Malware Analysis Report

2025-01-19 06:59

Sample ID 240522-gsv32aee9z
Target 6640d2fdab5dab271e9d362147c3e2c9_JaffaCakes118
SHA256 b75a36052874806c3f0c7467fd92694f02a866a236b8d3a0fcde4b195d2049ab
Tags
banker collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b75a36052874806c3f0c7467fd92694f02a866a236b8d3a0fcde4b195d2049ab

Threat Level: Likely malicious

The file 6640d2fdab5dab271e9d362147c3e2c9_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current Wi-Fi connection

Loads dropped Dex/Jar

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Obtains sensitive information copied to the device clipboard

Checks CPU information

Queries the mobile country code (MCC)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 06:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 06:04

Reported

2024-05-22 06:07

Platform

android-x86-arm-20240514-en

Max time kernel

18s

Max time network

131s

Command Line

com.remennovel

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.remennovel/.jiagu/classes.dex N/A N/A
N/A /data/data/com.remennovel/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.remennovel/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.remennovel/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.remennovel/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.remennovel/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.remennovel

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.remennovel/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.remennovel/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

getprop ro.build.version.emui

ls /

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.3:443 tcp
US 1.1.1.1:53 datastatistics-zn.cn-shenzhen.log.aliyuncs.com udp
CN 120.25.112.99:80 datastatistics-zn.cn-shenzhen.log.aliyuncs.com tcp
US 1.1.1.1:53 cmapi.dingyueads.com udp
CN 101.133.195.152:443 cmapi.dingyueads.com tcp
US 1.1.1.1:53 dycm-poc.cn-shanghai.log.aliyuncs.com udp
CN 106.15.241.244:80 dycm-poc.cn-shanghai.log.aliyuncs.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
CN 59.82.33.252:443 adashxgc.ut.taobao.com tcp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.remennovel/.jiagu/libjiagu.so

MD5 50750315eef281575611bc425174b939
SHA1 acaff02526d7b4c257e00002ed09af364f66a401
SHA256 c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA512 60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

/data/data/com.remennovel/.jiagu/classes.dex

MD5 06277f75e0a4e4f5bac8b5df7cb9c32d
SHA1 96325388e21e14f66d6b212e40052ec6d80d0a06
SHA256 5a5cd0f76f87a871c43af6a05d5130fd555ffee180edfa4154555cc06d18e920
SHA512 bdfe647815235c202fda90f9edffe29b42043b86ef604a900610a309f742403216654eb841a03a8b6b12067abbacb62b0fdeee1628d53a8c30e7eb75879dd7a6

/data/data/com.remennovel/.jiagu/classes.dex!classes2.dex

MD5 9df7daf1611e81cc4f576d622e0eff5f
SHA1 eb70ce4682dfbb61cabceb55fb171e05610d8464
SHA256 7f99f82a8b1dad43441ddad3a2925d4469bc0042fd7234d3fcee44aa5677ef97
SHA512 82898ff96522e4f282970decce8716b5452fe1435e44bc849c41d8763444fa9dd7f4147454f85316453c082f0ef02f8155452609da05a21a467136d6c46b8c5d

/data/data/com.remennovel/.jiagu/classes.dex!classes3.dex

MD5 49230c3c73b4cb8d5cb84987edffc290
SHA1 ab1480997792da94b2a970c52c97fb271ce98683
SHA256 a3255ea611b63f2599d3f217a23ec0fec39227dd169d5fdf69753f93698b776d
SHA512 429a302e7eb1df3e7e9844f981e6dd2ad3fe30d1f89401311b58354ae06bd21fe940492873e3c6cc7e2e704141402c5fe69cbdcefc9f3f8039d98cad6c8453be

/data/data/com.remennovel/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.remennovel/files/.jglogs/.jg.ri

MD5 34ca82c39ac60bc8fc8644714beb4f91
SHA1 79bf8a2c48be5e4cd6f9b2e789f3b8e8653977a6
SHA256 55cba5e7d34d5a07f4607f6f7d7c8c169b188f24d35b61451386b27419794058
SHA512 d786994112fcf9c2fb921611fb640c764460705f854346e5ba7906e9353351f97cf4e929ccbc96c62719be2ac9421065480f69a0f3ef9a8446b8476df771f83a

/data/data/com.remennovel/files/.jiagu.lock

MD5 a433a826b23e46e1ffdbf5083095954d
SHA1 33d4505c80fcc688446668b85d55ead54fb34e8e
SHA256 b5dc2efeae153184e5d68742146c10b20edec93e750c9abb18c531427b819610
SHA512 98db81db661302680d46c52bf7c3d649bc6b1a5d7b7b546ca07c307c867bc56f5b004b89df43e421d45479dfcd93a9de2180f5a060e100d04cc4addb6a8641bb

