Malware Analysis Report

2024-09-09 19:09

Sample ID 240513-nkqxnsdc38
Target 3f40f4c863620c384c3cb91ac54dce03_JaffaCakes118
SHA256 d2ff920982d4a0d1383f96fc60283fcb93bdd32679bed970361684ed22e3502f
Tags
discovery banker evasion impact persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d2ff920982d4a0d1383f96fc60283fcb93bdd32679bed970361684ed22e3502f

Threat Level: Likely malicious

The file 3f40f4c863620c384c3cb91ac54dce03_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery banker evasion impact persistence privilege_escalation

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Tries to add a device administrator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Checks CPU information

Reads information about phone network operator.

Declares broadcast receivers with permission to handle system events

Checks if the internet connection is available

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-13 11:27

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x64-20240506-en

Max time kernel

5s

Max time network

131s

Command Line

com.change.unlock:client

Signatures

N/A

Processes

com.change.unlock:client

com.change.unlock

com.change.unlock:push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cmt.sharesdk.cn udp
US 1.1.1.1:53 fb.umeng.com udp
US 1.1.1.1:53 www.uichange.com udp
US 1.1.1.1:53 uichange.com udp
US 1.1.1.1:53 uichange.com udp
US 1.1.1.1:53 api2.sharesdk.cn udp
US 1.1.1.1:53 www.uichange.com udp
US 1.1.1.1:53 www.uichange.com udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 adash.m.taobao.com udp
US 1.1.1.1:53 utop.umengcloud.com udp
US 47.246.137.207:80 adash.m.taobao.com tcp
CN 115.227.43.65:5566 api2.sharesdk.cn tcp
US 1.1.1.1:53 www.uichange.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
US 47.246.137.207:80 adash.m.taobao.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
CN 140.205.163.73:80 utop.umengcloud.com tcp
GB 216.58.212.206:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
US 47.246.137.207:80 adash.m.taobao.com tcp
GB 142.250.187.206:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x64-20240506-en

Max time kernel

13s

Max time network

134s

Command Line

com.change.onekeylock

Signatures

N/A

Processes

com.change.onekeylock

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 172.217.169.78:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:27

Platform

android-x64-arm64-20240506-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x86-arm-20240506-en

Max time kernel

8s

Max time network

130s

Command Line

com.tpad.change.unlock.content.chen2wei3ting2

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Processes

com.tpad.change.unlock.content.chen2wei3ting2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/CHANGEUnlock/config/fm.txt

MD5 84e5596443427f53efca4e1d48972f33
SHA1 27e60396742b4d4cf711c3ef51677e5e418bb97d
SHA256 336afdcc558fc46614f1e04b46d874530fd478a495bc4de9e86c935c89f676ce
SHA512 85641402fdb6929544095eaf21f20be66f38147a4610361c45584adb0e1d8de7c0bd68a7803f4b7e7e389a6c61ce95901cb0938692f723e9ec0bf72174898201

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏.ux

MD5 380a1e5fc3d653b947d0f71dbfb1ca84
SHA1 1fecbada65963feb4c397cde1d609434032b593c
SHA256 1b2e40cdd96abdd6edfb90123abc4ecbfaf65d37798289516a9d57ef90dc2098
SHA512 dc1f9781d9d1fd83aaeef67e89f36cba72a6a081a99353fe9c12d7c8aabbad58d2a16f808db9b722dfa5b8c889667d8f879af48c9d798e01b318897952f18d05

/storage/emulated/0/CHANGEUnlock/config/con_list.xml

MD5 badb8c0b2a9c85e35c2763874dd0630f
SHA1 75fe81a19d3ad17f6ab2964d43bc61899cae98aa
SHA256 9e7c085af326f21c3ce5dfb0b01325baa4b7c8b1542dcda9517000721f61be64
SHA512 bb18a72530b12865526a3cb46a16b5cc65cf4b52129eb52ef2bd0a25e4f2420e479eb49ffb2120332c6571db6b80cf4b2c91e8a267e0f3bdc4b8eca1f4344c46

