Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-t26bksgf56
Target 506e85b313fb0d877dd04da828eb4cf8_JaffaCakes118
SHA256 caa17050e6a5557edfebbf8305e905cfb4230f2dbb80dd861824f2e2d76f8b11
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

caa17050e6a5557edfebbf8305e905cfb4230f2dbb80dd861824f2e2d76f8b11

Threat Level: Likely malicious

The file 506e85b313fb0d877dd04da828eb4cf8_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Checks CPU information

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Checks if the internet connection is available

Listens for changes in the sensor environment (might be used to detect emulation)

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 16:34

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 16:34

Reported

2024-05-17 16:37

Platform

android-x64-20240514-en

Max time kernel

10s

Max time network

130s

Command Line

com.bdtl.weplus

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /apex/com.android.runtime/javalib/core-oj.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bdtl.weplus

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
US 1.1.1.1:53 api.leancloud.cn udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 47.102.52.8:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
US 1.1.1.1:53 develop.wx.imiaodou.com udp
US 1.1.1.1:53 t.growingio.com udp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 106.75.70.154:443 t.growingio.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
US 1.1.1.1:53 router.g0.push.leancloud.cn udp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.68:443 plbslog.umeng.com tcp
US 1.1.1.1:53 tags.growingio.com udp
CN 106.75.109.179:443 tags.growingio.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
US 1.1.1.1:53 www.pgyer.com udp
CN 203.107.44.30:443 www.pgyer.com tcp
CN 203.107.44.30:443 www.pgyer.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.15.83.67:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.213.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 1b61e38686a784be7439e62d36ccde8e
SHA1 83fddfda04bc5db2ed9806dd4e3b720d28d4a4dc
SHA256 6fe13552f87518b8f92ce8a0dbb9bc02cc29b5997087ab578a585e138f47c954
SHA512 983e4842b815c13c4a17ef93028bcea44f570222cead5bd45bd1570eda8692c364a1e169081beb708039d78fe4b826966ea81a4f87e63d1dd47159f52a23fea2

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 19a4bb5a75f97837c3b6ccb4a18fd62a
SHA1 36d60e7ac29837db9c0847cae3878c329a524e71
SHA256 fee213cdb080015a149078a3aaeb60b01a8999ad49a8695bf29a9b07592289b4
SHA512 e8da7e1c0cc79364ab039590936c654e8abf8bc76701de856201c79c75ca5eff360bacdb318572332c6ee6d452407aaa9c58e550fbf3a7f4060b70e424d1076c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 5da4fa5e41e12f06f1a820b8f984e04d
SHA1 74ec13a53e66b32f041da6848bbd0d3ddb296a76
SHA256 410242757fb1451177ec7f2723cb7499f81ad4bdee873d7aaf8a14d7d5ace55c
SHA512 cf78dfda3a4f35a4e2d55d9b4704c157919909ceb680c3234fd0247193d82e36e2de90ef49b182212ced2a8933147e386d327e46ac6babd2022c6d7265713875

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142BeginSession.cls_temp

MD5 509944babaeb74570dbec09ef6f84a8b
SHA1 f4fbb9769adead94ff655a8c0687aa062d1e390c
SHA256 2efab637e91cb630e91fd4b58de923d8c7aee6a4fbe3c06282387202b69d79e0
SHA512 e92b1e787f8897649a0844e4a1899a8bb315e94f906094ce739d3f322b52d4d91063af9f677201a0b1ca1129c96fa6157d8fff88ff44d72d00db8dcaf3e5338e

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionApp.cls_temp

MD5 58781225e2979ad97935ab7d68bd7ffa
SHA1 e25057ff26eb12d6c3a37868e4dca7794a9a3256
SHA256 3ff5c9b21b4a0ddac58a87568af5edbeabcf65126f088dfdb29d6c87b504d528
SHA512 77528de986c76f7a45a9612fd3c060882f5ecef2ad9bf930f97fb3e4a19b7fd27ec1f9c07cc2926f20974a461193b7a772e524fa6ced53e919de652d846be7c1

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 28def7f6e7fcfc50a44a5c2c7e06d43f
SHA1 3029964076c2a15349202d1fcff32dd6fbd08df8
SHA256 51b10d7c905180c02f746017967108902e99112724e73c9f4d6ddd69676d831f
SHA512 06456d44593d32b512e27d9671a8b0e7c4cfe51d0427daccd0ec50055bb3f75d5a9ed26e10572fcc8ad5a6dd4c64cf4050d2954fee17ef524049595970e51759

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 77b8f6add35c3aeaaf2b8683d99673a6
SHA1 b38590f29c97d6e7b0a6bc226a0445de9eb1317f
SHA256 24973d2eb4fedb5d6b00b210911d5a4fc7c2f6525372980db09bc48c14be5174
SHA512 a7b215ea773911422614d9aed0b70672427e212c7f8152e76ecbf3b40d9807f5d7b37e87822145090dc862af9694bf4f2a4363f5e56c0177f5505fa6e5f8881c

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_170d4b2c-4c2e-4a52-936c-8eb02a4b3e42_1715963670944.tap

MD5 b166d5882e6ab5f07c6c46c4509398e2
SHA1 d69b5819ef77da447d284f0fbb19f0ebafab4b32
SHA256 d4763d543d6ade6b7505f7512a66f4801dea92533db718173e2d1a5abff6a593
SHA512 c24330fccb0d7e228be2ba8eb0d69d1c72616c6ed2bf1fb06ecdb7cdfce484355c7796ad69ac87e450e48a1a2275b5f08aa3dbce4be6edd0a699b7b45c8b0f48

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionDevice.cls_temp

MD5 7c68943e93443b3cfe947ba19e44a054
SHA1 470d054144c83dafe48f5521fc34dfd99b173723
SHA256 65c59f10b489b4254a5a1d5a96d376761683f8d351de282ae59f6aafb48067b2
SHA512 d76d812d8f9095dbb98f66de3389dab6bdc815060123ad6cb13c6132cccb251f39430dee14fbadf949c8b0c74215a73660d46fa658dbbeb2f912a3567dafe4dc

