Malware Analysis Report

2024-09-09 13:46

Sample ID 240531-na737sfe3t
Target 6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e.apk
SHA256 6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e

Threat Level: Known bad

The file 6b02cf5510e6ef3c61b6b785ab09d773636ca5e072f1d3d3ef75ae64a147676e.apk was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat trojan

Octo payload

Octo

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Requests modifying system settings.

Prevents application removal

Requests accessing notifications (often used to intercept notifications before users become aware).

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 11:12

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 11:12

Reported

2024-05-31 11:16

Platform

android-33-x64-arm64-20240514-en

Max time kernel

179s

Max time network

178s

Command Line

com.themfriend3

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.themfriend3/cache/jgipdijdja N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.themfriend3

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
N/A 224.0.0.251:5353 udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.110:443 tcp
GB 87.248.114.11:443 tcp
US 151.101.193.16:443 tcp
GB 163.70.147.174:443 tcp
GB 157.240.221.16:443 tcp
NL 185.15.59.224:443 tcp
GB 2.23.161.98:443 tcp
GB 2.16.170.34:80 a.espncdn.com tcp
GB 2.16.170.34:80 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.200.10:443 remoteprovisioning.googleapis.com tcp
GB 142.250.180.4:443 udp
US 172.64.41.3:443 udp
BE 173.194.76.84:443 tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
US 1.1.1.1:53 9adiletasarim.com udp
US 1.1.1.1:53 6adiletasarim.com udp
GB 142.250.200.14:443 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 7adiletasarim.com udp
US 1.1.1.1:53 8adiletasarim.com udp
GB 216.58.204.74:443 gmscompliance-pa.googleapis.com udp
GB 216.58.204.74:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 7adiletasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 adile56tasarim.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.195:443 tcp
GB 142.250.187.195:443 udp
RU 94.198.53.3:443 7adiletasarim.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com udp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 142.250.180.4:443 udp
US 1.1.1.1:53 voilatile-pa.googleapis.com udp
GB 142.250.200.10:443 voilatile-pa.googleapis.com tcp
US 172.64.41.3:443 udp
GB 172.217.169.78:443 tcp
GB 172.217.169.78:443 tcp
GB 172.217.169.78:443 tcp
GB 172.217.169.78:443 tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp
US 172.64.41.3:443 udp
GB 172.217.169.46:443 tcp
RU 94.198.53.3:443 7adiletasarim.com tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.193:443 tcp
RU 94.198.53.3:443 7adiletasarim.com tcp

Files

/data/user/0/com.themfriend3/cache/jgipdijdja

MD5 41be45dc021baeed4b7ff86c543b7e81
SHA1 ebbb4386bc4e35fcbc1f3569e16bfe4ade23f1f5
SHA256 507cad08da8b063e1eb7bd7c274a51478b0b14b64378c1125e42d5fb55ee4b20
SHA512 d7d03fceaa9d6ea3c34b93d8e891ed4b80b6298e99950bc3f4d4dec726863a9172a9629d154c9d8c22efdde45785c9cd261847343aa6eae508c9ced4020cf8f9

/data/user/0/com.themfriend3/kl.txt

MD5 eea1f16688e097195a36849979265bcc
SHA1 ebcb20c42a0ae8c6b293f579678578a34c3b0b2f
SHA256 8025d8a7e2a0a11f142ff4545d7002c1827cfa640a7037229b0dc9e4dcfbc8b0
SHA512 1305798357de353664a3bbec6f104612fd1ebcef1db27b2f40b2faab34d4a4279099ca4bedb25c171c8d8807aee19bc805732551a70328e1e7c28cf5109a28ca

/data/user/0/com.themfriend3/kl.txt

MD5 4591bc0e61a8b629c3ea92f2f6ff945d
SHA1 4a815b76b22eff3be30ec55906873ade517b239b
SHA256 368d4a85782aafacca89d8bae1cae2257bcb855befee2cd1547e26867f91a298
SHA512 45f24540317f89f5f3930bad6b7df1a4bf5aa7adbd4475376b7582d324f331326b2ff3c105b71746707d53cae0486f6742172d9d3e5c63efe33e5203243c7f0f

/data/user/0/com.themfriend3/kl.txt

MD5 751a8a8cae0c7615e6658500c816d240
SHA1 467f14de5066bcffcf3b22a1bac2b7385dd921b6
SHA256 8e93093778fc2c2885f80f386f6450421e20ed785722d346306e8e1d470a5280
SHA512 2b71245b707faefbf3cffc63bb54827ebfa7979d15744be1bd3453f692628ce68bfa3dd11b1c41feb92dd4b17f84f6f26a5cf498be7b689e7dbf1cca035d02e5

