Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-r7rz2aah85
Target 986fd42a6897e6a5f8d72d6692d747d5_JaffaCakes118
SHA256 dbf4eb349268398dccbb2429b4b9336d904be24c558347420c9bfda48930dea9
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

dbf4eb349268398dccbb2429b4b9336d904be24c558347420c9bfda48930dea9

Threat Level: Likely malicious

The file 986fd42a6897e6a5f8d72d6692d747d5_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Requests cell location

Checks known Qemu pipes.

Loads dropped Dex/Jar

Checks known Qemu files.

Queries information about the current nearby Wi-Fi networks

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Queries information about the current Wi-Fi connection

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 14:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 14:50

Reported

2024-06-05 15:06

Platform

android-x86-arm-20240603-en

Max time kernel

178s

Max time network

192s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip N/A N/A
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip N/A N/A
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip N/A N/A
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip N/A N/A
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip N/A N/A
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.xgbuy.xg

com.xgbuy.xg:pushcore

cat /sys/class/net/wlan0/address

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip --output-vdex-fd=71 --oat-fd=72 --oat-location=/data/user/0/com.xgbuy.xg/app_SGLib/oat/x86/libsgmain_312768000000.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip --output-vdex-fd=94 --oat-fd=95 --oat-location=/data/user/0/com.xgbuy.xg/app_SGLib/oat/x86/libsgsecuritybody_312768000000.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 log.reyun.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 124.70.128.38:19000 s.jpush.cn udp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 a.xgbuy.cc udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 nbsdk-baichuan.alicdn.com udp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
US 1.1.1.1:53 acs4baichuan.m.taobao.com udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 downt.ntalker.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 59.82.133.78:80 acs4baichuan.m.taobao.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 59.82.133.78:80 acs4baichuan.m.taobao.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
US 163.181.154.229:443 nbsdk-baichuan.alicdn.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
US 1.1.1.1:53 t.gdt.qq.com udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
NL 43.152.42.165:80 t.gdt.qq.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 119.3.253.130:19000 sis.jpush.io udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 ynuf.alipay.com udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 47.246.137.13:80 ynuf.alipay.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 adashbc.m.taobao.com udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 123.60.92.210:19000 easytomessage.com udp
CN 54.222.166.108:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 123.196.118.23:19000 udp
CN 59.82.133.59:80 acs4baichuan.m.taobao.com tcp
CN 59.82.133.59:80 acs4baichuan.m.taobao.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 103.229.215.60:19000 udp
CN 54.222.166.108:80 log.reyun.com tcp
US 1.1.1.1:53 wb.110.taobao.com udp
CN 59.82.121.163:80 wb.110.taobao.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 117.121.49.100:19000 udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 36.156.202.73:443 plbslog.umeng.com tcp
CN 59.82.133.4:80 acs4baichuan.m.taobao.com tcp
CN 59.82.133.4:80 acs4baichuan.m.taobao.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 54.222.254.29:80 log.reyun.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 182.92.245.193:80 downt.ntalker.com tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
CN 59.82.133.36:80 acs4baichuan.m.taobao.com tcp
CN 59.82.133.36:80 acs4baichuan.m.taobao.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 59.82.133.157:80 acs4baichuan.m.taobao.com tcp
US 1.1.1.1:53 log.reyun.com udp
CN 59.82.133.157:80 acs4baichuan.m.taobao.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 182.92.245.193:80 downt.ntalker.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 123.60.92.210:19000 s.jpush.cn udp
CN 54.222.166.108:80 log.reyun.com tcp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 54.222.254.29:80 log.reyun.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 123.196.118.23:19000 udp
CN 59.82.120.124:80 acs4baichuan.m.taobao.com tcp
CN 59.82.120.124:80 acs4baichuan.m.taobao.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 103.229.215.60:19000 udp
CN 54.222.254.29:80 log.reyun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 117.121.49.100:19000 udp
CN 59.82.120.166:80 acs4baichuan.m.taobao.com tcp
CN 59.82.120.166:80 acs4baichuan.m.taobao.com tcp
CN 54.222.254.29:80 log.reyun.com tcp
CN 1.94.2.18:7002 im64.jpush.cn tcp
CN 1.94.2.18:7006 im64.jpush.cn tcp
CN 54.222.166.108:80 log.reyun.com tcp
CN 1.94.2.18:7009 im64.jpush.cn tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 59.82.120.171:80 acs4baichuan.m.taobao.com tcp
CN 59.82.120.171:80 acs4baichuan.m.taobao.com tcp
CN 1.94.2.18:7007 im64.jpush.cn tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7004 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.2.18:7008 im64.jpush.cn tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 59.82.120.210:80 acs4baichuan.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 59.82.120.210:80 acs4baichuan.m.taobao.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 1.94.137.180:19000 s.jpush.cn udp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 110.41.162.127:19000 sis.jpush.io udp
CN 59.82.120.252:80 acs4baichuan.m.taobao.com tcp
CN 59.82.120.252:80 acs4baichuan.m.taobao.com tcp
CN 123.60.92.210:19000 s.jpush.cn udp
US 1.1.1.1:53 adashx.m.taobao.com udp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
CN 123.196.118.23:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 103.229.215.60:19000 udp
CN 59.82.121.172:80 acs4baichuan.m.taobao.com tcp
CN 59.82.121.172:80 acs4baichuan.m.taobao.com tcp
CN 117.121.49.100:19000 udp
CN 59.82.39.255:80 adashbc.m.taobao.com tcp
CN 1.94.2.18:7003 im64.jpush.cn tcp
CN 1.94.2.18:7000 im64.jpush.cn tcp
CN 59.82.121.215:80 acs4baichuan.m.taobao.com tcp
CN 59.82.121.215:80 acs4baichuan.m.taobao.com tcp
CN 1.94.2.18:7005 im64.jpush.cn tcp