/storage/emulated/0/CHANGEUnlock/config/current.xml

MD5 e58518d5f35f616367972f482cdf061f
SHA1 6d45d3cc69ac761f7c2b6ab32ff90072567f2d3c
SHA256 a20c018846301333a09de0ce24ef14d9b60a503cc706648609d5197c17984b0d
SHA512 835ccc988445033eb01f97c1c45e25552ef61b3d214f82ec04192c3cf49e3a61cfc02e856611036881d822a2df6a73ba1edc16828292de1f46160db79b504f66

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏/image/陈伟霆主题锁屏.jpg

MD5 e05f003c3e5818deda13da40da682529
SHA1 7fef23337d73291f173f046b0a3004bae044d998
SHA256 3cab53ff3cdbcbd309ee719a1114a599fc4617f9c8e5484ddc28cc2de4d64d9b
SHA512 6e18b27047ecea215398c614c85611b077562192f30758a6e87cc6ede764d2869d00634cf6ecd0da2c1a6f0f43ce93b8185b6bab92c9b9d8a0c81e28eb7c0983

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏/wallpaper/wallpaper1.jpg

MD5 56720b8009bc61cd5f147f1cbc5d1a0f
SHA1 afd58eb887452ddacf09f30a56c43ff0239189c3
SHA256 0d8b528581fb568ffba91bc8ad6cbdba5e4dfeff51f83a77b0599bb245709711
SHA512 77abbdc635cfd2c82b377fc08aa2048ae505ff2f5a30f968c5728306fb8e4046d43cb4ea901c15167a284b1240ed14e98e501443036719a8d3dccf15b93a0602

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_1

MD5 aaacb3159bde206d11825e4556ac56ab
SHA1 6f5b1b0f52d3217f6b02b6234166b044d246e3cf
SHA256 d7b5a13f5ac131cd80b97f47b9ef3f22c60b2998bfe117efeda9fb141e448803
SHA512 3614cfa1cce34eb70b557d68d0dfbe5493f3bf766fbd22bd9fc931b58c63a68bea4f43b21a39d0d6ff90a1f8fbcc402994d34dc00ab8371666f63cc80a3533fa

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_4

MD5 52a4fee6a8a58f02c1947a69e21c4e92
SHA1 0a099b00eeee3251606047a40b2c9f7bc1614341
SHA256 11111cc9f3462b925840027f3d81c14bcaa3bce38f128edcdb02a0a218c415e9
SHA512 5c150abcbd9f4ae822221717e3c01626023bd1dfed5c49ee2505ec13af18086b974dcba8ac9e386ad34b2b509742ac4af0fcd411f4cd5e1137da28c40548f7a0

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_2

MD5 74083acdf28339c22e2a95ca4881bc40
SHA1 7d1714e8d4bacf7bdec5138529607178e2b7b97c
SHA256 e476a83af9fbafc1dd8dc5f85102675bd99eb135539a1868a250a39200bf0fc3
SHA512 4e179e36259a574772c56ac98328c24883f6923f26b72b1a4c20b60fa54145e6f2226cca773ee91c0e91f8bf45dc659e5e14d8dfb1937a2e594d493f3a8d20f1

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_3

MD5 149843285f3ee7bec9ee02d29b6197a2
SHA1 364d659852a96cef64430687636443a0f1036b78
SHA256 f9ebc47a2fea461174d8c47af12152ec2348df0054c2d45d37f405665d4f1a2b
SHA512 2c9001fc20e657db35606317d775caa006c3204fd31f8410cabb0a9a7f1ed895561d9e3402ef6c8e2c75c09d5ebda6c641dbe699a60ba321eebc2d5d0f2dba54

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_5

MD5 22bb3bbedf62256124768687981c52e3
SHA1 bee2c98e2ca295081c811f30f8ff3f9e2e1a5376
SHA256 3220daf74376fdfc50066cb03e63230a065322d567cf822cf3a862fb8fbfee8f
SHA512 05653291884148d495b733aa2cce0ff075a0d9a06053f7cc1c6945cf8783fbb82b0127d396ea89a4a5fdb3b8718bc2f9885f4626160ceb60def8efa92abba45a