/data/data/com.remennovel/files/.jglogs/.jg.rd

MD5 0fd7e63179d7631a255bfacc5147b255
SHA1 d167fc466cc142680815a8ac90e6ba27c47b0c42
SHA256 55fbb0c1f7a18bb055242c61e0faa709e45a8c780f2d4e7ec3a9c8d75ea2b90c
SHA512 1058d18caa923fea9eea8e53c86a9b50dbf91f95aa398314bb600a506df3d3627af635051e57df9369e16e01f19209a751f2b17e4b0b7cda3958b7297c0d23ee

/data/data/com.remennovel/files/.jglogs/.jg.ac

MD5 6888acfa6e15277f24db22de89b48da2
SHA1 8502f372a618ee18daab660a88b7230fd637167b
SHA256 436b2e4757de530304419b34fa732fc97db5a8679179c00899257fcf8a90dd65
SHA512 58ec1b76269066ada3b9064ec94352224641eb581f1bffb83b5a783ce09284f648b6e1f84814e10594519f4daa8469ac417a93c2391d00d97df0036a84fbe4c0

/data/data/com.remennovel/files/.jglogs/.jg.ic

MD5 0ae7d5dea6685a91848d93d3dbfa0055
SHA1 a926cb2f60fe1da69c8abda334f813f72ab6b600
SHA256 4c1117fe7dbf8777d610909cc229eb473d9194c4abaa8a1a7e88f8545a26402f
SHA512 8c73c212f14779d6aefa1c3b6e7d48ce15bc359d32254e9c8d97c35d9ca1368b725d43ab2fccc6e58437489ab574d642071b631238c3fd256d4f579605a6cab8

/data/data/com.remennovel/files/.jglogs/.jg.di

MD5 867112abaed31bed9f0d4cdfad3411e7
SHA1 e0ccd18cb7c67084805ac30731a983adce9142c6
SHA256 52b783f7f9539fbdfff2775bfdaa22a9b52aa4bd33318b2eb5a7b1b05f9e3e99
SHA512 8874f30a659ec5d1b2132cbf0173caca565e5e911d8bb362d576d1ca3addffaf7db5061ab75d85232a7d32a13564c011c5ac13f1b4f4c3bb06686006871a5d89

/storage/emulated/0/360/.iddata

MD5 36a2fa447e52944cfd14305c6811dfa7
SHA1 7d0e520ceb1eb662f02bcfaecddce715debb6dad
SHA256 b85086c18b27ef0541b9328a59e4974cb8cccadb831c6dde7cdef97326328d82
SHA512 45616dc813d20a05751b1817a415110c805745f85333b9714eff6b49d9dd82cf2599e19119276c35e3eb38a67d03b3ac60743481b5a2e527655d30836d23c46b

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/data/data/com.remennovel/databases/novel.db-journal

MD5 93575d9a0bf22c2563c54533a4835ab9
SHA1 e30acc703153371a115f549795655f2b5458810e
SHA256 c8fb1e2ccc1e6a51b81119ac8e0d0ae291389a5483a5622c5a2e9ce553629f7e
SHA512 2e492490cf937d9a17a2289f89f8b8b2a763b327cfc3453451b156835924edafa530afc2d003d37361d765436982a8c92e653837c170dab356b8e2a05237e742

/data/data/com.remennovel/databases/novel.db

MD5 716ea1786e10add9035ea77caf376237
SHA1 caff7821bdd621730a578b2565c86aa7f35299b3
SHA256 587860df2210c825d9b06bf25840d9baaf77b17ec4592e41a04d697b090920ed
SHA512 15f14ea662d6198db782c612d18481a1cfdd8c058fcbe75f9f325a6fe801f039e80c5600e28251c899ab79230dc8bc8d110f4df05c50310b0774b0ef00330d3f

/data/data/com.remennovel/databases/novel.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.remennovel/databases/novel.db-wal

MD5 bae77a5193debdf27bad95e1b61712d2
SHA1 48dc198a2cdc8e7aa4ad739417199ba2491d6791
SHA256 6d3fb6ecd4515c289d32f63a1ba2d78ba9b7943863f43a089439bc1367ed4831
SHA512 73d0b1fbf10f6edf089214ee4fedb9aeb8c6fdab0267fcc05cf11738571f403222724be405d6dfa4e4134c5f264a079765e0877d61de0976444c26150966e5e8

/storage/emulated/0/quanben/cache/uuid.text

MD5 1420e65ecfc6e596a707dd86dd235f25
SHA1 31e935c04b0f1af92120485dee7c84c8e7e5f5fc
SHA256 e9b7ce30c81bbcc52f7a3adaa0d5c1beb8eb68fe667df9ee43c1d7ffdf0ad312
SHA512 aca2eae8d60a07163c9c78d9bca6a23d58d59b2bac2e2e28a92a8323c2910f79a4e59909e673ba1a70b6891fd0e70afc22fc4a1b8a83a10852458e554b79d5c7

