de1d4252448bdd3
SHA512 5d0a07e4f49a0f16aaad0106c80083307c8cee51b0e3f2ef2e4fcb11112972def59037328b823ec50b0369e3da4a82bb2b184dc8798f9951c93c48c7b2cfe1ad

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 94deeda4dcb22fa8d3b6adb81f527219
SHA1 e12e8c19702ce9193b6447c4e8291f22602e2b1e
SHA256 27bbc8ef4071072855f4447528999ab014a79c5a27f1f5020ead66a958d78c44
SHA512 be850cfe71e3dc952dfcbd4cf66b6025eaccb53e2db64fba337291fdf80e82a6edc71165ebd14105c9088598c67a04a971f05accf45d7173fddb6cd5af5bd92a

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 91c197215b92e593aa12d01bdccdb24c
SHA1 722b09c1897064cd574ff40aca8c010dce04a21e
SHA256 8bb479e2e5888446cc0a5ccabd830aded4eedaacf32c1a9caa6003fcc4cb9cf4
SHA512 558d7a9530f9416f98832dd72e63aa5e8836d29b9f21ff8f5267c8f49ad50b40732c1a9fd4006e34b50226358e2ab17c947d90ad44c1d1627a09d3f8386262c3

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 12dba78efd7c03f60c352c41ff9bc51c
SHA1 ca15f0d34977422dc53bef3e1bb0f582e327ef94
SHA256 1a6e0862331ac07829e21aff20f3206edc58f4fc00742058f1b2615e45a3eb0b
SHA512 9821cbabafb887b51d990e54561e0535b1e914b2fa2bed375561a1e556a8d128975225fbf1fa5e1759106c5288d9bed06b6d5e200ae05bdc7582dcda5bdb9839

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 7590b958aa40f4f86a17fd88622e845c
SHA1 8f7b5f126bb384a04d33478b9b357124600f9ff6
SHA256 d1b3817da593c1a0680ce054aac48c2d74a3bb6ccf30ac4f5a1208fb30f75bc5
SHA512 6c8ed65be9b046833320a9e47514228170f58b0cd1c5cce15c17f4a83d62bcb53af3f435317565cd8e133c08e69f16bcb7151ca7f6a6efa1fc95d86a4724d4ad

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db

MD5 12fd13af37a95d22ae87c3768b2cc765
SHA1 42af721446425bafa078551e9d48125d9819c33f
SHA256 9f4681bd024597554aebe0a015c0a82d44c7228c24db17ff8cb4cb2e7f936375
SHA512 3636987eed56e86cefe31e39d2f934b833b2357c2e2762424e54485e41c60e749b15e3c2db63722ff00931342632799ffbb65a94ce6a3f1ee8d4b41e9dd0dc55

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 4b61fc3690869c436141424e79bb6507
SHA1 2b591fb2231c0072b9a8e22d4a739ff71f1f2da4
SHA256 f234fee1d2bcd33bf6f437a1c65fe4a807b8d7c17d8d66946c7c650a83c64434
SHA512 6e2e026eb5ce67c2fcf835e33420b488b0a49b424ede538ecdeb15c3de4a673b024912cbe64b26cc5c0d259124e59579189bcc5af68e4bdaffd41331e9b05129

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 36785a85bc1678488bc26e04b3a44b97
SHA1 62a98b02ba31aeecf0df31d7158b298f66798aa0
SHA256 a0a6235cbaf703cd97549eb7866d3d6848f7baf20cc10cc1d95fca516f1c6c84
SHA512 46c90cf54180c241d59a95481f123b20435903b489fe7de41a87b4d49137d5d5fd6a5e2635d87ed4256830732b775192e234b63d7c72ba80e6ae23914fc00e95

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 23b1d2eef343c67a7c533982befc8cb7
SHA1 532d6cd64e5b6695733f70295f7fdfece6ed224b
SHA256 5a7157c84c7a489b233ad4e6c3831b5e976b732781c5bc414de059a5a6121580
SHA512 61063ffc9aed6ddc43046c04aa8bbea283b3bc07d2c688fb8b1940719bc52f76d7d492824bf62a81c2da2857638691221680c81723c7067bfb6f8de9f71d2200

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 75c3ee0c42b583a59a25583b60c14f0f
SHA1 19966dfbb8ea9047767bd8ad4fcaa04d06fcc03e
SHA256 0bfbbed8e25611c3aafcd540421081fc66e8c8572c804a6cfcc469d6b864200c
SHA512 6b94539e85260894778595eea0cc1e1a03f9bfda3607f7a78e2641085f8d423b5d8f6b93bec53bd2548d4cfd0adaa2d6b67b7df14498efe0c2c3d80cc99c7667