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk

MD5 cf4a71b23490b5a3000f552284d70ce0
SHA1 58622f609c40eff3d21fb14e702fb0e00cb99243
SHA256 28129b642b40a53fc20f0b2d748af8856e05d6245c8f8334dbdb390915e38e06
SHA512 5f106ac172095d2545b6e082ae0515bc4b72475e0992227eac3f77bd40ebb7e3bfb0dcbf977caf93901cf83ba2d7899f898150bcb6a7b557e4baa051eb0f7a22

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x64-20240506-en

Max time kernel

9s

Max time network

146s

Command Line

com.tpad.change.unlock.content.chen2wei3ting2

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Processes

com.tpad.change.unlock.content.chen2wei3ting2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.187.206:443 tcp

Files

/storage/emulated/0/CHANGEUnlock/config/fm.txt

MD5 84e5596443427f53efca4e1d48972f33
SHA1 27e60396742b4d4cf711c3ef51677e5e418bb97d
SHA256 336afdcc558fc46614f1e04b46d874530fd478a495bc4de9e86c935c89f676ce
SHA512 85641402fdb6929544095eaf21f20be66f38147a4610361c45584adb0e1d8de7c0bd68a7803f4b7e7e389a6c61ce95901cb0938692f723e9ec0bf72174898201

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏.ux

MD5 380a1e5fc3d653b947d0f71dbfb1ca84
SHA1 1fecbada65963feb4c397cde1d609434032b593c
SHA256 1b2e40cdd96abdd6edfb90123abc4ecbfaf65d37798289516a9d57ef90dc2098
SHA512 dc1f9781d9d1fd83aaeef67e89f36cba72a6a081a99353fe9c12d7c8aabbad58d2a16f808db9b722dfa5b8c889667d8f879af48c9d798e01b318897952f18d05

/storage/emulated/0/CHANGEUnlock/config/con_list.xml

MD5 badb8c0b2a9c85e35c2763874dd0630f
SHA1 75fe81a19d3ad17f6ab2964d43bc61899cae98aa
SHA256 9e7c085af326f21c3ce5dfb0b01325baa4b7c8b1542dcda9517000721f61be64
SHA512 bb18a72530b12865526a3cb46a16b5cc65cf4b52129eb52ef2bd0a25e4f2420e479eb49ffb2120332c6571db6b80cf4b2c91e8a267e0f3bdc4b8eca1f4344c46

/storage/emulated/0/CHANGEUnlock/config/current.xml

MD5 e58518d5f35f616367972f482cdf061f
SHA1 6d45d3cc69ac761f7c2b6ab32ff90072567f2d3c
SHA256 a20c018846301333a09de0ce24ef14d9b60a503cc706648609d5197c17984b0d
SHA512 835ccc988445033eb01f97c1c45e25552ef61b3d214f82ec04192c3cf49e3a61cfc02e856611036881d822a2df6a73ba1edc16828292de1f46160db79b504f66

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏/image/陈伟霆主题锁屏.jpg

MD5 e05f003c3e5818deda13da40da682529
SHA1 7fef23337d73291f173f046b0a3004bae044d998
SHA256 3cab53ff3cdbcbd309ee719a1114a599fc4617f9c8e5484ddc28cc2de4d64d9b
SHA512 6e18b27047ecea215398c614c85611b077562192f30758a6e87cc6ede764d2869d00634cf6ecd0da2c1a6f0f43ce93b8185b6bab92c9b9d8a0c81e28eb7c0983

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏/wallpaper/wallpaper1.jpg

MD5 56720b8009bc61cd5f147f1cbc5d1a0f
SHA1 afd58eb887452ddacf09f30a56c43ff0239189c3
SHA256 0d8b528581fb568ffba91bc8ad6cbdba5e4dfeff51f83a77b0599bb245709711
SHA512 77abbdc635cfd2c82b377fc08aa2048ae505ff2f5a30f968c5728306fb8e4046d43cb4ea901c15167a284b1240ed14e98e501443036719a8d3dccf15b93a0602

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_1

MD5 aaacb3159bde206d11825e4556ac56ab
SHA1 6f5b1b0f52d3217f6b02b6234166b044d246e3cf
SHA256 d7b5a13f5ac131cd80b97f47b9ef3f22c60b2998bfe117efeda9fb141e448803
SHA512 3614cfa1cce34eb70b557d68d0dfbe5493f3bf766fbd22bd9fc931b58c63a68bea4f43b21a39d0d6ff90a1f8fbcc402994d34dc00ab8371666f63cc80a3533fa