/data/data/com.bdtl.weplus/databases/growing.db-journal

MD5 b0a13eeb7d4f6f39b895cc0aaddaf50e
SHA1 a7556ab90ab78e113d89d4bc840f48f7a2f7edb8
SHA256 21a31bbf79ea6f097be6ba1ebad4450e7c4acc14583bd585275be4aa280e5a4d
SHA512 946bff13a090567d1a7b6e707a2ae7683acb0e7c3e93bc841beda5f8fc77567f4847f825023b42c3ed5954843418841a870b529984070147c509a057ab9a00a7

/data/data/com.bdtl.weplus/databases/growing.db

MD5 df6b4905107307759ceb28f3995bdd7b
SHA1 c869910800160c806df7720afa099010bcce4342
SHA256 7c60d5bfed504f755f1733d0122d5412e43aba79cfd933d8bffa7e4bda43d1c1
SHA512 b7c5ccb8a74aad0e386b10b20304e690dbca7197a8ec71d0ca9db9a9e3b94e6889cc8cf26ca4799d74435fa1e4a573349076bf68253b28aa600ea92f243dce93

/data/data/com.bdtl.weplus/databases/growing.db-journal

MD5 82a2c8d249a13f87789470c77e438e4c
SHA1 a8c114f4b597555474b080ea94437931634ea86b
SHA256 d599fa4eecea1e3995650a9407ac01203e828a6ab2763b5b9dbf662047acaff4
SHA512 bb6f4ed95a76a6d7008bc0ce0dab52512db48394b6db0b6d001e5897d52786d0b9663137df5ea595c5a14061ee037beffc548550b9470dd63b24f96b91dfcaeb

/data/data/com.bdtl.weplus/databases/growing.db-journal

MD5 361f21530b2ed55905294aa4dd81ca7f
SHA1 5bdb999e046a0f040b9397fd1b6cbbda8cd0ba15
SHA256 4dccae2c3d12d15f9a95155a6f876c83b72147b4619065011af1c07a0a72be27
SHA512 bf03eee57c32787e0e3a715266ed7488e83d102fc78ea543f80617bc3e5e44f2de1e68356b399ebe09337d55607d59b250e9af45603aeccb1619207dbeb6fc95

/data/data/com.bdtl.weplus/files/installation

MD5 56a673921e8dc9375303b5918cb16158
SHA1 0d1111c558e274d3429b72e9159bb6e8bfbf4d1e
SHA256 68b8537c342fa1dd1aa8773275f96477be0fe5ff82716f956c170e0ae2287ab1
SHA512 baf40b6c2c942345d18617f184410ca62c0b0244b675aa203088946c77b5315d10355952605fbc9dbf87563dab676484aa281362ca7471296325ebc59275f034

/data/data/com.bdtl.weplus/cache/CommandCache/e1978f5f3c01d60930138d24afdcef2c

MD5 fd624ae8dd84be9f6b818e756ce70d52
SHA1 ada996d4272bdc748759322524f3ea086c47ef7e
SHA256 247a93bb11239d6842d4d371976d846e52d2e64a015a9bd658d9bc42705f5b44
SHA512 260ba1a77d7883e60a2cb68484c974038ff47e60ca589a16722033f5d6b423487e67cc8b53f93fd9ed73c94ec7ce2a15bb12c0b30a17b18baba5d70eda77c94e

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 194bca6278a1df7a517c4cc2fef0225f
SHA1 cccec300d0a011580f4d69518e0a55a103992a3d
SHA256 3838fb934c6a1fbe16c7e59ce6f9ac4e4650a6f1d62b09cc2b69391f02912256
SHA512 9663a0eddcff4c5c6abce5e2461f78de6588d6da7feb18246f9b9617fa717b57f6eff787294c5851e741311fceda1f6551cf727012c1006cb6e499652c83f2d1

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 71e9cbc44f7aba03743f62fdcaaa658b
SHA1 e8d2c8b1765b2605327e2e4af6508e93b139b511
SHA256 234856f8f8d2f6d646b9744b35dbaaf07ab80693134f9dd86a8bd87b4b039686
SHA512 0fab10a4b43f25efda4e5f7fe20cce0e17e34eead1d7146142ecc51abeed1ddbe5ecc5c3b2b15d166309e731e3a30e109b20390177fa3f82f759337c586ebceb

/storage/emulated/0/Android/data/leancloud/dontpanic.cp

MD5 a78c3fa5324fac4f1514d081e1740abe
SHA1 935d66367d2d03cd1eed90f2b793e3f3ac03f592
SHA256 9a862e3a91d9692e7f78bf957c9ed963ebe111a6c434c92082fad8ad676d50da
SHA512 cf58d0aef5873e26f0ce8b72a95e81f3d356e93779b96b1834837adff66316076df3d20bb0e77e9bd0f71fcb41dcd434cf19852c9722e654fe7841de0885ff7b

/data/data/com.bdtl.weplus/files/umeng_it.cache

MD5 7256d567c2fdbe444694861bb77ab98a
SHA1 5618c17237517ba76962881f908ffeb7de92dcf4
SHA256 77f145887d6797482f7fa27b38836888536e2b94ec67a4e3458840f6fcf6c889
SHA512 191d5b9ec46973913edf5395f8be4f1646d6d626a2812ae5b79647432ca486a9abb39023680ba857255f76f34edd5e4eb1ec0c234119a078822ffbd830a61a88

/data/data/com.bdtl.weplus/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTYzNjcyNjUz

MD5 89e7997172b3ebf7420432a99d247d69
SHA1 23632816f514e94beb2f1ffcaf7b999ab1b79385
SHA256 eaaa035d64e4d89fa5187c052f91b5341d93af8e201d085eafdcf9775c886ae9
SHA512 616f7a79df50c2569cbb582ed06714c96d193e985d568cbaf6653bb82ac9d8a74317972894c496fa56034c4268d234eb2486f262cdc64e5c7153b2a75af86970