/data/data/com.remennovel/databases/MessageStore.db-journal

MD5 e7aaba06bffbc4b0268f2ad0848966a4
SHA1 2b1cc38578493081228ace48958ff0e1cad88064
SHA256 3d35ee058d03caa288c2eed786abd763ae9f3bef7a2fe06cf55259cb59cab34d
SHA512 7143dad1d38e31b3d28771201d18e09b203ea6ce40397727ca7c84aec1ba4539282594e9e222662b6ca07515a1e171cf48f15ac604ac25bde163e1a915f5800a

/data/data/com.remennovel/databases/MessageStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.remennovel/databases/MessageStore.db-wal

MD5 41df5edd394c242b99d38ecc4862080e
SHA1 f2e5c24071857c7727645320c58292b5eb13f4ee
SHA256 f1adaee3a04fd3ea3a76d8e28f16b9709ef79a6532f7b19fc8251ab7e8859a2e
SHA512 4834e0d41607ff9424f83afb0082e8ea1e486180bfb5791071f41b6ceaee21d48a12e16f7815516fc8d4fea9fefe333a1a31b65adde7f7d4cc12af19e4b01c0b

/data/data/com.remennovel/databases/MsgLogStore.db-journal

MD5 d436e1321cde9dd23ad7be5a8c047021
SHA1 896c31b41a5eb891d7edf1e15c68cac4ed7bbc97
SHA256 ce9fd398747dcfbb1b3276d22851b1d26983cd7a2608b9fcbb933e948708fd0d
SHA512 fd5a64db9ac8d9b62a3991ca1baa4a9c97abe7813af4357e0e4e42e94a96f1e2fed5b7fbb4677984a6c2ef467aa5b681c265ff1cc76ff87d6a80f9268b134c8e

/data/data/com.remennovel/databases/MsgLogStore.db-wal

MD5 29ff552b019888f89d31a2d546cffc8b
SHA1 4b2b68e8372f9231da3f1fde6b80e1ce2fb1db09
SHA256 8dadf36e06757ff3abfcebe43ede7acc276a0149e6d7ec5438204cef68b67358
SHA512 7607ee388a8a2353822d8ca0e6f05642dd77dfd62732090a2e47b42c142d43776819218efdf2b9b4b7f0f33b4cc361f04ddb0a4fe4866b66310714d7c697c658

/data/data/com.remennovel/databases/ttopensdk.db-journal

MD5 1441e35965adf6131007b3fcc6f81d18
SHA1 23361e410d7289af850798317b7cef6f247586bc
SHA256 3f94f3b4683bf9c1f127b5db3813bb7c7ff82408d8ceb8ec539c1ca6b894580e
SHA512 f70c2dcd87514a5e78264e77fe80dba7a9bb2f5b1f03e6adae2e781193dff2290415489f3f0ea077a27e1b7ff2d02b7e83fe03be0e7fe4339a9eb6859d0675ee

/data/data/com.remennovel/databases/ttopensdk.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.remennovel/databases/ttopensdk.db-wal

MD5 c7ed89a0059d48b94ea603f9f7a83952
SHA1 bab8427071e7d613f4300930e63e5df778a7d79c
SHA256 08cb426ad77036c5329f4bff2ca7466999b22d58c750a42f4a01cced2a04ce70
SHA512 5ced60ec13981327ce0d86bd63ababfbddf70e665e270ed107cb20ffaf596e414178a4384dd3afd33b6f6adfaa344d70aedbe5faa483231aa17da3d35127af82

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 b49fd0c7f246431dfce2e017d7b2a4ed
SHA1 3cf5b69058913bd6214bdf983e511f8a3043c284
SHA256 8236089823983262dde3fe5adb6e259778957df29f13964727f6ea0eacdbb6c0
SHA512 fda7509738b5e01642ad5a03477c9af82afb05f11b3d5d615a68a90a21451f92dca87f1e7941898f4f450605715042381219794b57b25f9977eecc3eeca3ab19

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 4e9b3f337b65032fb6d5882671d0dd02
SHA1 597cfc4de76af1ec5ab33adba107ab58dfdae8d7
SHA256 241994637d7b3699e65cf0d0584e8107b0010c64215c4581830a2c36a1570478
SHA512 29d827c720db413ab49490689e76e219761f184088b474c3f0c8101146c34a3430adb61c12bd55c8d13f99a4379a2b705d9b172cdf00b7942306d559d573d6d6

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 8942b813745d31f11e4b04bf2463b27c
SHA1 2f9a6e924b274211f45e6355313dfe2852590f7f
SHA256 f4a18f57ffcbab1945008831a25ead4bb9fb3909f6b3fa97147b5e28937d6145
SHA512 ded5809cba05de4b50b49ee27b46bc314380c5d91bea8100d4db3e1fd32cfc228e69828a2fcd10be831cc2d02e3530cd5a8c2386e959c795e07193040c9a3732