/data/user/0/com.themfriend3/kl.txt

MD5 85d86ebaa90e003cc657b1a0df294362
SHA1 12472f13e8c0c4ac988283d01ca8e8b5f0973341
SHA256 dcfb297c7425984c5c3a135929f17e2b480ea23b357559a5b8468c05c6eab4d5
SHA512 0198278dbb3df1a316fdb4385fbaeda2b6640a9eedc3b4ac665a7515e5df0c99ca4785b40ca051c6f18a04dae810e5bb0df6d234cf14ab9b4c652a97c6c61844

/data/user/0/com.themfriend3/kl.txt

MD5 269e461b519fda1ed59935584c91c911
SHA1 7604cc6f8a9d42d4582e1f8276e283aa3abd954d
SHA256 19b10d0de78382e354413ced7ac69475f249e6d9ea93586ade806a80a04a9237
SHA512 540d3dd7917e431de8e08ba38087b73de334a7fc18785851122c717c474b67d299c79747b52ce1b375c27d44d682d4bf313918888ce25f44bb2450d4d877be36

/data/user/0/com.themfriend3/kl.txt

MD5 e1d7ba3f071de3adc65fba6148996ba1
SHA1 586ed36ac07c414e9b44e72ad7e1692059cac8c7
SHA256 ade63970322fff0831d8f13cd96ad22f38cc679fb2bea1c9fba262158930cd81
SHA512 cce25ff1df02ce752ef2bfa0a1e25a1cef23d6cace5fcc215e3f7ac127c205398ff4bcc36c7582221e6a5945aed1cbe41d1eb9e6f633fa1cad7935466d5f9c31

/data/user/0/com.themfriend3/kl.txt

MD5 357e2b31b4998c573af6d7ae7e5aa6eb
SHA1 ee6305adc75e79d43fff1ea55a77418f0fcd2a8a
SHA256 594d03677cbaabe6a215117faa0b4d170b2fe859e27ccc51456b9366f306d88b
SHA512 1b9e6de20731a6c4c045d3470ba4367d41ce19b8cc7969a989114e69b26bb70e9c9244237e20f5de65ff63b546fd2de2b3d7d27c66a1a38be5667814c7d56212

/data/user/0/com.themfriend3/kl.txt

MD5 35b32a32cb50ff5ac1d990617c972cec
SHA1 010da5dd060b962a0c299189ae51c708fef1d82b
SHA256 9519f45f71d7fb79a1e10c5da3b8927108fe82978077ebafd182fb682248f559
SHA512 c88b5aa7167562be362ed1b9067dfa938abccb8340026683c0f9864e103ac3469de00c0ed387bbf6fece4714e497f2a0b55928585dfdb4ed2f0279df4b28717a

/data/user/0/com.themfriend3/kl.txt

MD5 064bb441ae499ab4af4288a4f2b6c6e6
SHA1 8b9fb69d0352d2e40a328b663e017bc759e785f3
SHA256 a6fa88b1a76f0c53a42016d0c96080b39dadcb4bbaf5ef80a98ba3afeabe8ba9
SHA512 dc745f6d20facc5ecc1d55b78fe7bfca70ae2425cb4f869823da14f0bd76889d0125141c602eb69da4cf7898ccb556b2b9fca8a39fbcb075c76b14490672f622

/data/user/0/com.themfriend3/kl.txt

MD5 5c93dd2b3a88f98216c3ad2c67384ad5
SHA1 f170f977dde9ee9043976828003d65d42ae3754e
SHA256 be6f5d9d8ce9b1bf83ddeeb6b0606d386c70318e2b7585e2d1a9974f4a79aa87
SHA512 fdf2ffb0ebff498698483b2cafc0dbab469caca373e51f18d8a47d4d44bc30350a000dbe82c7ba9a4f19127f977cdc82204af675d8519b7f4613dd0b8d0ae278

/data/user/0/com.themfriend3/kl.txt

MD5 83d02aa0984789bb6baea3b38204b3b0
SHA1 b19deeb92c06c899fd6b9296ea6f35772e5ad5eb
SHA256 eaede65de3743844e1bd09d218059bfc13a30011e1224b0fd57d427590c58e78
SHA512 69f0a214819ebca49a28344f6552d73962e9bf62cdc0fac20cd8ebeb20017d0da13250556b17176422ea8797e36db0217e3cb3a32f71efa427636ba693c47d28

/data/user/0/com.themfriend3/cache/oat/jgipdijdja.cur.prof

MD5 710d236692e2431a2ec82905e4ca8367
SHA1 33bbe2a43ff58159075e40a6b5c68f08501e352c
SHA256 4889d10de548c190d920b82f1c1b69be4819c958a4a06b0d2c020dd2e352572b
SHA512 2ee3c5edb1d2519640d4fb87e1c188bbf5c77d0fe4658d1fbcf7fb91d209a879da5f7952d721427ffc0739697e7a1700a7b17573123eb387f032f071d7e72fec