/data/data/com.bdtl.weplus/databases/growing.db-journal

MD5 1dc6a8cd22b26f6ba91eb66fdf0c0ba8
SHA1 706a2df9f77c74712c5916d930756e63105115a7
SHA256 5679721b3d74a7d8dbfc2cba6cd729a85ea7f1efb3601c5672c3603a45abafba
SHA512 5345edbb2daba6152aa69a6d8c645f38c428aba6c14b4bbaf8903f3f0fcb85476d385a13a9f7509e11d0c5ac7f2a76e6de60ff4d1b8852ab968d933e7bab96bc

/data/data/com.bdtl.weplus/databases/growing.db-journal

MD5 46e9f2ec8e7f18dc9323f803a0a55c96
SHA1 6b29f763f3a75d7de7abc5906906ea036c2cdaf5
SHA256 ba3d53e333336e7ee0bf368599afeb8450a1b703738e7a518b6c8316ea67cec2
SHA512 3f1557650f5efa7ba2f222cca1599b5284a3bf37c2ac46dd75389e375d2d22f030c719582be478aff8bf3cd42fc9e432abfff8cfcb05d6aa565c3b4faeb9127f

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 7fa17faa4b38aa93673531f4d4e64fd9
SHA1 b8bed3bd6cdce47b214207771d4181db77eb2bbf
SHA256 5d6cff27f503fdcbc08041d321a0a8a3f94310d2d75954f9c330363c480b2c34
SHA512 6e2d9f63b39c30a435e5c41e71c8d435291bf0a54904aaf79d3f05e2d0ae5876d92836336b7c8e3c8536efcce3c3e2903675694ba077361605c5b82b97d45f5d

/apex/com.android.runtime/javalib/core-oj.jar

MD5 7e343cbc45b618d05182d74bd61826b2
SHA1 02ee96263b3b967e570e8ddb1fa36cb21032b71b
SHA256 324b5af2ec2d78bb57b1552f429af51ac8d65f7fa277217ae8d4371ab14178d1
SHA512 48cbd8a5b246cf9d6ec16558ab12af131439837094c63a64046de384da933593459fb1aec126393bbe3b2b8ca19437f38b68364c9f158023a7b1a35e6901c705

/data/data/com.bdtl.weplus/cache/CommandCache/1d6d1e03e94f68c105bf0d5feb6a107e

MD5 2a873da5bc5898fe4ea2d8008f054555
SHA1 d26be1204376bdd7ad261ff06aa0e64afa67a7f2
SHA256 ecf74b12dd32548f98d4aea7f24daca7b491a6b4aeb6254be470beaa0ca0a034
SHA512 7d5306063dab8b91c0d2b65537c8e8e1f97f7363b8e84b53268802962908db0471f5e001a1324ff81e290c0584df86f7bfff539d5b12258a87c5fcfcf9a33bee

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 a67cfebfe021f6475d04007088bdc544
SHA1 1864397f8037187f0f81439e92e49bae46718d54
SHA256 4aec52e3b197a98fb5f8d0dd62d01dfe7a41eb5f7a2b27199f759ad19ff608bb
SHA512 75eecd048a50d959fefe9901aaf5e53433d7c7ef80afa86a283f8aa00aed4bb86b1a4961f28cb5a11c9559f27b00f89ffe2e53736ae75a46ec23106c281c3ff9

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664787160299-0001-1447-AD218D90B142SessionCrash.cls_temp

MD5 aaed027ebab47a9b89a720b509187b31
SHA1 cab055d54602c8afb5e5129e37e530fbc4445671
SHA256 24da5ddf7fa1681fa4c4e88298c560270a2e49a769eeca8774cc9f527ace45c8
SHA512 c0ab928f8d5a0956233461160a108a40f4bb1ad244890508a53a807f6c3bd6550e3a23a95e0c0975c76d784c84ce03e72fe8e16fa726009a66f8887fee333b64

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6647871C024F-0002-1447-AD218D90B142BeginSession.cls_temp

MD5 b8d249f2c7d2db0a1c07cd72d1a22e76
SHA1 5b4a4a522810dc7606c087fd83c585f620a00532
SHA256 4d1da459d7019971045a7f5b1960cdbc7c4ef9303fafb2d0fed1f5ede3441159
SHA512 d87be1e2399bb67790171069a9532d911aac58b76263849aa050822de37f520db4852c4b2904d15677da7a300e5aadfdc05228462d8a49eb88749c8589ec43c9

/data/data/com.bdtl.weplus/databases/ua.db-journal

MD5 7e9c6912d8292cdcc063849a27453643
SHA1 fa9ca6588b7069c87d5b76156566afc18b766fdc
SHA256 a40491cfedd3f11c02f34ab9e95ddfeb9e06c6627c76178342107e331c050edb
SHA512 9ef897de332141e84fde28e7595be1e1d4e4b1c36e6155f7118c6e4282c355ec288f91a11cd08d781aec2712fa2f14a9f0594ae33dba303f7d4ef79cc27a78a1

/data/data/com.bdtl.weplus/databases/ua.db

MD5 77f6f6be19611801bad8d1315a2ac585
SHA1 ba142ede5184a5492cb2286f8082761d0c37190b
SHA256 27c04a0dba9f2cc43aeb7bd6e375cc05009e0a0f569fe8b436a296c82a316be7
SHA512 a1b7e655d8d421c98acf5e5a74548b9142abf15b392fc6205b547f214fe0216ea3aa5203a8463310b25d0c6d4ba1732746da6ec7393496a54f262c0c5116c866

/data/data/com.bdtl.weplus/databases/ua.db-journal

MD5 56796505fea45fc840f00c14d27a449f
SHA1 66246f7502ff6b91d0dd1376f690ea3a0f0330b6
SHA256 5bb9f9783abe2e25c89d4662a1d85ef85d862282868055bd17fb2354b0b70b61
SHA512 8689fce8ead0e21faeb4563a3a3da0d0313ce765ff9310487c3993ddd9355d2fbacb30b062739d0e9e9bca12658a01947686dda6d15057c32c5f2151d160e05e