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_4

MD5 52a4fee6a8a58f02c1947a69e21c4e92
SHA1 0a099b00eeee3251606047a40b2c9f7bc1614341
SHA256 11111cc9f3462b925840027f3d81c14bcaa3bce38f128edcdb02a0a218c415e9
SHA512 5c150abcbd9f4ae822221717e3c01626023bd1dfed5c49ee2505ec13af18086b974dcba8ac9e386ad34b2b509742ac4af0fcd411f4cd5e1137da28c40548f7a0

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_5

MD5 22bb3bbedf62256124768687981c52e3
SHA1 bee2c98e2ca295081c811f30f8ff3f9e2e1a5376
SHA256 3220daf74376fdfc50066cb03e63230a065322d567cf822cf3a862fb8fbfee8f
SHA512 05653291884148d495b733aa2cce0ff075a0d9a06053f7cc1c6945cf8783fbb82b0127d396ea89a4a5fdb3b8718bc2f9885f4626160ceb60def8efa92abba45a

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_3

MD5 149843285f3ee7bec9ee02d29b6197a2
SHA1 364d659852a96cef64430687636443a0f1036b78
SHA256 f9ebc47a2fea461174d8c47af12152ec2348df0054c2d45d37f405665d4f1a2b
SHA512 2c9001fc20e657db35606317d775caa006c3204fd31f8410cabb0a9a7f1ed895561d9e3402ef6c8e2c75c09d5ebda6c641dbe699a60ba321eebc2d5d0f2dba54

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_2

MD5 74083acdf28339c22e2a95ca4881bc40
SHA1 7d1714e8d4bacf7bdec5138529607178e2b7b97c
SHA256 e476a83af9fbafc1dd8dc5f85102675bd99eb135539a1868a250a39200bf0fc3
SHA512 4e179e36259a574772c56ac98328c24883f6923f26b72b1a4c20b60fa54145e6f2226cca773ee91c0e91f8bf45dc659e5e14d8dfb1937a2e594d493f3a8d20f1

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk

MD5 cf4a71b23490b5a3000f552284d70ce0
SHA1 58622f609c40eff3d21fb14e702fb0e00cb99243
SHA256 28129b642b40a53fc20f0b2d748af8856e05d6245c8f8334dbdb390915e38e06
SHA512 5f106ac172095d2545b6e082ae0515bc4b72475e0992227eac3f77bd40ebb7e3bfb0dcbf977caf93901cf83ba2d7899f898150bcb6a7b557e4baa051eb0f7a22

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x86-arm-20240506-en

Max time kernel

134s

Max time network

130s

Command Line

com.change.unlock:client

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.change.unlock:client

com.change.unlock

com.change.unlock:push

Network

Country Destination Domain Proto
GB 172.217.169.35:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 fb.umeng.com udp
US 1.1.1.1:53 cmt.sharesdk.cn udp
US 1.1.1.1:53 adash.m.taobao.com udp
US 1.1.1.1:53 uichange.com udp
US 1.1.1.1:53 www.uichange.com udp
US 1.1.1.1:53 www.uichange.com udp
US 47.246.137.207:80 adash.m.taobao.com tcp
US 1.1.1.1:53 utop.umengcloud.com udp
CN 140.205.163.73:80 utop.umengcloud.com tcp
US 1.1.1.1:53 api2.sharesdk.cn udp
US 1.1.1.1:53 uichange.com udp
US 1.1.1.1:53 www.uichange.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.uichange.com udp
US 47.246.137.207:80 adash.m.taobao.com tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 140.205.163.73:80 utop.umengcloud.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
US 47.246.137.207:80 adash.m.taobao.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 0a8dacb9c500e541aed5e4c8ccde8957
SHA1 4f89dcee5b703b6ceaad6af281f31477e7614fe2
SHA256 dbc92ff60de48be00422a3d17180d351fda675bc85b41548c07f88147d35d580
SHA512 e880b1a11e63fc783ff5f09f42cad2dfd8dd320fc675b757aa95a0a4b5e565b057de43220b04d8451c4a3d9314de2dc06d98f85a3815961839907110f7195aeb