/data/user/0/com.themfriend3/.qcom.themfriend3

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

/data/user/0/com.themfriend3/kl.txt

MD5 d50cba38b32d73acc982a33d9d42e3a9
SHA1 c8a7266135ebfe98020b6f790ffbe2c77af400e8
SHA256 ae9728027d9f094c5e169d8d6fead3972b325e602a9fb2f0beeffe77e9f9890b
SHA512 e3fd014b2eaccd917e8bbba3709781f05437db0fcee31840057378024b73118265739c3603eef80ff9c205d3fd78f609795ad5dfc736572039ac1a5eb99ef521

/data/user/0/com.themfriend3/kl.txt

MD5 7f690a5c992929b38177f1fda1b082b9
SHA1 a9adf6a020310df352bdac19281d5f00b5cfd108
SHA256 ee035ea917c9b4080b9684893ba9bd30821b1b5434e04da2d444d3b716e2e01e
SHA512 1c2369ec2a76e59abdcb5a4db6153ba268be89ede542124700963998c3857725b663dab6bce607d2138ee47999286d630672b9835620515278a9122bd3a1ac3a

/data/user/0/com.themfriend3/kl.txt

MD5 7c3aeff9729b6db13a92551f9b053931
SHA1 977584eca47632244836ff1448682e12ede3bde4
SHA256 fea53a900cab83171e208fddd1ce1a689e704037726d43cd6d2ecd8df022a295
SHA512 7cde79dbda995730db9194fd8ec98c565537fa70ab4e07546bcd3855375e526786adec247dc038e1f2ab0efb6815bce6a7255cb284c4ebbef2b04bc8b59eeb63

/data/user/0/com.themfriend3/kl.txt

MD5 56315e50ee00d0eb3a83ffa30c64d2b9
SHA1 d35ad6c02a95f04c36b5f6abe839a87450cac48f
SHA256 3147a3054c7669973d98f5331cb7bcbefae4844b9994e941c33cdea7b2920b40
SHA512 3cbb03c9b6e93916fbf3151a097f04e57b2fe723723a659d4bdcd3f93fa73f50a912563859694ccad4ce8f19d34802261a5ac85f80377b1c2be94b9cdf234e49

/data/user/0/com.themfriend3/kl.txt

MD5 d38dc8238687002e6ca7661029df57c0
SHA1 0c32a9b743ef4445cd2e4d4e16a73b67024b54fc
SHA256 67c4e6f44107cd2378d0a3089a55cfa179e1397aca03531137f2e1d3b49d22ef
SHA512 6199756827ed2d27ce75336dc3657e2a5eea488ba78224c70cd781ec216b81591dddab5571c29b5e3c010b609f6b7c71b0afb33395fa488d6168ea409e8eb500

/data/user/0/com.themfriend3/kl.txt

MD5 2c002b5611e5c64d502050e443a7e846
SHA1 88808714448c31ea5bce61c5e071133191e14999
SHA256 aab031e3ea8ad2b76a6f4df4a20c581a2a66f848f027415656b39ef906858c59
SHA512 e94bcd5a2899909ebf85a5f2da77cb61a7cdfd071ebd04792ec046aeed9328f2ca14e7469061dc9a8b06882ea222bdda5cb9f7e22b8d0bc827bdcff0a01f5658

/data/user/0/com.themfriend3/kl.txt

MD5 d39da536e23c23d24572f3fbfc405f91
SHA1 72840346c3c7cce3b27653b263476cca7548bd56
SHA256 f3c6ac87a5c888e7b49df6660fdfb66350f683f7181d35272de3b7423753d450
SHA512 3eaaf81f61f4a775855bf64510bd682aa25240274df8dbf85fa18e564ccbbf60a9b0931227e7343b55705a0215861c5887976831dddd39c28d255e5549614b82

/data/user/0/com.themfriend3/kl.txt

MD5 b6d885af74b1bc51c7669a078ec3af5e
SHA1 2e71c1f89b6f4f2bb2d27de8bf32039c25c7c929
SHA256 de263a5821ba1aacbe42d48e95f87bc1c2c3df0f76a8ff132fb02e73073a55fa
SHA512 4e6b9d3b176b209e359786ec81e45d059908f4b917a1ecce9e7b302fe640a9590c1d6519ee5e6180475cc526f8f7045dd48d55f33fd953ec257148bfd5488921