/data/data/com.bdtl.weplus/databases/ua.db-journal

MD5 0317a76b140ff967ae046d34f4b75c0a
SHA1 3afa300e179c04c5ffae2f5940f72955cf0d8337
SHA256 de2e61948136174320a9b370201213b9eaa5d8d531ff3594c4f8d6b9f764716c
SHA512 d28c3ed89b4b5db01fc052163ca468810283f94cabf5e61a51bb89a66eae4bcf6480566a025db1a94cda6a3167e931bebfd240d60c0a6e16a4a9c9172b9181c7

/data/data/com.bdtl.weplus/databases/ua.db-journal

MD5 6b1751d759e937c12e92b620302d74b0
SHA1 70efd624c44a3786d3b29548879ab6e66fabfb0d
SHA256 029023dbc0b7dc4f5b572fa1cda47b1581cc7225f0bad1e7ed59c7d774d79862
SHA512 52e0292b10f7642aa4b6e9aedab71f1f71fb9fc3c77211c40f3f1b52bfd84d09e7342c8592fa7d2594e5e858f57c737c7638d7f2a52e52fff5f1a5b702759037

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 16:34

Reported

2024-05-17 16:37

Platform

android-x86-arm-20240514-en

Max time kernel

170s

Max time network

186s

Command Line

com.bdtl.weplus

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.bdtl.weplus

ls /sys/class/thermal

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
US 1.1.1.1:53 api.leancloud.cn udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 47.102.52.8:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 develop.wx.imiaodou.com udp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
US 1.1.1.1:53 t.growingio.com udp
US 1.1.1.1:53 ip.taobao.com udp
CN 59.82.122.61:80 ip.taobao.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 106.75.118.58:443 t.growingio.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
US 1.1.1.1:53 router.g0.push.leancloud.cn udp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
US 1.1.1.1:53 tags.growingio.com udp
CN 59.82.122.61:80 ip.taobao.com tcp
CN 106.75.109.179:443 tags.growingio.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 59.82.122.61:80 ip.taobao.com tcp
US 1.1.1.1:53 www.pgyer.com udp
CN 203.107.44.30:443 www.pgyer.com tcp
CN 106.15.83.67:443 hotfix-api.aliyuncs.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
CN 106.15.83.68:443 hotfix-api.aliyuncs.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
CN 106.75.70.154:443 t.growingio.com tcp
CN 139.196.135.158:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
US 1.1.1.1:53 api.weplus.com udp
CN 139.198.189.215:443 api.weplus.com tcp
US 1.1.1.1:53 www.pgyer.com udp
CN 203.107.44.30:443 www.pgyer.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 47.116.84.195:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 47.116.84.196:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 47.102.52.16:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.75.118.58:443 t.growingio.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
US 1.1.1.1:53 api.growingio.com udp
FR 163.171.243.222:443 api.growingio.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 106.15.100.136:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 47.116.84.197:443 hotfix-api.aliyuncs.com tcp
CN 106.75.70.154:443 t.growingio.com tcp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 47.102.52.7:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 139.196.135.157:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 106.15.100.123:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
CN 47.102.52.8:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 106.75.118.58:443 t.growingio.com tcp
CN 106.75.100.17:443 router.g0.push.leancloud.cn tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 106.15.83.67:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 106.15.83.68:443 hotfix-api.aliyuncs.com tcp
CN 106.75.70.154:443 t.growingio.com tcp
CN 139.196.135.158:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 api.leancloud.cn udp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 47.116.84.195:443 hotfix-api.aliyuncs.com tcp
CN 47.116.84.196:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 106.75.100.17:80 api.leancloud.cn tcp
CN 47.102.52.16:443 hotfix-api.aliyuncs.com tcp
CN 106.75.118.58:443 t.growingio.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 106.15.100.136:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 47.116.84.197:443 hotfix-api.aliyuncs.com tcp
CN 106.75.70.154:443 t.growingio.com tcp
CN 47.102.52.7:443 hotfix-api.aliyuncs.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 139.196.135.157:443 hotfix-api.aliyuncs.com tcp
CN 106.15.100.123:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 106.75.118.58:443 t.growingio.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
CN 223.109.148.177:443 ulogs.umeng.com tcp
US 1.1.1.1:53 www.pgyer.com udp
CN 203.107.44.30:443 www.pgyer.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
US 1.1.1.1:53 router.g0.push.leancloud.cn udp
CN 106.75.100.17:80 router.g0.push.leancloud.cn tcp
CN 106.75.70.154:443 t.growingio.com tcp
US 1.1.1.1:53 hotfix-api.aliyuncs.com udp
CN 47.102.52.8:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
US 1.1.1.1:53 api.leancloud.cn udp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 106.15.83.67:443 hotfix-api.aliyuncs.com tcp
US 1.1.1.1:53 tags.growingio.com udp
CN 106.75.109.179:443 tags.growingio.com tcp
CN 106.15.83.68:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 139.196.135.158:443 hotfix-api.aliyuncs.com tcp
CN 106.75.118.58:443 t.growingio.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 223.109.148.178:443 ulogs.umeng.com tcp
CN 47.116.84.195:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 47.116.84.196:443 hotfix-api.aliyuncs.com tcp
CN 106.75.70.154:443 t.growingio.com tcp
CN 47.102.52.16:443 hotfix-api.aliyuncs.com tcp
CN 139.198.189.215:443 api.weplus.com tcp
CN 106.75.100.17:443 api.leancloud.cn tcp
CN 106.15.100.136:443 hotfix-api.aliyuncs.com tcp
CN 47.116.84.197:443 hotfix-api.aliyuncs.com tcp

Files

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e48bdaa50e8f2c647fcedbf1ea7963c7
SHA1 154fc39bc778b2aae044f6d01d3734f615bd30cc
SHA256 3fe69a63efc5817d7dc4413ccd02623ba2136fdc9849597fde3648ecd231b094
SHA512 14b47efb700ae236e349f8b763545daa086d01a97bd14ebcc8a79f38644dd001af8da4cd707a4228b25c75dfb0d863608bb5e45262b33ab0051e304db8e551a7