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 db2980722cc4239b6fb65d53ca2541b6
SHA1 957c3a537262c710bdb5b13a4326ba2d33dee097
SHA256 7d8d75eaccaaafd3f56394413a63b97c7b61e69fcb97ddf1f414e358e65e568c
SHA512 a24dc63d7a968ca379d6f651321cd332d5eeacb62da6eb08ef5d8ef85618e38c7864e75b21119d6e8883f18d7f46fab750286e9635a374455c5e3f0e9b655df2

/data/data/com.remennovel/databases/ut.db-journal

MD5 0370123fcd36d1277c7d71540f6595ff
SHA1 da497cbabe7a57a7556db5b6b4778234054de8cc
SHA256 2f9cf37a57d42f5bef17a50361e518c58b795b40268f95c08c89f577c78bb2f6
SHA512 1ea62bd66904902ab12e7f7b408fd87dc5d10f9fe990f6baace4ed2feab58d5792f507f944285ce8afefff79f3f7a8e74a442191311a83a5e5ff447acb9467fc

/data/data/com.remennovel/databases/ut.db

MD5 38616785cca0600a03205f84fe330b4b
SHA1 6ac41a6bdcae297d56dac5fdde70be5faccf0832
SHA256 b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8
SHA512 7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

/data/data/com.remennovel/databases/ut.db-wal

MD5 56a7cc32f60a493957260ae984d9b842
SHA1 db23b98bb598120f7b64b0453619ac73e0d49581
SHA256 07dccf25be52eb018d44c094a16a7fc189935c8d3c2f2cf07c8e32fee00049dc
SHA512 454e1fcfa4750994cbaca35d169c8a196563654d5185ed48b28c3b753505486fb420831bf2623f552ea467c434565dc72a8bde17505872e1c3921f33db5e65fe

/data/data/com.remennovel/files/.jglogs/.jg.li

MD5 2fa6dae717422b2106649e1192051a9b
SHA1 6b92e4d4a7e9d654a97d44ab3c97735777aa4c53
SHA256 f276e4a307f39398aec306d2eb9ef10042d515f2da9502476d15631d5cd39b30
SHA512 c3ec112c06c8b2de10fb6dada2ff957cd2a660594f59cad519548719d3b111ac31f682a2ce770f1e629d0145d18d9f32318810fb733875a040bf41cd1657ba55

/data/data/com.remennovel/databases/accs.db-journal

MD5 b14cfb99e304e02f488a4fd97da72efe
SHA1 ecd41812d2363979232005e1cfa4714cffd6c531
SHA256 a3fa791a3d0c29fc1aacef72d6d6997ed16f147b5366a1237804f4dea23cab7b
SHA512 2a620233f204f88bbf66a8137c3d32794833f24b84aab3b07b94b0a0ebba2b22516f3662d526fa336698891ec2b6d172ba55bc975778e86c8acc3ed8af97d24b

/data/data/com.remennovel/databases/accs.db-wal

MD5 4c9165a762da22168f5404ce85fcc34b
SHA1 45c41773e332821328a01696fcd5d91f266eab6a
SHA256 8fcdb610d180c0a2328661aa41b1634afea6d6eedeba567d02f2aea161d536f4
SHA512 cc3aff78e8393238cc0208382e8557691b07b5d020e8ead4b2c7bd4ad9b994b6177aab3763e21ec62ded0435242ab4f5f6adef630a4362e6f9c15dc028da7bbf

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 06:04

Reported

2024-05-22 06:07

Platform

android-x64-20240514-en

Max time kernel

13s

Max time network

154s

Command Line

com.remennovel

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.remennovel/[email protected] N/A N/A
N/A /data/user/0/com.remennovel/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.remennovel/[email protected]!classes3.dex N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.remennovel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 datastatistics-zn.cn-shenzhen.log.aliyuncs.com udp
CN 120.25.112.99:80 datastatistics-zn.cn-shenzhen.log.aliyuncs.com tcp
US 1.1.1.1:53 cmapi.dingyueads.com udp
CN 101.133.195.152:443 cmapi.dingyueads.com tcp
US 1.1.1.1:53 dycm-poc.cn-shanghai.log.aliyuncs.com udp
CN 106.15.241.244:80 dycm-poc.cn-shanghai.log.aliyuncs.com tcp
US 1.1.1.1:53 adashxgc.ut.taobao.com udp
US 1.1.1.1:53 adash.man.aliyuncs.com udp
CN 59.82.33.253:443 adashxgc.ut.taobao.com tcp
CN 59.82.40.77:80 adash.man.aliyuncs.com tcp
CN 203.107.1.97:443 tcp
GB 142.250.200.46:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp

Files

/data/data/com.remennovel/.jiagu/libjiagu.so

MD5 50750315eef281575611bc425174b939
SHA1 acaff02526d7b4c257e00002ed09af364f66a401
SHA256 c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA512 60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

/data/data/com.remennovel/.jiagu/libjiagu_64.so

MD5 32a8cba7e6fac645ea3d1fca87cba90f
SHA1 6b01347c0d6777ea644c9859214decf5a00431b3
SHA256 ec2270b007c53f33ec3ae7c49e78fde28a64bf2eaf4309ce60abf9e03035227f
SHA512 018c9c65ed954c48b98d6a42e28f6b2e5850179079497367bca849667fdd69a96a2182b43c2a865ebcbfd8548d6973d9b0d2f9570644a36bc7549b1a420557d4

/data/user/0/com.remennovel/[email protected]

MD5 06277f75e0a4e4f5bac8b5df7cb9c32d
SHA1 96325388e21e14f66d6b212e40052ec6d80d0a06
SHA256 5a5cd0f76f87a871c43af6a05d5130fd555ffee180edfa4154555cc06d18e920
SHA512 bdfe647815235c202fda90f9edffe29b42043b86ef604a900610a309f742403216654eb841a03a8b6b12067abbacb62b0fdeee1628d53a8c30e7eb75879dd7a6

/data/user/0/com.remennovel/[email protected]!classes2.dex

MD5 9df7daf1611e81cc4f576d622e0eff5f
SHA1 eb70ce4682dfbb61cabceb55fb171e05610d8464
SHA256 7f99f82a8b1dad43441ddad3a2925d4469bc0042fd7234d3fcee44aa5677ef97
SHA512 82898ff96522e4f282970decce8716b5452fe1435e44bc849c41d8763444fa9dd7f4147454f85316453c082f0ef02f8155452609da05a21a467136d6c46b8c5d

/data/user/0/com.remennovel/[email protected]!classes3.dex

MD5 49230c3c73b4cb8d5cb84987edffc290
SHA1 ab1480997792da94b2a970c52c97fb271ce98683
SHA256 a3255ea611b63f2599d3f217a23ec0fec39227dd169d5fdf69753f93698b776d
SHA512 429a302e7eb1df3e7e9844f981e6dd2ad3fe30d1f89401311b58354ae06bd21fe940492873e3c6cc7e2e704141402c5fe69cbdcefc9f3f8039d98cad6c8453be

/data/data/com.remennovel/files/.jglogs/.jg.ri

MD5 64858453d0f8c497bb38e2fa7cedf40e
SHA1 2ac39aa782697c5b1ba95385616328ca4af4fe0f
SHA256 1b7dfe33499747ce20ed68a7a3d815fe2b11d29b0744dc47423d4b547d72179e
SHA512 41996171098c2b19bfbce7d3ca576942ccdc4a53f6ecfe07b59ea350ef0625052e0b86c6233325d3430de5a17319916b79a36dc8e364fabadb47565041e39b9c

/data/data/com.remennovel/files/.jiagu.lock

MD5 f4b175a711dd83105d1f5c9f72dc1999
SHA1 f14fc824921347d57f84d28e637aac2990626f5f
SHA256 a2770280cb47c65be8c5b874b9b5f352acc8a58afbd7a2eaa7c0efffc5199d91
SHA512 972784cdac4728e163b68347999b53f1d9868d011149111275aeb90b8b7490f38af9ea765158da4272d5b819b24ed9aa4816637dec5fe00f36d4e19073e1f679

/data/data/com.remennovel/files/.jglogs/.jg.rd

MD5 07844c1d1d5370d775c6415356d77568
SHA1 d7ca48e57c3f4718c2dab528e67966ed7ebcbd55
SHA256 5fd3e99884618509d6ac7094d32f2b1571febef57cf84f89ff646a954e9737b2
SHA512 b15f23c99937e726bdaa1100bc6a2cc32296ee6eeed280e44f285700570865b96a7e9ce20dcb1723ba948c43551660dc3d43cda7a51167aabc60c797c51d1b6f

/data/data/com.remennovel/files/.jglogs/.jg.ac

MD5 6888acfa6e15277f24db22de89b48da2
SHA1 8502f372a618ee18daab660a88b7230fd637167b
SHA256 436b2e4757de530304419b34fa732fc97db5a8679179c00899257fcf8a90dd65
SHA512 58ec1b76269066ada3b9064ec94352224641eb581f1bffb83b5a783ce09284f648b6e1f84814e10594519f4daa8469ac417a93c2391d00d97df0036a84fbe4c0