/data/data/com.rayhan.soft.kabab/files/dbamam.db

MD5 1e26bff96297f548c471c202081c0bca
SHA1 215bed7383e107052fbe1498f1421c27e6fb2458
SHA256 781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2
SHA512 5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 1e593a5c58f5865ab0586a576043ae51
SHA1 8ec4b8aa8dac129e5151a416a2d3fdd0eeede390
SHA256 dca02b2195323bd5a6ae448c24ac6aa0f4ffd7cebf124423ee23b81f30a84f8c
SHA512 8e64e9b6d6879666c77a8af1aa1fda29626c1533c08ab2c232e3f1cc2d42a96df4e05bb896e7b14a8b619751c733478832d27a778518e2147fa0cde0c1d2eee1

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 babf3aa3b46255fdaeef369c1cd3262a
SHA1 4215f9b7c14748330b8deed4390f5c18803eb69b
SHA256 05bf4c624efa188219a9bdfce9f447f5372c95ed3affdd59d43362c52858cbc7
SHA512 82c73dc93bf7e64896f67fc90b35b0e6d44c0822678280b247b3bc7ca7ecb69e6c2e5674231ebc632997f4fd19302fb032ddf90b26c51ddbcefdc668feeaf16a

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 0bd3bafde47601764ecdcb80471d13db
SHA1 42577c057c1092b95d22efb583c2e7b69dfe1d85
SHA256 e1b29b5aede8e0d95aa0403d2bbabfe2c25e63a5934dadd763dc8d516aded28b
SHA512 b87eac88997d7cbf104f3470bd9b709654d61f890fcd8a9aba39ba3e0a97f9d733d7441979ec60233b99b1afb4d47df83226ee5bb28e6d78e49c1ba7b921fa2d

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-02 04:29

Reported

2024-05-02 04:32

Platform

android-x64-arm64-20240221-en

Max time kernel

37s

Max time network

146s

Command Line

com.rayhan.soft.kabab

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A

Processes

com.rayhan.soft.kabab

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 udp
GB 216.58.213.14:443 udp
GB 172.217.169.42:443 tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 wtfismyip.com udp
CA 198.27.70.99:443 wtfismyip.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 b1384930c0d3d4a4b2e469c7a0e89668
SHA1 aaba92378e4abe6bbcf14ba81154c61551fe117f
SHA256 19ecf9de645d2a18bfe6e58675d03e69fadd727631ab9e952e11139eec22c978
SHA512 7e18fde629f90cff0adc19671c1e463e58d23c571386db001c1b5eaa48b3610a5ffb378d2297a956a04aef69595fa5df23423a5e23f5b75c5d02ee588ba9eb60

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db

MD5 fc459fa4aad4fbea77bba555b6e28622
SHA1 ff730d791e764c1c4174f6fc7ede4a3a38e13481
SHA256 03e9e0caa90788f61b75d60a75deca21c479f1e1cd8e6e9297e468b147106500
SHA512 7523b953c64a767ae2a9ec76401be3601ee352511007dcb3ce55364d961ea086e0223fd5501bcfeee55806259e4f8a01b12c68d98686f8db39c281db4f8dee31

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 a20b8d4094282afe42d8d98f71227f68
SHA1 83a0111e4cc9c90f83bbe3131eab053eae0c13fc
SHA256 1901834240b2c2949cbfa71fb7ab36b15027105f8078dd604b06fc1dcb4df320
SHA512 2ff0fb85d703d8033cf081952a0b57d362690533ce8965583172ad2deb856796ab0e54a3019181b328d0e1c59637ba9df728e748cdc4d68c875169a66ff678e0

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 93d1b949aa04ede8b3c64ebef7fb8f61
SHA1 08f4a574e6997dd9f6579d01fb7bb97ed0112b2b
SHA256 79efec5fdd81ca6d6c33fcc2b8e31e989a1827daa26ee2b6bed6d2252c04f631
SHA512 8080d83e90508865591ecb35504b7b4206b619c0f08fe25d910a49ffcb3c3f847a39eb7e9260c1788acd0cb209b2551b9c930d6430cda6f266a782c77faed8f4