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 5a1a88d3551757be5f41679d2031c494
SHA1 7335c37b7b1f2374e800db57c0c150176c91c182
SHA256 5e181957a6f2031c703d2037f360d034c5919540ec4ae9d82c696ae155278d18
SHA512 12ebef6b9de81ea41ea86b5335b1d55caac7d1d48ee4446032d723ff14946df1c7008e616600b909c335a30629f01188290056380d9fa8afb339e8c43254c5af

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 924a5d916f403f0a65e0dc2bedad80bc
SHA1 217e75878a0b4cba131e540fd10a6b708578cf74
SHA256 9eb8d3a330ea3eed48bc9313c984ff50d8b2ee13f0af1a5a270c0e3b63053326
SHA512 f69bffebefc719b616c3630191f4af297f6ea8afafbc5781e049597c71a008055d2f182928fe951edd5c89bba65a7557ae2fc8abf5e451b11056a239c448038e

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9BeginSession.cls_temp

MD5 979c4b2b1a4318d69ac6bd3cc48bc39b
SHA1 d2532f02c5411e6eb403fe5eea37d15a5443c354
SHA256 5b2dc8dc122fb8002328c5a828b6372e82e5548d21215278eafebe7402d1c85c
SHA512 99d815ba44fe435c8110a7938a6217780cb7ea1757889742df4130cac1b4e750db9e086cb732ce515d0845f3f8048f11d250a3822802f69f7bc5ab3101172c2c

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 262eac9398fa5df6219bc13bd2bb1d38
SHA1 cf81601deb24a4cc62a15c8f4ba902070e572429
SHA256 edd604817f6201f90ab432491ac88a1e55026642db150870954b662cb627c27f
SHA512 808166a0ae45507023a1c57c95373d56d5cb9a91b412666a17b79c82e980355212df8f81d662d5c92590527376409a9f105ed9bbad2604b83a27bc695bceac21

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 b5e2ef105d1d2ad7842fd0e04dede064
SHA1 765058ebfa1c55228864a28467d1a32c5ccccb06
SHA256 827806579bab951972a876a8acd09db5516f48d6c81c52fbb3d453cb7292a918
SHA512 e6c45b905cba79bfc4ab9086a7de8ad3caf857883eb0fdc634b685cee1ccf3d0d7350e1cf5a56a51d7111a5b6d89492a9cc9e6bffede42cf70a1a397047b67f2

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_259bfca2-67cd-4462-bead-c49f55a072e1_1715963666291.tap

MD5 3ce357da684bfbcb8c11e05d68447556
SHA1 7b0a728388a9c8c80a53d122d949877a0f236b69
SHA256 e082812b5046ec07fe4b6e7d2bf17eeec45bde6b7e1aa18a0365dfe129cbf223
SHA512 caaf36c3cd79e229ba122d17834d79b0e5d829b6bb6967736cb72c3d5177f10385dc8fc6835e326cfed11d4d542f96e06cc1d6f51f4c10e8485c3e432ad9d090

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionApp.cls_temp

MD5 ef5351970f3b3f345d5265b0c8cf3d4b
SHA1 17be9677c865aa9421003004796b15d0b520cac0
SHA256 b074856b644558818034a1689cae2251d2cba65e605339457a030d53dea35160
SHA512 6479eefce74eace5b23a3ba398b64a525c8dd42284c3c5f5755514adae998a3903b9400d665e426e488023292bd881fc9ea9090e676ed8bc5820fd3695a99a71

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.bdtl.weplus/databases/growing.db-journal

MD5 379509d75653a124c7c316ff1d2851b6
SHA1 b1dd4544dbd9ad81687191e82bdd6fd80547cccc
SHA256 fdf5c0deee97b082fd8ee7994ea4dfc342cda936928631dc3639a12d284a841b
SHA512 71cf1df900d7104de17adbb972f98ae62eb5651aa02d53ceda711000bfabe820583c249fb526957bbfd5decf47884857a033a1a24e834b73d9f4aa57df136fd2

/data/data/com.bdtl.weplus/databases/growing.db

MD5 3f25b5f3dc53922e9262d0dd6492e5e9
SHA1 978121670e4c469930dcfda5c16e4d462943f96d
SHA256 fe6e64895d6ff10c7d1b7746c29e8c79d2d368768f0e9c6e79e336fa434685e4
SHA512 91ef7fe70492505c06a4a9ea3516fb53cdca73597e2c98a3d90de879b7ce6a29075e20242675ae388136e7ca7d060c2d0b725c7dc739ccb474a8e58fa272bbf4

/data/data/com.bdtl.weplus/databases/growing.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.bdtl.weplus/databases/growing.db-wal

MD5 0d89144bb9f4432106a89e9c558b34fc
SHA1 cbb1fad9498c39a08c0f03acda3202e169c69b03
SHA256 c4279b810f1def96303e97bbb18d5a6bc2d41597e650562d3e75b8195306654e
SHA512 a93ae2133c0ddc19165255728b3fdb50083c76cbfbbf8f8606ea4f9ffa0d707d62d8a3aad12b47cf130cab74caf9737a4a88044fc809e5922baef8c490e940ca

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionDevice.cls_temp

MD5 fd60da8ed8a79d760963b4ac3e83495f
SHA1 580f3c75b1e243d5861e6856dffe60ec46946c90
SHA256 308a6549cad86cb2799cd89240b0122228a20762ead0112ef6c8dda5552b23e7
SHA512 feaf3c1768b9ed51579b663644fc4871ff3837af416f152cc671a47f9f3bca43192b5528006fee5a224766ce18f9964b62057def959221d773e4e937875a2777

/data/data/com.bdtl.weplus/files/installation

MD5 6ada1532aecdc6f3c98a903da6a7a481
SHA1 cb74322bc5dbfdbac16e6ddb6d92e131069b7465
SHA256 f0acc24a0714f8a29225023ba00c26d37ce8458fa512e34a6b328d44f19265d9
SHA512 377b8b6fe8e78597c18a89944d495173488352c61d0df79082fa2d470acf75897d1a9feef9f46bb8aeb95c478cc26f1681d0484b2a2ccf0bbf2536705c077f04