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9a72220393d2784db2e9bceb3ebe138b
SHA1 cba4982dd8a00b10a98efa27db196db87671c877
SHA256 1955c68d12cc30095bd038fa77e1c629bd8bbc561668833dd9f4ab037a358296
SHA512 4365eac4166a0d10f169c1a2d649ac5e8d439315d690bf2a8ba9df100fa0f254b932ff67fc18b7d182a318d62b5bf38e91b2b07caa946d41867fd0b691fa55a8

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b7140ee7596ff3c8853670b26b965a2f
SHA1 26ff40bfc724c633dc5e15bb92bdd0abb7965baf
SHA256 e7d21341c094a3136688b588170bdbeb3bb12597e9928f881ff519f5ec7140e9
SHA512 b8f5fca1add089c4df2b3588e7adf517046827d19f30e3b10db2d6216f5a661624e561fdf366bbd6c79b4a32b71102cd11cdd91d7408c69bbf1614b2ae8d0932

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 90268eb997c0228cb7e83948aad5ff08
SHA1 d94e47f017a462d1b9192b4fd5fd72681400fa4f
SHA256 7c7b6332be2427e3580da71487b236c0546221625b9e406e37eb979e291ceeef
SHA512 d3f4a0af2891401ff8796116d5c44ff94e53ca60d0407100b7ab99043dbe21fc06ff9c088ce8d933a34bd629872c9a9c8c712b44b4f7d856d3407404de9bb226

/data/data/com.change.unlock/databases/tpad_funlocker.db-journal

MD5 1c289479257810a6b3ec65f3ffa67d0a
SHA1 4ce819177ea8aa5c348cc072a3e027e46026c265
SHA256 0647f7501abf0002d3281420f1eca20563a6b298249526ae73a099860ba24fe2
SHA512 8290428f2f49ae972517a87b6517210b41b17b1fb1f21b07bb04fbbc52f37c6838fcfc22a6f1082000bc159a2e7aa554eaa1b1c901b661e0823eb42a02a30fa2

/data/data/com.change.unlock/databases/tpad_funlocker.db

MD5 80068c22f3d0bde62161e5a282e3fcaa
SHA1 0a5d13909ce7e01e2998282f04b75247abd96b27
SHA256 0f3b58ee9a21fc52840e380fbbd129f71ac30a4efd571cec9514e0258da8f3ab
SHA512 8f714149b870635ff0947ec2225d1433cab636b63c9eb539c1551036ccc5c91e13607170410460d2e120872db90f3c8dea9f756830a04a8439d5f41da3f8580c

/data/data/com.change.unlock/databases/tpad_funlocker.db-shm

MD5 d8b66cad516d5fa7312a973e8b269286
SHA1 dde1efd80d573b97bca5eda6dec860d9a6075964
SHA256 bb286805cf636b2117f802c92a9314842bfdb6e0de204fb55b0513084400dbf3
SHA512 978e23c047e45e763e1f74abadd648d1cbac9a20e24558b1af4cfc7b5a3a58d4e220d7e80b9126258fadf3c9d545cca76d74af99252b0b97cf4a086ad9e570d3

/data/data/com.change.unlock/databases/tpad_funlocker.db-wal

MD5 db8684b65bcd0bee5b197a5886640755
SHA1 879073be4bcd65d8a9b950ae69991fd483538892
SHA256 f8f5b073a9983c09273de0ebc146fab4f4e30dddcf1e855bb8600f3039beef5d
SHA512 31dfd08c3bf598f5de835eaa476071d0fcb9992db9ab8d7f7dd684836cddcafa8393f9373886ed3d5c5bf5a0c8cd3704ace11c0b9dc4b405a24394419fc22419

/data/data/com.change.unlock/databases/tpad_funlocker.db-wal

MD5 8ae9c7d1ae18b63867e8d67137020230
SHA1 67c261dd51278fc6baef4b0c73f981b92da30848
SHA256 e0d4901c96da215e9120edec4dc3d54e4ac1ef84502796ee99110a2e6ac1eded
SHA512 dec8e7180bb7b549cd87b75f2ee1a5e7809c24c82ee32d4c3d33799ea40ba0ac62167497fa6f993ee75906bf557043aac00f90fafcf6c25106896a0f784da6be