/data/data/com.remennovel/files/.jglogs/.jg.ic

MD5 0ae7d5dea6685a91848d93d3dbfa0055
SHA1 a926cb2f60fe1da69c8abda334f813f72ab6b600
SHA256 4c1117fe7dbf8777d610909cc229eb473d9194c4abaa8a1a7e88f8545a26402f
SHA512 8c73c212f14779d6aefa1c3b6e7d48ce15bc359d32254e9c8d97c35d9ca1368b725d43ab2fccc6e58437489ab574d642071b631238c3fd256d4f579605a6cab8

/data/data/com.remennovel/files/.jglogs/.jg.di

MD5 12bd8801b04f0249e3ee9bbbed3fee5a
SHA1 944acae17450d028ac41b6712913041069cfa04b
SHA256 9466515e4f56be42e99b4dfc003ca67f6701d18e8bd9d43d0619c76d57fcbd43
SHA512 14193bf0f5b4fd2dc79c1630db4cef7135dbcebafde03b774023a9938d8d73cffea8932700419b137272ac70093eeca6e22500a9d10c574787989a2180c0e109

/storage/emulated/0/360/.iddata

MD5 7a4b693770f6c6c1f9ec3d8b8e0fc870
SHA1 d897f704a93e8ad464349f1e267c69964b49b96b
SHA256 4a62cbc67ae7f1e38c9053aff2a9bcc515dbfb8b2105c6abca5ded27632d7ccc
SHA512 18c7a491fbe41dd2fa19a5e3410d329c30baf9a43d9076fd405ed683a93dea865783441248aa94010e780f942e82ced5de1d614ca8a48daf299c9fcae29cd9a0

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

/data/data/com.remennovel/databases/novel.db-journal

MD5 9e76a3440eb0098da1803422a25d773b
SHA1 8726e365ce0b925f21b6bd15ff7e651be69d2cc0
SHA256 880dcc59fd297b22e5d744952157da30b5c348f0b9a06553f447bd8504d629dc
SHA512 d9a3410ec563dfadbe1b39e3ba4f5994a41fd868f1dc06faa9e2369f6126fc217de038611cd37d3b80b3e5958d479d5bcdb68754212b9f96923dfc516b155bf0

/data/data/com.remennovel/databases/novel.db

MD5 2a366fe9ed321e84ffbc3890d8de9ce9
SHA1 6549eb9d9089e7d96bf73eda6c9be8026eb70529
SHA256 162c26d9008738f619a82fedc8618c88779591d305ffac9ee937ceaa5733d306
SHA512 41699edac063c8b21d5b918a32eabb77e139451ea5fe9f7e47c66edc04afe25597e0e9b2502b9a8bdb0e72d7911a9705c5c16288d6c339a83e9af4e92daf5caa

/data/data/com.remennovel/databases/novel.db-journal

MD5 47a3ccea7e76b2f83bc0d8660d120155
SHA1 bf6645ffcb4b53750399d7211b572a6f1df5d9e4
SHA256 d91b3a545a8ffb6c3fe193e8848c1bd0969b3dcf0ee27094444d23943737754f
SHA512 a410d99aa5bfa698e041ad7269d272088bc2242570466ca4c406de3e9ea8bc7fd701e04e993b05dcc8dd71bed730b5a823fd89ce2eea83153aef6171aa6511f7

/data/data/com.remennovel/databases/novel.db-journal

MD5 f32e484e7cb3d007977106185cf957ee
SHA1 42180755d4d2a45ff8257fb26f8c8b78face5266
SHA256 1a2bbf6f16b4288f1cb126b93f6adb2eb082f223e4e6ff3f88b444bba702c43b
SHA512 b7c21ae290da71cdc13b26850e03d3fa24d80313996f87b65ff2b58475edf38e66f45846c5730f93ccd052e004bcc2d0506a4201e4982fc42b128224e9dced75

/storage/emulated/0/quanben/cache/uuid.text

MD5 e417956e480512b170377c63f47e59fe
SHA1 b658d95fd984e4dde68507f687985fd728263284
SHA256 1d87378cbd86c3462b45b510af49e459490ac19ad7db7b2c2a746ed80274cd64
SHA512 82da8877bf609f62c166dfa03b50002fe7000fe222c2e3979918f60b3c89d30db08ab3f9b390fa5b2a039d553a3806f1ca2215ad282472786f1212802ded9edd

/data/data/com.remennovel/databases/MessageStore.db-journal

MD5 290f8482f07304e7f82b2563a51ebad0
SHA1 55780d6b967be786bc2f0a464b5d5d855fc1598f
SHA256 5afb426b285fb7016a596e1300ef638feed69a9b73cd2379a489a38a90922040
SHA512 2c9045ea7b95c4c94263921d8575387424b7f0d200d16da9f1dfd52513af1b548e78bcc3e9c79587af75c6c69e298e8ff3b35b2fcdfdb79f31f60d6b878cffa7