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 5719408b4d36746ac605639588eca0ac
SHA1 4a44951f0b4a0983abb704d6ea38e81d2de0ec06
SHA256 efd268415aab8672ee4645a60a3e6bfc8d29e25b8116b93b102f0c12b7fc700a
SHA512 157afe2a67353aeeda41e013f5982221f29a94e6a163ccb0df0f1d8d27c0df25aa571dda062c5bb1f248f09d845a3b18017f81e6c14f626422c2bc7f411e24c2

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 0c512c500a7f2235cfcda63c39e7c100
SHA1 ce1b239a76a458062b0bc4f2c3a641f2fa8fcf00
SHA256 f3b629a0f8bf1b6d7a623bb062a9fc48147e5da01e0a7ad71d3e19435d49b91f
SHA512 b799724fe715e2b58f9e28f89c6b6ead2840379323d138893706b34b07dd81179b3a56e44053e912753d98f3bd8e6647edd1aa93632268c10a1ad5f94eb10dbb

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db

MD5 4ec82b118eb765ea14ab55faaee0af59
SHA1 7151829a805b18331e9dfe24e9c925fb3fb151b9
SHA256 af03d420837c89f11d10d173807262a575f9541ebe733ef160de5ff044718412
SHA512 7380f1bfa3673b6428c3990dc60dc2071afebe2e1770af732751f4b630eb2e3a2dc761bd7977f04a78921d9a72c2ec5212ad61f045ddb3292123028e4aba5189

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 b6275743c2e97db0982845541956e852
SHA1 25eee0d1f42174f8af38904da98824ed3bcbfde6
SHA256 a16179d5063ebe06c8bf240d43b5789aae78e8d005ba4f5a666352961a9dd891
SHA512 8bb5d4fc52c59f62db024afa1f33f182668df988b8c591a892299fb6cb59c7664fa6757e0642f36bd694916a95c0926507882eb6cebbd53ea2f1fcc1f65c8a57

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 22c7aebd17a32bab99fb65fa9715ffb1
SHA1 267ccfa5e8690c9e5684addc3bb0e868962991db
SHA256 f9885b19754931b29b3171f0b5d8afab70d585348812ed06a4ed354e0f3afbed
SHA512 41287a95e3277dfbfbd111dce3b16c86b51ef11979063d2c0c8fcdcb3f252b1f6ded8bffb3d97cb044c68eabc9196b70b2adc146601344cfb19a06c98344bfde

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 dc4220d231d96fed27888adebe120acd
SHA1 b5386b6fab50c7dc106b7559d4d19f3903e59aee
SHA256 bc72a185f1d487dd1be73732e342f10e448a69e72a082cb605368d39877a3150
SHA512 8509d5d387664d26d83ff869ac3941c04a6ece55d5561b03cd8e4f51e63dd632d4a8b6493d168ceec9b6be51c0b202f53369397e741c4fae648e41d5de24758a

/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 edff1974c9e1f8cdcab6c6a0274655a9
SHA1 67f8f7f902d503df11ff96453ab5a105f3f6d197
SHA256 1fbf0d2b96b444977439830766a0e634fcabaa73348a30cbbb5c3e067722a2bd
SHA512 7462fa36389b635c5f731293d327ffca81c1484704c612e78725e492d6d08d22adece1ea2b08bac2fe5e630f0218dd7177295da33806a4f9e8a6032e0c77ddbe

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 3e7fa252d0cf5c61218e89e144c18ee9
SHA1 9d31f3306d784f78adfafeb336d1d11f2ba636b5
SHA256 bbfa06d54ea39d79705870706b5830dc7bf5d2829cf1f0f627dc97d55ccbc6a4
SHA512 32f9ef019f4bbfa32b5d695da98dce332804938932dea8f3e94ea267ed359b4a66a28bd3822b5dcf2305ed7ef192b34913446f28006f45847e062e8fb3377c43

/data/user/0/com.rayhan.soft.kabab/files/dbamam.db

MD5 1e26bff96297f548c471c202081c0bca
SHA1 215bed7383e107052fbe1498f1421c27e6fb2458
SHA256 781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2
SHA512 5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 43a626245a3abbf26b1082bfd0d54315
SHA1 0f6dbaf35fb3a8fed47dbab6c8041d65c316a192
SHA256 f2045c93a1ec2b8326f598c6eabee54ac5c2d9beace2b8db3f976ef7a91c7f7e
SHA512 09fe5cc8d66bb4ee5c85b70deb08bae5407578e18bb6f1ca9a27d16519c5d19ce470b65b99a4544e56b7d65def767af1402d461e1225c6be5322d7f4bbe5be9d