/data/data/com.change.unlock/databases/tpad_funlocker.db

MD5 3dadf8a5ae25c6324aa8c14430639d14
SHA1 528c098d7c87c03709d1857bcf0d97a75c339113
SHA256 95c8e5ddb34aad35974a3a3feef5487bbc25c3c88ff5f02ea84e4f1b323bf185
SHA512 609375f17ef37e1e046e62951b7044fd0c62bb671a4ce447a663c71c52b117e04cac5241663bc670bce6d78471dbd9cd2dd4fa41138471f4b2b07ea652cefd5e

/data/data/com.change.unlock/databases/tpad_funlocker.db-wal

MD5 bad2db8b0be060947911ad70c91d75b0
SHA1 9d64a18e1e9792aa53fca16c37eda8cdc54a983d
SHA256 9fbd3a46fc42b8caa4a95927dbf4df2a3bb4066d054f90c3c4964e2132c6e521
SHA512 85916309d912e7a1947362b22cb2ac2446d1a3f3cfbf0308cb52e79732ece5e890f520caf4796d3d88ab662f983c5c69073ce38c08558cc81b65a74a05c8c527

/data/data/com.change.unlock/databases/tpad_funlocker.db

MD5 b571b80423bd619e6f36c62e7121612c
SHA1 cce0f8b65f01122c1cacdbe9d359808838be05fb
SHA256 23f1a87c612a77b67887fb3917ec9e30caa46e57a4312d80a5388165a8b9f076
SHA512 b0ea13f53c38bb0fdcea4088a400c03c820fb090ba7e36ecde9b65ef180197b89ae4082daa1ee955c699d8130797581ee27d0b2a1fbe2ae433905bb54a687d28

/storage/emulated/0/CHANGEUnlock/crash-2024-05-13-11-28-08-1715599688084.log

MD5 13109c07ab79d9673b7aebe339e96d16
SHA1 c408ea919bfa8e2e1d9ebcd79e1f7be00ac496d0
SHA256 9149408de75407d2a1a88eeec94dc830a982a3d0bde629356d48f07cd672e300
SHA512 89cb2dd03460a9f24989e8eb9687c3560a246cd2ee97430d726fe4566bc5be1779d9776da67a88029cd23b87937897b38dfb821a6f6dab01d749bc22298d09cd

/data/data/com.change.unlock/databases/tpad_funlocker.db-wal

MD5 33b613afa2a37de9dad4f16e58d8d7c8
SHA1 c146451867577e2d157471c2ca1db04aec23b294
SHA256 2140e8f2472fd18fefe15fc35ed8dc8809916f65e60f3269b6ad69450213939e
SHA512 4dae4d4882588cab51fc5eca65b2a59f0b920c16897a40f36d19c1514fc246b25ca1a76b956e42f4fe1b08879c6422741069713f1691e92ffee7bb284f87467c

/data/data/com.change.unlock/databases/tpad_funlocker.db

MD5 292dca938278454c8e5d8d938a77f578
SHA1 e791484000797c8512697c3a76b91dfd0168c79e
SHA256 db983e7e3da745112bb772f51192fc4544c0c3ff3c4bd6bbbe404d5a1189efb2
SHA512 7d4e6346e22b6d95174596734c77c60e0628055cd58df1969704bcddb570bf45642add61fa77ee7b363038c77e904742245bf3533ad6f7acaed6bb0fa88625d0

/data/data/com.change.unlock/databases/tpad_funlocker.db-wal

MD5 b9aed6c602a18f886b4ca0b347c72a6c
SHA1 7d9748bae9d3b031d0e9ac323d49a1a98448ef69
SHA256 019f619499f2b1b5f726cf90a0e0bec1b80c81e2a5df1e0d06c8e540bc258150
SHA512 564e30678789840bd4fbdde1224181439f211644512c8b60712ab8f66f5e368df1e29e6010dc2f3cbf564ec2250e3add71c915900f355779463510daabcad572