/data/data/com.bdtl.weplus/cache/CommandCache/72be117fc090be4c57ca0019baf48aba

MD5 8f7b9b0cc00a29b8ad6e20a25fbdd550
SHA1 d55a1f8d2ce200e1188c9027d7b460183caa7578
SHA256 0d1bd4a17594da6c1a744153d13d070a03468fec2d35604de66faa91870c0b5f
SHA512 7e7efa5ea2aa8153b77a303fe0cddac87d37cc2d8a740b6dfae7bf1a393469bb1d0f7d841347bdbd7f31bd1d7ee4d6159cd68e9fd4598c1b9a0e9bf8726672b7

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 b634abb5b6ae8f2d7e211c3dfc2760e4
SHA1 4a015faa95d3049361cc58d83fdfc89235bc689d
SHA256 ad22b5f4c43248ebaeb3a9c7b89fcfb9c052c4bb1a0c88aba19a3515cec13890
SHA512 09bd4f68e743177ecd01c7776bc0c4ff15219d462abc05018cc21134fde57896b12ef252983a3e7f4f8cbd66b3fd001e072ac82ae2801b7712eb8202dba1709f

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 d96a896ed347bf0ca113f0859ae75d90
SHA1 25648fb2d1cbaaef831d7d9133d4e3297d9db690
SHA256 9ed5363cae25adc7d66a9d9b2d3fb9c354082f84cca29b2b9e72c0f74722826a
SHA512 ffd3af6e1602378f2faf86b7fac8015ee5bc8d7b931eacb8b7fb190b4b3dfca03b1d18c3d541e4e57d00a4faec7f38bf0b63528647cbf3c38587868d0c791c76

/data/data/com.bdtl.weplus/files/umeng_it.cache

MD5 333313cb9902b018516049a879290b3c
SHA1 872f5185c3394e0290f6e24e9c27a794609fbf75
SHA256 d5c039ae89b9834a21bad900940e537f2c1096b3fa16916c5b05ea61ddda88be
SHA512 7379cb71fbe14f6dabd8a688c9e451072051f618fce3fb01b6f1379988974bd6eed841a93993a0e53302ac37286fff760d1a9118087dbfe1b1889069a1080c44

/storage/emulated/0/Android/data/leancloud/dontpanic.cp

MD5 a78c3fa5324fac4f1514d081e1740abe
SHA1 935d66367d2d03cd1eed90f2b793e3f3ac03f592
SHA256 9a862e3a91d9692e7f78bf957c9ed963ebe111a6c434c92082fad8ad676d50da
SHA512 cf58d0aef5873e26f0ce8b72a95e81f3d356e93779b96b1834837adff66316076df3d20bb0e77e9bd0f71fcb41dcd434cf19852c9722e654fe7841de0885ff7b

/data/data/com.bdtl.weplus/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTYzNjY3ODQ0

MD5 e869c556b25e7894dc4144b93fdde8c9
SHA1 24a853a6d77d83ed1c72acb55b83f9f878fd22fc
SHA256 6a42d3ef3ef2d7e64c07812ae33c1e0f14b03e8bb77d0b306dd2ce6642e06ad1
SHA512 5ce471c2e9e5704504194c066f3c66ba3d8be2d45ca2535e1e0dff4e38ea56149c679270dc97a4c22616de10bb80e7ab8d04c217385afd8ede33b135e837461e

/data/data/com.bdtl.weplus/files/.umeng/exchangeIdentity.json

MD5 1ddef808e96fe1b404b267056248e7b1
SHA1 0e2472422b33f3d2d590d55e477d97ac7a10dd60
SHA256 1b9112b993ccddb750b374b905ba9bb9c43efa70ee2f4889ba5aa4ce8ad0c7fd
SHA512 c55a424f9bc1305d95917ab9786c5519df65f22497fb7dd782fd8aaf7e2da64135b54c7bc2c6b5af207d5f5111aabfe072f1269ec4ee5a30402031031d2eb02a

/data/data/com.bdtl.weplus/files/exid.dat

MD5 0278770e55786912f53e991a702aafad
SHA1 c221bf2571654234c54e8c274eddd91629339f66
SHA256 d60847cd4c91b5c930de19435f564c19a6607d09d793c290d461880e6bb5ad5b
SHA512 19a4d45ead29f4f9f66fc886475fca5e5da11585daa6d22909a67a241eb5b335d225219c69fef7e87ebc997b83ca5805f3e25d31822e1f72f3cb960899860cca

/data/data/com.bdtl.weplus/files/.envelope/i==1.2.0&&3.5.15_1715963668156_envelope.log

MD5 25c27b64e68ab3a30694a50d7bb25f30
SHA1 02f21a11b72f6c2890123d41dded41ef4187ff22
SHA256 6f4e6744d3eb7ed8176d6c93138371bb5d3f3d2d62e00dd50f9f0741e3c13ff7
SHA512 3586beadb9c3088e144c08defe8c5bd6b82cb3b6522039a539d14a5972990dc3f72d7d6a8a913ca4a1a0ed4e85c45a31968561f9ee8f0f38dd9957bd56d25c63

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 a3e003fdf6634463e7d56b178670223a
SHA1 9127df2d2bb2340b0ed64124556767b01fb140aa
SHA256 cd006ca322b9cffff714808196ec1ab2a5f66da315d3b44672760b47b25a67b9
SHA512 a0a0fc26f8f3d6f56ff03265f077990b778f3b35cd789237a7f298a30b95b338e9a5fdafc2dff2f4e4289fbc950c50519472d8d961dabe5a336713287994f661

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_862668a9-2d46-4774-8b1c-2338f0b6ead7_1715963674050.tap