Files

/storage/emulated/0/Mob/comm/.di

MD5 05c6a8914507fca8a647625ec0028af0
SHA1 2364ebdeaf861d2abd3eab2da807f2fefe18fdb7
SHA256 ba321644d36e7f48eebc6dc1225d437275c9587738c6c8443ec874224919ce65
SHA512 deb83e16e926f35ca3a7a9fca5e5c271bc4425713f60748431f4a5e9f3ddd1f96c624af7b4d8fe43d4065d3fc079d10d1074938ba67062b8acb5e564a52abcc7

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 a72c0a2453b05947b3404783b56c7af4
SHA1 a35a66e78df7df49582643edea1e07a4d34c5f08
SHA256 8afe21cb62d890f538213cfb46a91383a0c0e7379c5dd247b63f571edb38fffa
SHA512 0b26c84a0361d78d0fc8027b03644f62bbcd39e0651b1528b2fa7a52de9e366ed8adcad9ab8202f706de7b56f1b8041227ac9f0b966a804637d6ba78f03a5d01

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 c318b950b47ff67e08f8bde847ca1514
SHA1 17fd3956a8ebcf6576e87948dbdc0e6b144759c1
SHA256 17688c1f4d8971d838b99d9054c83ede2a83e0326e11343757b161de285a7a40
SHA512 af19a79d67006a88ef93a59bb280f2ab26cdd386fe9a36b76ac64aceb4fef08eb44844fdfffc69251bc5913ec0d320e09593c28efd2b615d9d523ce7305fa55b

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 a77875b899b0beb492f108abc94f2826
SHA1 924e5d4e0fec9324362cf619d5761bff2fe8dd37
SHA256 16d6edf6a31cad73f1c55afca36175d382f6a2e0d50848003488ea4ec30809d9
SHA512 69f85a52a94e49832775a8cba6e4d5aecbd1504e8d22d85ef7f624425d31a7d053a32cd146ada097610f62675edb5e1a5d7172f81d7d5234ef4d3e0985b23dfd

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 c85e8919765cc22095d1b8e40601e34d
SHA1 22d48933b9f30a028cf4c9d993f59c767f9e8e35
SHA256 f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e
SHA512 6715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e

/storage/emulated/0/data/.push_deviceid

MD5 319c1152f708dde6c2502ca9a38eee96
SHA1 17f594e2cf76354e0fc489b8f34881e1ce1c07e1
SHA256 b3c555ad1cfa8baec30bcfc5630718cdb030f07474524ce3fa72ed1a2d3f7faf
SHA512 92958e3f9d181867d2aaa1939c6470be6e11ca6caa34e06cbd1e3c7c535f23bbedceeaacaae2396c138b20e017de9784ae6442cf2ffea90b159b798974e0c700