/data/data/com.remennovel/databases/MessageStore.db

MD5 15669eb47bb19111cb64fa7508b227d7
SHA1 c7585424afeb0fc7051697b771eb3d81e0e3aae3
SHA256 ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071
SHA512 13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

/data/data/com.remennovel/databases/MessageStore.db-journal

MD5 171999aec70145d919b4777b952c5621
SHA1 32cddc62c476e5e302ce9ac7cf41f4b25545c7ff
SHA256 b243f4622c7d684a6757b46e2c8670265d732da0cad118b89ac73b61083e5fc4
SHA512 c7530eb109741269d69dd3037156c2f1990593948028f4cae09a0e4a633e832e1326c23e9b7cd4c47b5e491233f41c6bcda15bcb4c494a180b429baa9ab67b1f

/data/data/com.remennovel/databases/MessageStore.db-journal

MD5 1c0ab2ddae10c28e8a4fcfe58573db39
SHA1 dd65cb08bdf9fe244325c703b88ef24825e66bc4
SHA256 526fc292b4e4d56f649f2cca236a5b9ee7c82b12dc287ded0b5ec25da5595566
SHA512 bfb322c2fd359e007e6ba768b111570031fdd5789296f9937c2f3c1408fa61209ec02080cb186eb859198dcc40e7da9460c1157d977ca9784f01db9ebe448494

/data/data/com.remennovel/databases/MsgLogStore.db-journal

MD5 e8456ac0ee9011280d21c3813f90e05e
SHA1 5e79cf608262fd7206e6a90f318e728b547186e2
SHA256 d74cc05ad08e9e961bb231dafde8fcd2f5411ccce471f8c90fdc30b553e2c959
SHA512 b9a6d1c2af187c677e83361d3c683b25f6071fe92eed840cf65c64b7364d09d72834fce5856dac1c180bb8b1f3cc8ed68b8bbcbd58af6546b35733dc91630672

/data/data/com.remennovel/databases/MsgLogStore.db

MD5 9cec591e3ef91ae568f4cb6e7c2a8745
SHA1 ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA256 05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512 f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

/data/data/com.remennovel/databases/MsgLogStore.db-journal

MD5 f54fe14ab181857bd38fd4cc28245e76
SHA1 27aebf9cc963c1a35f41ccaacbf2d6ba1dee5be4
SHA256 c2868dc883b3ca733923331a612bb330dc897f826e163c096127bf46f40e8af3
SHA512 ecba93094330f81c3819eea10968cc8958cf1444d2bc6d06222ff2f76a65fb871a4f482d35b2e85f050049a0d82fa7a0837e3c7ed2c2693b54ab9b933edc9b61

/data/data/com.remennovel/databases/MsgLogStore.db-journal

MD5 1e5f3dcbe3d0a07658f02c1712874cc9
SHA1 e3d023f6e64f4b4d58be9f7a0b195183759ceb98
SHA256 2b53b6cc5f04ecb7dfbe6d578b13a4d225db60cbf1cf42eb9a54744f86e21e81
SHA512 1f24cda3a08e4187e620d2ef982904a2a31f034aec85be2bb73db860698729c42765f6bc6dcecf8ab6d84782ad771c08a495e625878583c321206f6db990ac58

/data/data/com.remennovel/databases/ttopensdk.db-journal

MD5 a03aa251f9430430b71b1b968fc1c945
SHA1 1719bf9ce91b9240a165a670eaaba57a0dd0f4d2
SHA256 f132e0b22162c020a2bd6b7b8bec905c21c52dd54d38c937dc9eacac79d2362f
SHA512 d95e371fad985880a6c966b91a71be33dc0c3a2278eb5f58c52c47f02b4dcbe93e3d788807f16b5a30efb1e9ebb9c390535929cca4d4be213e963fe7142a0d01

/data/data/com.remennovel/databases/ttopensdk.db

MD5 0362ff8c522fdfde856794ec7129548e
SHA1 aeed20c7416c53f2ccf5c08ad2c5c4cd506c9ac0
SHA256 a9970743680fabda47cc591171cdde116d84014c399b5799113bdc59d75de29d
SHA512 fcc315662b8d22224ae5dee22d578ff9a66077939a19ff83058d5894bb1c4d8a648974bdbc6d5ebed5f8a35af0ba0ba4d6c666c27c7621c07065ebdcd5c01857

/data/data/com.remennovel/databases/ttopensdk.db-journal

MD5 2a78e6c1e04840127c8b1dbad3aec729
SHA1 0b8cdc899c313ed69cc7fb1fd74fffed07150718
SHA256 f85e6602bcbf27c8772be7338c4f916af910675367f89ca7bc9cc0fa8b8bb59f
SHA512 32a93ec473abe123dfdd444b51ba76011f1af7607fce103bf157096cfa4a97e63d11052fc2159786f6a9022f3970515c15d0c9b6eaf74b1224bd0000d7c20ee7