MD5 c101fe9217d276363bf40606b8997940
SHA1 7b84c82f54214870708f051504f44e252f33d66e
SHA256 8e31a9af6e5ed50bd8437cf06cc8352efcfd3361b81622b764ca71a16bfa73d8
SHA512 c983cb5fb472dfbe2ad293e1b6655629eba13f5cd23ebe34f8f6dfe738ddfdf97d195f1a6015f58b9f1c3429e93e1043c902781a8f78c8741f181209d5a2a175

/data/data/com.bdtl.weplus/cache/CommandCache/d430f86c50b4847986fdb44790399a39

MD5 3e923adf49015f5a720c55495a4693a4
SHA1 aec1af45afb7415270f37299bc43c8497e1d25af
SHA256 d7a305c8df3ad1f2a40f8585230edb7a66f762d771ef44f2f47d295715f09688
SHA512 69fa248630a035be69cfbc34153a56d60656ad96e41f1cae0bf4531644570d0078154f0ff5c5e8881301c96f5f003811a96e29515f9446f988a844f0af9c1918

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 a71fe4d49dfe048189be6e0e2501b853
SHA1 c8696c060e205d09fe4d57c51f3e0876b14b4e9e
SHA256 c20ee56ad0eb0cb3cd431d7ee40f6e2d3b551a2eb182d64cb8b9740e9c09825c
SHA512 43d8110f66a804f526a9961e675d7823c054e4a0450aa91206cdd21fc297552ae31c2090f24933fa4a6ffdff0dc17a641535d4f5bf86ee57030cf0a0600d111a

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 aac6570d5f092de0de4512b730cb0c68
SHA1 1dbae0d35547bd6d8a783e5370d92a15556d902a
SHA256 d9fa3b42504f66302e1ac9fbbb0d4ddb3a9140d387b41bd2a55d233f1dc39cfc
SHA512 0245d696353e4555cdc31c73df826710a235ca9fe43f1a7f80e9b6debdfd36fceef6590e4907bff96ef5e09103e8c0599b04127e88423654c4d333e5e69b027d

/data/data/com.bdtl.weplus/cache/service/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 1400628be000c28e078f3828de94b7d8
SHA1 d03c4eb4b09a3b7f4b1c212af3f2da891b7dcca2
SHA256 759908d92a3b1a238bdb81ec9f3688c3e6e7738bda9248ce5104613ba4df253a
SHA512 d634d2555abfae7cd47e423c280820246a3ff2951b437be8d2585a0c42c21dd4ab1e4715ccddb0539b872eeee6127e53507ce2de25649f60f393d09c76c46e84

/data/data/com.bdtl.weplus/databases/ua.db-journal

MD5 1a42b0eedacf2bec86bbf3d3934f2ab8
SHA1 1d9b9effc9b80e955c3b1c0b7570de83f13915c3
SHA256 27610579ef79567c15108e4abd5ee884fe7976b758b827a95e15a14034598f49
SHA512 0da0af8b8f1918704f220dbac651802df1a997d455612c4847e70653b1f327847ccb5734ce74657fccce1ab9440d7943f903f1352fa0ba2227cd7ea4d5f22504

/data/data/com.bdtl.weplus/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.bdtl.weplus/databases/ua.db-wal

MD5 aeb2b5458ea99532805d88de8ad98ce6
SHA1 ceefe723d859c6e7f7c5d82c1faa1ec9bfa193b0
SHA256 776e11331b72138aeef33d813d74bc9ae22f88fcc7ad69ecfddd7cdbae7fb7d5
SHA512 ab962518a0c20443245196b9c4930354675fd721eb27ead3338577664d52f9bd7e9073038f311e090bf65e393cf81fc5c2dbddb1520016f19540a7e0a26e1721

/data/data/com.bdtl.weplus/cache/Analysis/avoscloud-analysis

MD5 738b1045bbbe1c5f74a98d4caf35bdf3
SHA1 ab124dbedaad4abbfca805819b2cb84ff542363f
SHA256 8b45a5a028c5123e26a408bb14c5bd8097b15ad4d62409a71f321c0860c90017
SHA512 d8043c10be271ca60a46e847645be7dae0fcb14d3679f0d1b440e49974fe9c259eb61120dfadd014303c3226aa65d644823d7ee97a20af5f3c3e1b084c5c62ee

/data/data/com.bdtl.weplus/databases/ua.db-wal

MD5 2616869c32a604ae8a90d292f23f8383
SHA1 c335a2006d93e7f07a3a15f1e8302976bf82bf95
SHA256 e80eee463a193bcf3f1939dd1c512354617d86f4ad0fdf516fb7a110d4865dca
SHA512 135af99c2cc5cbc1b312766305bce2869d752ded79a907a4a403ba39d1ca92edff3cf7f27ab156ebae308a4d38be8e852533c8583390079725e639891ee1c5f9

/data/data/com.bdtl.weplus/databases/ua.db

MD5 03a4826b9c58e15899c9c80b9a5ce9ea
SHA1 05ca327700c308464e3fee9101fd7740a853e39d
SHA256 f43022781f4193cc5777fd2ac8dc14cb2534b6b57e88f165ee866451d6c4e04c
SHA512 cd58edd75c0f917b4c6f37116a4eeda4b539e2b8c680a92e9f30d15ed61990a761cd19f0e1bbc6d4c9b81ba3d8dac551311377afb93a8ade0a7cba97fca3b097

/data/data/com.bdtl.weplus/files/.envelope/a==7.4.4&&3.5.15_1715963684339_envelope.log

MD5 bd799391218e99d7ea9ea21b7bcdad45
SHA1 d715359b6f8a83f7ae22ae11115c1de7bac0dc35
SHA256 5bc75da36948c50dd99738d236746706883843caeab4031041854eef592c71dd
SHA512 a55d7c510d2328cdeacf6f0b97e4a0ea83179faff5497bedceacba43173bfe9748061ae800fc7f4bdeb6829c521edb258b6c7d1e7100fd1feb7e367085362b58