/data/data/com.xgbuy.xg/databases/xinggou-journal

MD5 c5ce71b535198204c9cf3efe0c35b005
SHA1 d34bda0de33a375a8028b6e11a9157568054ecc9
SHA256 40f16f5675f5ab38630cdd9cbb03ec9611bcb6a6aeb683929e1296c70906c1ba
SHA512 e330ec20ab84ed2b183e89015947518511f9797272d2e2bdb35300643441ebee31f8bd2226a6f7436a04e9fb04fb696737572ceb25ae6f6b944bc73914f6a6e1

/data/data/com.xgbuy.xg/databases/xinggou

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xgbuy.xg/databases/xinggou-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xgbuy.xg/databases/xinggou-wal

MD5 494fc4e13658e8b495cc413419de9022
SHA1 c3e7590f1176814760eb4655ef1621407ae3906c
SHA256 5f32589f276b2da4dedb77a972b2e5b921640851d5d9688dc492acd4f8b8d4bd
SHA512 469dfc0daf3ea594d2df2228d7e198f9ef041b67ca619d8fdd1a48b6d455e3f1b1f5892e8d7c9cb852facb7b5268a15a6c8dc8be130fd9e52416393b56be0b57

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 c98a841b9f32e6a836933d033c41ed66
SHA1 ac2d3d256e20b06c8b0713825b16227ce9a91985
SHA256 450ca8b240c4ee38e720bc9859a6f1db05408dca49c5a0c43bc19be2209c523a
SHA512 9531f626cd7d40ca3fd5ca21a1063aef52f8368cb16776f3de6f76ffb5ebb96360debe15c2d2aacfc473b4b07f5c37762153bb06d5d1ad907f14953c14f34602

/data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip

MD5 522947eaa37b029a247e3973f3be3621
SHA1 31c88e0d7c9b51904c0f598e80245bba41b1c7d9
SHA256 d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156
SHA512 f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip

MD5 0c2f2989749ff3910446998637c28286
SHA1 054aba5cdeb4e66a4473b0a81680bc50f6a0cfc3
SHA256 f3c52a07c3cb0a749aa880b5819ce43a5b76065396037f5f50c4577ae522d49d
SHA512 72acb607e89f7dd62c21e9449ceba58c8917afcf4dc32c789f515d6a866e6549b2fd53e90cffbdfb7a62d577534bd9eec052d1ec9a912321f9bf25e7f719a70f

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal

MD5 7cc0606d1ac5b4fc8f0456593984c9e7
SHA1 f7c638a9c1a31ef42794c621522adddabc950311
SHA256 647a1a2af10f3d4c9692fc6269caeca8b274bc729f2e2049fe3c786740bcf1c0
SHA512 ff7240bb77e50eb931547c5aaaa895a3c5d70b32089c7da3ed199143f8f1ae214d45739b063f2d88927c1345f51beace5f7dba64389f138a1376aec9d277c15b

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/009193b7dbb23f674b5f1823e41a487236d37c09b01fa8bc30947bb276b22133.0.tmp

MD5 66c0c680753df4ee0641951b8cb1d613
SHA1 9573fb478fdd97f871e9019c3b88f27adb879a29
SHA256 97d7cb4c347498221f9b273a11449ce621cfc8c6b2770f4d57a8b3dfed67188b
SHA512 0c169a3f5dbec49a8e14d3381e4e71aab60b454365e84879f1892335ba0294be71950eb9bd0de528cfaa51f702384a66361972875dad163d46b7ab05c23881c0

/data/data/com.xgbuy.xg/files/jpush_stat_history/active_user/nowrap/61a46918-1f58-460a-9f5e-2dcdc3d664b2

MD5 9c2200a5d90d744751441258f24d95db
SHA1 883c881df31244111690f03320abe859bd2f20ff
SHA256 d528e5fae0e9295c10b9ff2107d093a479a16f75d8a49b2b4c0c5ef78965144a
SHA512 c4c656922c4f6a2517fabe00730ce3776a5f8fbf253d36b1e85005a861f0a9b11f4045a3d906c41204037c1d27f9f6a26b92f09d51d5392dc282f2d825f4d8b6