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 86413560889e33ef6e8adf3212bacd17
SHA1 c5db7f4fc9cf2eb03c18ea6f511d5c51fcb48955
SHA256 58b1316f81dab6cd02557fe11d28479f00d3a41c1a73ffd1b3eeb081b205237a
SHA512 3de091b4632155d7eda94d00637d34a2c7662b5535b903f9784fa970e916809908aae890b778241005751d1f09d6ef4a15fbfefd10a263a92b2bdeccb761d87e

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 04:29

Reported

2024-05-02 04:32

Platform

android-x86-arm-20240221-en

Max time kernel

39s

Max time network

131s

Command Line

com.rayhan.soft.kabab

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A wtfismyip.com N/A N/A
N/A wtfismyip.com N/A N/A

Processes

com.rayhan.soft.kabab

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 142.251.173.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 tcp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ykvfaumpm udp
US 1.1.1.1:53 clvimhsfiuiys udp
US 1.1.1.1:53 fmzlfxgnz udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 4.ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 ifcfg.me udp
US 1.1.1.1:53 wtfismyip.com udp
CA 198.27.70.99:443 wtfismyip.com tcp

Files

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

MD5 34d56eefdc4903b8be6e0eb8d0318572
SHA1 d6262692e3da057dd20b8a48e1043a4f14d16d6f
SHA256 380c5c2eed155e55823bce3a18178c94f26296f12132727865f864a42d91cb61
SHA512 0a4f72db268a9963ee97f62ed2a58f75bc80147a45b132fcb24db3eb7f764bbe22b1d9af767c2ba7d6762a175a3d211f3ff15d1cfbd6ff03a4d8b76f28aa916f

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-wal

MD5 8b2bbe1f05ae959e246b86d31c4c2864
SHA1 ce85ec89d1319059ab0212fd0f00ebe745ca301e
SHA256 3ad2d6c5999e2de191b3ddd09724c393333b87c0a5e174fabdb26819c8edfef2
SHA512 925b4b93377aaa66e5a6b3142758e9b0c2f589706d44068c0292ec1b24bb340548fe8e5370fc6fa25a3aba4423bc62a17ceb4cba14243a05e23a8f08f4e82813

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

MD5 322fbc7cf15600b2cac753a97bc684ce
SHA1 1ba0259a5e95642d045337766e27407d8a79a8df
SHA256 f5e241621c78a47ac4bd4cc0feaa27aca2289fa2555968df29a6a0f2a69ac11f
SHA512 34609683ae926743a8c212b2a18681d40a1fb759e5f5b7774fc356ad2ad70769538131c7896183607666ab7cf0f13583dc5dd41b6423e67d75ab20852d5ca2ed

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-wal

MD5 6f9291b0ca9d6315b56a88c1572a5f53
SHA1 e54ea488481964780baab75e62e0cad6bfddd632
SHA256 f4ca09149e2d73d3fc3bb339b91c99f0c765a07f87f281d5d95543472cc5a9c6
SHA512 884db1402bfae34b258f5746ee8c2e87b8f339da914f9de07e91b80c627860584ba2b37f3beb44a251f9d24a452f628620a41dc39de2dc08b200647be2b588ba

/data/data/com.rayhan.soft.kabab/files/dbamam.db

MD5 1e26bff96297f548c471c202081c0bca
SHA1 215bed7383e107052fbe1498f1421c27e6fb2458
SHA256 781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2
SHA512 5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8

/data/data/com.rayhan.soft.kabab/files/dbamam.db-journal

MD5 5df4324b9e1eed4b37e31df35df44a69
SHA1 beb0ca4edb68a3d19d6dd6b821bd2a39658cf1bd
SHA256 5cf74b22f83d045ae30d91cd1523f71daf581099f93b4573a1a5e78ed9e0d41e
SHA512 0a2d0a9b31becc7358c32b6460da7befc8e572915e911cd5c81190edaf84cfe6152e7aa2e9541a291eca0c94aa987462d161c24664f28128948e36ae94bab7c1

/data/data/com.rayhan.soft.kabab/files/dbamam.db

MD5 a027046ed6487ce5e27f4c5d4ca93ca8
SHA1 dba1aed9c5f7d52fa50c7ecc85475faba2cc0153
SHA256 45abfb10d83507caf47f5f5345e95ccb999f123d7de881293ced98704feee5c4
SHA512 71c9132779cdce24c63b6fa6d5fdd2b383833f9387d39ae19f4d13d31a10ca2892d04f8a61516f226346ac9da1de166f6ebaa0c6fd396bcfcbd575849e53f8fc