/data/data/com.change.unlock/databases/tpad_funlocker.db

MD5 000bf0f6025a153c0fa6219d21c1cd03
SHA1 6ebaba2dc9133ed132c29a4838ad02c8ebf5a7b0
SHA256 fb0cf2a76581fecc1ea4028dee4736b0f036f974070803d793064881c1afde62
SHA512 267cbe2d8f699421827890aaf55a0021ec5bdc89b0c88ac8e3d69a0f6d78cacdfccc875896b4de1e9f245e5f75ded910c944de21cc7b82d7fee92839af8ea309

/storage/emulated/0/ShareSDK/.dk

MD5 0e47c1be0b733a432de67ef0d754111b
SHA1 f03015e8cc5f33595317524f3f4430fde67d27f8
SHA256 2b5559663f0f3c0c3f3578c51cfd2275b35f0dba36327f25f31449130ca67e30
SHA512 897598217231461d80cf7d0e49d081d43b7f835312fe6c8ccb4f2c6914ddb6aa12c99c8579f358529e0196bd6383984bc3ed4c23e42aeee90eb29e351d048d88

/data/data/com.change.unlock/databases/tpad_funlocker.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x86-arm-20240506-en

Max time kernel

13s

Max time network

132s

Command Line

com.change.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.change.onekeylock

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:30

Platform

android-x64-arm64-20240506-en

Max time kernel

14s

Max time network

160s

Command Line

com.change.onekeylock

Signatures

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.change.onekeylock

Network

Country Destination Domain Proto
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.180.6:443 tcp
GB 216.58.204.66:443 tcp
GB 216.58.204.66:443 tcp
GB 216.58.204.78:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:27

Platform

android-x86-arm-20240506-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:27

Platform

android-x64-20240506-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-13 11:27

Reported

2024-05-13 11:31

Platform

android-x64-arm64-20240506-en

Max time kernel

8s

Max time network

132s

Command Line

com.tpad.change.unlock.content.chen2wei3ting2

Signatures

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Processes

com.tpad.change.unlock.content.chen2wei3ting2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/storage/emulated/0/CHANGEUnlock/config/fm.txt

MD5 84e5596443427f53efca4e1d48972f33
SHA1 27e60396742b4d4cf711c3ef51677e5e418bb97d
SHA256 336afdcc558fc46614f1e04b46d874530fd478a495bc4de9e86c935c89f676ce
SHA512 85641402fdb6929544095eaf21f20be66f38147a4610361c45584adb0e1d8de7c0bd68a7803f4b7e7e389a6c61ce95901cb0938692f723e9ec0bf72174898201

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏.ux

MD5 380a1e5fc3d653b947d0f71dbfb1ca84
SHA1 1fecbada65963feb4c397cde1d609434032b593c
SHA256 1b2e40cdd96abdd6edfb90123abc4ecbfaf65d37798289516a9d57ef90dc2098
SHA512 dc1f9781d9d1fd83aaeef67e89f36cba72a6a081a99353fe9c12d7c8aabbad58d2a16f808db9b722dfa5b8c889667d8f879af48c9d798e01b318897952f18d05

/storage/emulated/0/CHANGEUnlock/config/con_list.xml

MD5 badb8c0b2a9c85e35c2763874dd0630f
SHA1 75fe81a19d3ad17f6ab2964d43bc61899cae98aa
SHA256 9e7c085af326f21c3ce5dfb0b01325baa4b7c8b1542dcda9517000721f61be64
SHA512 bb18a72530b12865526a3cb46a16b5cc65cf4b52129eb52ef2bd0a25e4f2420e479eb49ffb2120332c6571db6b80cf4b2c91e8a267e0f3bdc4b8eca1f4344c46

/storage/emulated/0/CHANGEUnlock/config/current.xml

MD5 e58518d5f35f616367972f482cdf061f
SHA1 6d45d3cc69ac761f7c2b6ab32ff90072567f2d3c
SHA256 a20c018846301333a09de0ce24ef14d9b60a503cc706648609d5197c17984b0d
SHA512 835ccc988445033eb01f97c1c45e25552ef61b3d214f82ec04192c3cf49e3a61cfc02e856611036881d822a2df6a73ba1edc16828292de1f46160db79b504f66