/data/data/com.xgbuy.xg/databases/ut.db-journal

MD5 e165214421ff52609401a6bc080b791e
SHA1 8561e79f4733e773e50347c0b01efbf4f0200285
SHA256 743d6702b193ef73562ee7ccacebb0cfce2a4d6b45570bcb1bd417a0f08445d3
SHA512 cf8be518686dfce3358bd38b2cb0c2e19849e7fa65262c6a7ade3994bf425da217f415241062b152e9b8f7b79444da4a45e9b031ba628cb2746a6d86560308cc

/data/data/com.xgbuy.xg/databases/ut.db-shm

MD5 4c3cf1c8972611ce5227c9b0c7394ea5
SHA1 3d70c5ffefcf9bcc2e8215ff49afa5a0fa29124f
SHA256 aa96269e1ec4942a062de430bcda298857143d5de42a4a5ac26dee0996556f68
SHA512 1a69013d26c3b6f3b21b34991010bf3829af74f47f9f1bf4755c99add46f517383d6ceba8057b2bf1fd916377cafeccfde3abdb6828f4acbe70b4d2ae3a1f8b3

/data/data/com.xgbuy.xg/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NTk5ODAwMzcx

MD5 417c2a04714ebd0d8b6b20669bf393c9
SHA1 fb705f52366b91cb81ca0ce26b877284dd41b268
SHA256 086dcac80ac12d20db06694dfd7986b4bc929ba026eddc4b1977694ac5868c58
SHA512 8944b7f8e75aaa11c6468b002424990418999b760cb68936a80ca08d89b00e97b4daf82f72a0636a9499881bba6031212f12ec2f2c84f9e24f063dd2f4962071

/data/data/com.xgbuy.xg/databases/ut.db-wal

MD5 3effc68bda8adb05f62951369c2c0b8b
SHA1 ea0d75a833690ac26f3aac7cd02627a0c222f444
SHA256 b2d09926d59016ea3a7e7b8b9a38e760864e2d9da54f5f85de0c9602ea9df676
SHA512 0d5d64e62b34248d06da7c28bedc36ce24389c27b5b1dd949b5a8f7f1b463ffb9b3217712a909a444c01e9ab1dea12f5fe862ed2098c00d583435bd0b9db43a8

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 f400ba95bfec38e7a844ba31d2ef2fb5
SHA1 a1071c32e6fbec76b64a498be28dbd97acce6f25
SHA256 82dc87f09093d264a04282a2ccd9513badad2b33e18616588976d4a2d6fb2fce
SHA512 7182ee636bd0e2c451d6897d5ddbcf8c0bf5ff04984bec5a6ba9867b0d03013dbbd0b3693b8038a748569de930d683df5a1d30b7047b2c059785d0059650fab9

/data/data/com.xgbuy.xg/app_SGLib/libsgsecuritybodyso-5.1.25.so.tmp

MD5 10760142380b34e358c396ca8d606a91
SHA1 b8d7f379c3e25bef6f24636fcb243d3baf2cbe46
SHA256 8a25b66e15f4054d677ad667d8eeb4db31ad09188884ae20cff78bfcafdd042b
SHA512 72105e76a0b2252434453074a966bb0f2ba849399bd9b3093004f3af47663003af614ec87ee3dd6d12cce0de9816bc1504a9859ced15c389c18601c36d66f9c5

/data/data/com.xgbuy.xg/databases/ut.db

MD5 fbe758487572c9d3f7a1ccec9a1076cf
SHA1 59c6299b960faa310ed3e136b1b8a44de45ab6c1
SHA256 bdf43c5a2df988b8a8d52bdf8d1ddcdaaa70d2e5bdbf20b6266737c7a147721e
SHA512 4f331821633f98f6529b110f4109cca2aefd9b1b1214b31624e302788ed05997199fae6cc878bb086fa599a72946f983aeff82f0a363c4c1a46607c668b046f5

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest96996317630637877953960284908436196-journal