/data/user/0/com.themfriend3/kl.txt

MD5 cf9353f73bfe275fcb7ca3662e3dca9f
SHA1 06841a39135c2aaf24b03f325dd421a799e83c3d
SHA256 d3dc0b2c907ae3d2b0f05433ad60e9fc984e6ddbb1f67a2925e78d5e8668362c
SHA512 c7a84bf6908c50417a438f42c285a6c206e50ca78fb0d7b017bda3f93742db773985df76287856a866f686aec1cca15f3ec54a20e2592146d2c8e74263d3c3b2

/data/user/0/com.themfriend3/kl.txt

MD5 1ce23c336685f6661dea776ae4e196d3
SHA1 0f567fbe8616d569a4dc132230bf2df2b0e6fd62
SHA256 8e08711c04339d16a0b4f3db1502283485b405ed6d7080d1add1e3bf583a9dec
SHA512 e86d464496209c5a162de53f1dcdeefe47928e3cee41c4541a71b93e73baaf0395b5aacdccb5a17bb3127cd842296f515c0252a7c92d1e71be603d2a526983bb

/data/user/0/com.themfriend3/kl.txt

MD5 001e02109d5dd20af6b76d040ff5d355
SHA1 45730e777f0c8dbccd65f97f0dca5809391b8339
SHA256 dcbfaaa29f912650c505a7efd1fbe5e41a8466106fd4dfb0e0eeef8631df6669
SHA512 2cedc16bac1cc71757a3f7bb592763d6a42f69d45a0f82102623a2b838cf26d96b3b923697ff85e6b7baf422aba0b26df503251a7b5b5859f52a988143d6c355

/data/user/0/com.themfriend3/kl.txt

MD5 9371a8868cb26742f74c505fa001ca19
SHA1 e50441668d8a86d35cc33b7202b033744f71ce93
SHA256 406228603c94ac2430bfe3a5560ebcc2b19846f295c52eff2591bf6f68006b93
SHA512 bef3a8666935b4cfaa1d78d104c3cb992570ae70bdfaf385637e54b654a485e4c3c47c3b2f912f18d292045dd304d4dfd5d1286617d093e6a345bbc7c7517e16

/data/user/0/com.themfriend3/kl.txt

MD5 d928078b03ea7ba18c1caf576e432988
SHA1 77de617b8a885e13607a92a1fee874251f477b02
SHA256 2fde928fd4169f03be4a6a32d6ec7405015cbaab2fa5c28684fb5f2cb939db48
SHA512 c72e5ff3ed27fb87af7136d84f452a594393100666ab420096e677a2e05eaa35748914e7740ce8b8598d8f5da8e38a01a4ea9e2afe0f8fb723346447511b44a0

/data/user/0/com.themfriend3/kl.txt

MD5 1aff8799ad6b39810b4cb12efd50ddfc
SHA1 2210338cccb9b9a7907ebd8ec4fb321b907501cc
SHA256 f34988f284da3467f92ad550c01f4eb640714a670adafb1f6e93c2a21bc052f6
SHA512 8ef12149a940b35769b042f59d17d9616d3a9a941c64f109ea08e4b3610bc4014c71b63cd3d9238ef708c6260c6ddc6313b2ae2ba8bae178c39f3d9d62c5689d

/data/user/0/com.themfriend3/kl.txt

MD5 c26d396546ec6afbe4efb7d2458d9fff
SHA1 7a9664c6536b273568ef8ae4192bade15e3797b7
SHA256 ca6fb4d208807273bdf943f06cc672f671323a45a3bb845c9686f173f358d714
SHA512 c12e3d1ff6e315ecd5876c0fc05b417a3622a1534d1ad44f2fe27b36738ca4c3958856479e6ccfbb9e71d12a508c50be78ea15a12fe811e463c74d6e25d6e9d5

/data/user/0/com.themfriend3/kl.txt

MD5 ca5c52654927fec686968f3c6e595440
SHA1 a9667d80d98ce4a2322067c162922dc2a71ae046
SHA256 51772ccb5ff309a4b918f5bb76979f822c1868c2da9fcc21c22e167d97a52f50
SHA512 c16a54c5d8b67ab260d7a6f9022e0a07c5b9833e8bd9aaa98d54d48209dd40b886a24d1b698005d3d87feb1f3bf48a927c3a0c8bf95665fd2f3b1351ed80e8e8

/data/user/0/com.themfriend3/kl.txt

MD5 2b029b77b8ec700a14ef17bb95677cb6
SHA1 65e2d517ffa4b882fea1ce35faedb725fcbecdca
SHA256 84a84e73462f63fbab905b5e51de09fd6e1677cd3b910a7f195886599cba8999
SHA512 eb0102b1792d467e8bd4ea4a14ac96596183b26cc46fddde3d8d8b5db90ed30379225e23e5dd2a410e2f0c84be8e884085c23b3a8ee75e5ed2864b2f27e5cbf7