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏/image/陈伟霆主题锁屏.jpg

MD5 e05f003c3e5818deda13da40da682529
SHA1 7fef23337d73291f173f046b0a3004bae044d998
SHA256 3cab53ff3cdbcbd309ee719a1114a599fc4617f9c8e5484ddc28cc2de4d64d9b
SHA512 6e18b27047ecea215398c614c85611b077562192f30758a6e87cc6ede764d2869d00634cf6ecd0da2c1a6f0f43ce93b8185b6bab92c9b9d8a0c81e28eb7c0983

/storage/emulated/0/CHANGEUnlock/content/陈伟霆主题锁屏/wallpaper/wallpaper1.jpg

MD5 56720b8009bc61cd5f147f1cbc5d1a0f
SHA1 afd58eb887452ddacf09f30a56c43ff0239189c3
SHA256 0d8b528581fb568ffba91bc8ad6cbdba5e4dfeff51f83a77b0599bb245709711
SHA512 77abbdc635cfd2c82b377fc08aa2048ae505ff2f5a30f968c5728306fb8e4046d43cb4ea901c15167a284b1240ed14e98e501443036719a8d3dccf15b93a0602

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_4

MD5 52a4fee6a8a58f02c1947a69e21c4e92
SHA1 0a099b00eeee3251606047a40b2c9f7bc1614341
SHA256 11111cc9f3462b925840027f3d81c14bcaa3bce38f128edcdb02a0a218c415e9
SHA512 5c150abcbd9f4ae822221717e3c01626023bd1dfed5c49ee2505ec13af18086b974dcba8ac9e386ad34b2b509742ac4af0fcd411f4cd5e1137da28c40548f7a0

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_1

MD5 aaacb3159bde206d11825e4556ac56ab
SHA1 6f5b1b0f52d3217f6b02b6234166b044d246e3cf
SHA256 d7b5a13f5ac131cd80b97f47b9ef3f22c60b2998bfe117efeda9fb141e448803
SHA512 3614cfa1cce34eb70b557d68d0dfbe5493f3bf766fbd22bd9fc931b58c63a68bea4f43b21a39d0d6ff90a1f8fbcc402994d34dc00ab8371666f63cc80a3533fa

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_2

MD5 74083acdf28339c22e2a95ca4881bc40
SHA1 7d1714e8d4bacf7bdec5138529607178e2b7b97c
SHA256 e476a83af9fbafc1dd8dc5f85102675bd99eb135539a1868a250a39200bf0fc3
SHA512 4e179e36259a574772c56ac98328c24883f6923f26b72b1a4c20b60fa54145e6f2226cca773ee91c0e91f8bf45dc659e5e14d8dfb1937a2e594d493f3a8d20f1

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_5

MD5 22bb3bbedf62256124768687981c52e3
SHA1 bee2c98e2ca295081c811f30f8ff3f9e2e1a5376
SHA256 3220daf74376fdfc50066cb03e63230a065322d567cf822cf3a862fb8fbfee8f
SHA512 05653291884148d495b733aa2cce0ff075a0d9a06053f7cc1c6945cf8783fbb82b0127d396ea89a4a5fdb3b8718bc2f9885f4626160ceb60def8efa92abba45a

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk_3

MD5 149843285f3ee7bec9ee02d29b6197a2
SHA1 364d659852a96cef64430687636443a0f1036b78
SHA256 f9ebc47a2fea461174d8c47af12152ec2348df0054c2d45d37f405665d4f1a2b
SHA512 2c9001fc20e657db35606317d775caa006c3204fd31f8410cabb0a9a7f1ed895561d9e3402ef6c8e2c75c09d5ebda6c641dbe699a60ba321eebc2d5d0f2dba54

/storage/emulated/0/CHANGEUnlock/FUNlocker.apk

MD5 cf4a71b23490b5a3000f552284d70ce0
SHA1 58622f609c40eff3d21fb14e702fb0e00cb99243
SHA256 28129b642b40a53fc20f0b2d748af8856e05d6245c8f8334dbdb390915e38e06
SHA512 5f106ac172095d2545b6e082ae0515bc4b72475e0992227eac3f77bd40ebb7e3bfb0dcbf977caf93901cf83ba2d7899f898150bcb6a7b557e4baa051eb0f7a22