MD5 00a4e5a3b704d25011bec6740650d940
SHA1 e51764f6cb21e395d18151c6c4859334d4d5f261
SHA256 ba53e30d7b3afc9cc0b26f8bcf9aa31a9a947acdd80aedde314e9a65237489a3
SHA512 b910cdf05252bbb7ebf3569a282ada4cdaba4d60114962126f507c3e3ac8c029e178fa392cbf16237108251577ea85bf22a3ca5818395f2bca69bf6e0729f5be

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest96996317630637877953960284908436196

MD5 467afc6c3463e026df77fdb2d6c9cfe1
SHA1 50e86430e6973e150c5e9c0707ed67d854149c62
SHA256 70b055c17760c590ba723b460611f6895e891aa13735c1df91bd3d7bd19d101d
SHA512 5ca851a1345de1b7b16c3a0e369010259a7da45f79ab2549965371fbfab90e6147680c754e00c6365f90dbec1869744a47806a8f3ff9be73e3f63a49c54f83a7

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest96996317630637877953960284908436196-shm

MD5 0dbf1923ed00ab9152e1b0694292a745
SHA1 e9c6efef057380e205aa342820f0da9477e24f2e
SHA256 f99c7763f53066b9387d8974133781f138f2f1ea7c1d38e9cbe33afa277e6e28
SHA512 e4a9d9d790c86f41c16b95083c65db6a3ea4ddfa073b81256e76d64c8b0f345080e3cdecbe3258de475ed606a3680b1902f2ce2bb93d50bfc2dda72e9b9773ea

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest96996317630637877953960284908436196-wal

MD5 1b00ba4728ab3f20f557cc2016d8ffff
SHA1 702f51be708db85bbeffc4e82ed4efaa291ed8fd
SHA256 e87899503b5564c6ae62ffb91738d4f71592d6520203b43866670e4f31c27a52
SHA512 2500e7be470264c38fe2d60dc40b14522008a9f0f2b8a3191630570a85e35f1f4bf1a8c254cebfe43887b069e40f0ccbca5cd0670ee7dffdb2c987258bf41bbc

/data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip

MD5 f59597732a9069b73e16c027faf78d05
SHA1 e3558f4e5041a6c6d4372001bed847f2ef77958c
SHA256 9e416ffbeda9461f3efca490dfaaee955f68fbc1f3e455f2394bf4c4310b83d6
SHA512 7a8dae723cf5fff494cb2fc16a75bf347732ee3da99f1cbda99d8c6d26a47e4a7526c5340fa33bf9ee98463a84c1fe276a3683ca8e7bfbc50206e589a82aa6d2

/data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip

MD5 3204fcefcc0eefb1fa76bc6f0fda6264
SHA1 b5a5fa1723ecc6c531d7728163489d72ab20cf6e
SHA256 15da7c769b4a6b8c48e85a27c3e052d6b2c88c53e4098ff4713f5afbc591102c
SHA512 a7ae4bcc5dec798d8b6934a361068698bba74aaae0e4443b73ed31f9696ca6f1953349e385172a5630f587ed64a17801ed3e1651c3a20d7b20ff3b6b33711a2b

/data/data/com.xgbuy.xg/databases/Reyun.db-journal

MD5 44486e3c8fea8b3ca7a3e60d1deed0d4
SHA1 3e679c152a51683c87607770a50511f9ee66fa62
SHA256 8dcb2f02713396155f7b81e4b51721c5704cdd5c51a1f65b32dd2997a8165e4e
SHA512 a93762f9bdbc3736fa549c3060c25b59f423506c4f974487549f8c766350136d2399d8b824c8b43f7f9793115a1317f18887d0a5dfe89d5dbfe442ab8dd9f801

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 250b669ad76aaca1ece6f5d79cf4d4af
SHA1 8179628fea3142fed98560815df4c7c5603ef035
SHA256 45967aac1599c68bb1e2de3e0f76afb29b4a111d5f64d282625356258b65b65f
SHA512 3618687c94d09d64c4fa322e0265e522b4360e267c5f60800e430e22d556b428f165348b5551f9339b9d7c0ac03be7741752a8f1fa2d3f1cfacb6672f7f44180