/data/data/com.bdtl.weplus/databases/ua.db-wal

MD5 68c2426bd01f023b004dae472e4450f2
SHA1 9537ffa21805fec804c281dfcd3a0ba72d2fdcbe
SHA256 4f58c6a2132f93027adb64c090d3d9f4202be0424cef8be5e6720873a5772ace
SHA512 9e79390b4a6c14c002e2cb6af294fffb6079c0368285cb5240bcd3e4e147c016fd3fae54290470a3ba8e3e3b2c312df3cead8badaac51a16f6b89c43b6105755

/data/data/com.bdtl.weplus/databases/ua.db

MD5 dd230974a82268c8b060c1112ea344da
SHA1 42a06c200bb1da2d2b6a2bd2dd2d6cb608b25d07
SHA256 a4bc6c594f496e372a6f9992a84d20f3033380b2fc6ab5744ca0f56721a57761
SHA512 f6dea952ff008ae98cfe1d1a2126b44ea2c45c8d2ca24c9cf6f1c09236dfb184b3d42e269cb2aedcfe346c2912d8f7e97ce9f4fc8d88961d783dfedb520a22fd

/data/data/com.bdtl.weplus/databases/ua.db-wal

MD5 d99025a72810919822792ed31d978446
SHA1 5933176cd93c3e73a98c0cb90d2b338613ecac02
SHA256 14ab71eb0ac11e5f0c19d0332cd8eb142c9da722e31003bd9d6c255b25c95dd4
SHA512 0230d9aa0026d2266c4609413f2d04f3b3d83ad8b10fd6d921619dc6a551da647d6275095ee0252c9a315065a8282b5d989debd57b13c7cee4adaeb0638f1dde

/data/data/com.bdtl.weplus/databases/ua.db

MD5 3580c2a3985624bd7a48c66ed51f0ebf
SHA1 7560a570ea7df859fe890a19aefe786489975c9e
SHA256 8df8a80f59ee439a35f53928f6bba9afd6df8d07c4efe0027b04647ffbfc63b9
SHA512 c59fcb0fdb3934ca50bc6e71ee6b1f4ef67af03d927859f01b05a0cbd41e5841bf87f8a2f8325794b2227c01e819b27ea19c2e7c7b754faeaa3de58c483fa647

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionEvent0000000000.cls_temp

MD5 960d4d2cf09b5065fe3d2897c424ad3e
SHA1 004302602caa817a81eb149dcf5de7d0f64ed298
SHA256 99980d70d81c4c4891f488573018254b21bac70fc08c0eda61a5661e4cabb534
SHA512 86c72906266f196fb7e47f9ee53e7d58de9b851da4d4cb7945ab188c01c5e155f2fc3c5db58dfb8a4acf939a4b94d1d1f076c1d663f2fcaed91ffd1f745bd687

/data/data/com.bdtl.weplus/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTYzNjk4MzU0

MD5 d3f87c3858911e0065ed25b0e6fe0953
SHA1 baff2e5ed2035ba40d1f62cc8d207196f3639246
SHA256 59d0dd553e300aa65d34aa2efcc19a61194dfb9fbaaa8fb5234662eadae5567b
SHA512 2d2ad67120021acce93f38832c41c09fe9851a5d6df759e222e485aa7497b791fb46877eb30733004ce9a42e259da16a83aae5c641631d07f3c88df78b32d701

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionEvent0000000001.cls_temp

MD5 ff79143588d4dcb4e377c38d386d1798
SHA1 95281d8a1f29ba5a3e0be7a7e6962f639eba2fe0
SHA256 1147f2189d3cb12c63caff016bf44508078286a273fd8500a3e3b5c2a6b95802
SHA512 ba5963b12b16248efcdb23b80b2bfd0849e295921fcb4ef515438d1c5bd696f33b27ae0a692a11195458afbcd77d1fa06293afe1b1b7a0828d5d9dba549eaffb

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionEvent0000000002.cls_temp

MD5 6978b573a7650e80d912d4a81593e3a4
SHA1 61c9e90c5c1d71ff2d075eb5ca8d584e74a3a664
SHA256 d0d03e5cffb6ebee6744180703fcef7b8b10e5142d21bec92394de91600d621a
SHA512 5e6225e17a18c077cdf5c006ea9ec627cc8f9c259806fd35fe6f0b7aee0a3b7d537e72c388467b9c845baac3972b84c43260f3b9c81fb06127ca7415e84272e8

/data/data/com.bdtl.weplus/cache/CommandCache/2b59f0780d785e272bf171a3c35ae427

MD5 1891cdd66b2e7847a57703f4829366dc
SHA1 0c422c1e66bc340cf66a8d21adb0b6b1b34d44f1
SHA256 1c3145105aa62d2930e667d418e2b2d145326ff37eb4a2fc7eaeabfb2ca6f8f5
SHA512 12a20f250ed257283298d35b60bc631808d7912fb7a98ab155e7bcc60ee155498b9ecfa222ad740593ca3473c1e79a77190369f8ec7407e99984cdd1c1c14ec5

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionEvent0000000003.cls_temp

MD5 4e82e379e4cbf7984d54bc6cc4eccffd
SHA1 e55c3ffe6ed1cb3a85da11a2990cfb2eff1a1d0f
SHA256 36b5dea00767f9df31a701dacb078c35d0b064e558529babecc04856ded22311
SHA512 92fc595b49f85b1a0e8c4be47ee351497d727e89874fd818ca7a91ba659f9bf6f9c0c6e8b209024e27aa5de0b75bc1ebfffb2207f1c421be84cada134d7421f1

/data/data/com.bdtl.weplus/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66478711034D-0001-10EA-9332DF9B9DF9SessionEvent0000000004.cls_temp

MD5 0fabdc202d1bf4f387bf3c28ffff1cf4
SHA1 87a1c371f53ed7173e69ea146f053d8dc1bb76c7
SHA256 5112675c031607f94d440b4d71234735da835c46873d790a9f189a2f11f619d7
SHA512 431d1217c2dbe899f1bd8bca9e5555f30ae245c5da7eb956ff141d37ead13b587a409c5b4ae46e9c4eb6255f2401fa668ff76b561dfce4225b8ba06bfc640802