/data/data/com.remennovel/databases/ttopensdk.db-journal

MD5 75283e6436d44ce190df337981f5f479
SHA1 d623e56b94b54ea15b992a1cdab513741bb13544
SHA256 e19626f504cafaf8c57ecfa22fc04f3d15fd954b39e06b4a43649ad103f515b8
SHA512 617c5bcc8675ee19dd39cd60726a2c3d5ed1a2adaadd112d3906faf0b3ebc7a396773d0dca0a5d264bf8cf7742e32da020836e4cd1d2483caaa6853abf5751a8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 4a5e583e065ab5f8ad91e1081755d7b8
SHA1 65086dc809d0e8954ebf5a42b287520d53162d5b
SHA256 6670c9c3c2cadc131c2cc709d51187bf5cf7cbed103f8cbc128efcef95699a13
SHA512 e4b362e81b97c7169a4d6d82ace60ffe221e5ef8bd36a962a1596f3cd892610a216d4f213f32d0c969ce21a48651b0b806e08e5e27fea96092e2dda6d398b954

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 673ebd85e5e3d0dd9a7bf9f071250334
SHA1 b8a1783d41ac39578d62e27ef3cfef9373becc1c
SHA256 87d97bed467467d01c4bf8042979b6c3856a222c15d3604dcb35974e3a04df6a
SHA512 eca171f7efc4ee290aaa56be9039c9e0ec11f7ace7956efb19fa6cce1ec90f6c7a478601176580dc2d6a5d18fd687d9458efded680cb3db3ffeba894be8c2930

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 44f8c1fe209dd68fd45e9d1af4b73f3b
SHA1 7207e31cbd1b64c4d688213a88b9156ab47d6128
SHA256 a84985f7e6392e79ea12b944913a9041df465a71403f2691804bedcfeaad43a2
SHA512 e2419266460fefcd237fd34471c0e5541e8cb4c513687853cae71bf8a4fe18501d9b7166e3b2c670c99634d76bb45af15620be2bfd9bd0c04f08d09b75d2e22c

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 3330ce3c4be70521ac58504a7fa6c753
SHA1 49aecedcfcbf8b86466439a1c49eebd3f424805c
SHA256 af7593b55acaf8ff422f72b86721b3a4138d1b5ccda6304091b2c84459dc60b8
SHA512 ef0bd67afdca8e113f47ddc20d0203e4a8cb817b0690db2d89056208aa7601c189f8bd17fcc7ca74b95306cc454f92fa74bd0f6a831ccaebfb5f9b62fe6fe4c9

/data/data/com.remennovel/databases/ut.db-journal

MD5 0112212a1daeff2c08c9cd37a3034e0a
SHA1 e3826a27deb23d8ad569b1fc5094db774f26bd71
SHA256 8c81bb861dc99bb974de8f1dafb17caad8d126330fb66ec6a9fb8f0106a05e7b
SHA512 2f9033d0f28cd30a340905441b3fd0f48197778fee92bd1444b60c12a39b1226ae9ae4852c9d88896f35a797ef37cdfe2758508eea51ff08e6ba429fd17d0de9

/data/data/com.remennovel/databases/ut.db

MD5 0f39b3e5801c74f4608f4347f15d52b8
SHA1 b6cd0dada2a34467570f439cfc2be19b78cfb73a
SHA256 bc203d02bdd554fd1f46fe56480181eac992238d9c0d02f55197bdd080eb1996
SHA512 e053a66c7800e860151c0b8a947fe41d08af960cee5f1448ad00827b2990d97d4248e07549136531e12154470e5f347418525a21c6635f923bf74026ce120042

/data/data/com.remennovel/databases/ut.db-journal

MD5 015199a40c46ce5ee34409bc4c798277
SHA1 41e16652bb441e3b6dc9c27fb6b495690b34d7a2
SHA256 a9156dba4b174a00de50eac68e757a38ddbe4f38a79b37bb69a530c211e51a75
SHA512 86d6619edd60b7b95ad963f7681f91ddca6934b9442b86fc402119aea3f2b86af945cdbefd3058fcfc64a5958f789c02e0306d5cb9ffb5e79c8a1e808a11e954

/data/data/com.remennovel/databases/ut.db-journal

MD5 cd464db03493a1879b7e9ae4b6618c8c
SHA1 bf812d936400b81fc4a8fe8f1975aeee20b3753e
SHA256 95201d373c226970f2a0232890427847e3174b5ba4c1cc56a1c19ec95290650d
SHA512 28a128bda2b82e115e0e7f0624a3dc299e479fb27487b39458840430319c315775b79499dfadd9c9e19f720b1a75a2e009a3c25458347eef4a80947792778a14