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 9f5321d28f7a6fe75d7d2c4d57473229
SHA1 65d69715505fcc99a97fe0d130b812253bafaaf6
SHA256 982e8c89e8e0efa8f480c45c6a3763b929c635449967d83f37834efac47e42d6
SHA512 fccc40d3c2dd8a1249dd26be0083fd0d79e412dc63ff8cf23cf4ba8009f53ee19e1f34898a7c601d8f75c2fc8321aa56386f33f0fc7f3622c775bf1d650f604b

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 53e5b43153765a926f83a504054192a3
SHA1 eaf0579070aa127d615ca4720ce0251e17afd81b
SHA256 4f59cddbc784f47c013a1074a83558813066a1c37bca81ecb6093a9b07ee10a7
SHA512 9adb775213cc1432d7102e5727449b9e8763b3c5cfd0ecacd88df6d7c62c95b49b8173b3c2825a07fa234f6024438c84b9744511a7f7946c5aa77b001e5dca3d

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 f0ba3194a38ac8c7aba76671fb75db32
SHA1 e9ec49040828251bb539e26685e44d85c67e0241
SHA256 dd49e60b35827ca2395534c8ebfebd234cfda715e5fe96cf782802cfccd7666e
SHA512 bc936ce0e1c98c630bc3615c9c6eaacdf96ba8884de1250b64baeb89244a24d7d5145c2e2f00b5ac79a4f9b28dd4cf6656e8a71c6aca92ab7b406d1ae76651c7

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 b6baae817e1ba3f29e462b93102b6739
SHA1 7c9bc69c1b86dc493fa9e8b740a3f6f07ebca61a
SHA256 90a80f8701944bfeccf97c8ec4b6bad7c2f128ee9ce87b0ed49184f34d1b7bb4
SHA512 9ec84a235556a84b91c21315deae34e860576d35ecf309212e358112c5cefbbc35ba0f4cccbae9a8ebe6276e5cf800027ca3ec5f304e901da3af650a1d46bba0

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 29bacfd6c4612cfba9b6f6d17b1edaaf
SHA1 6797edefc8bde7b77627e69043147c2a333105f0
SHA256 7ca28258aeb1e526da269b7facfeb5012d9b956bd508c14842c02bcea0ae6706
SHA512 4808833b77b8b8909f4d2796e7f508c0328e2b0b28de83539517a40339e9fca2a076c9135466651f9dc35a294c7aed7a97fa0910aa029db6e17968bf4c753ae2

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 43d738472c41623ed6adf52a6aa6e83f
SHA1 860093aac2028da73d8ed6927300bb34783fe034
SHA256 2889d59d58ddb4008a535687613cc9441a2fbd46a5567745cf5dcd8fccb32e85
SHA512 3bf1e25fd6bef4d2cda576005605267199df655d66079e4c6bd3cdc42092c9557bfbb4c12628a7868e02e5e9a78171e96340eab7a82a65693c9dd1330782532a

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 85cf5fa336696e79836d40ba16d95fb9
SHA1 d5346d317d9a29d37cdcead2909475de7a8a5b71
SHA256 c008eabf37a1f2a62b1d6956b09afb5f813ec4a49853d720f4cec725fcbbc59d
SHA512 47e097562d85d51f8a9bc6247b266c98056bf5ad9efef7fddd1442d1c34c6793d464e90bac53401a35465a1205683927c960339c11bc7191dac853c0b671c1d5

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 66172f4864aaf4d884e02636e8118f53
SHA1 86c8a4922691ee3b20b078667ce43e98632ebb86
SHA256 9f54875b32699572004cad485b4e51cadef9ab6849e9cc6de0f27b8c3cc149d1
SHA512 3367f3781004be4b4dd546f1c3fb89f875058a981fa36e948c955637301310c065f88378b39ff0bd81352ac59f86026ce26409245a2e551d4c2f96d87cefc8ae

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 b3d529daedd53a1102ee8bfac11089d5
SHA1 bb84a9b10e3b8ad7d2d9c39fadf36cc01d31956d
SHA256 afc5fe867b98b31e8a912dae6418be84a54e4812c165b877b15c5ddcaaaef525
SHA512 06bbc93d7b0a1604ad5db76dbc19ab38e98a53136c7d433006d4573d81d54058506bd46cd9f1542b621dc2031f6b594525ad73ecc111b2a61beedea33f610d33

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 46c10bb6a488295607300fe78f66daa7
SHA1 5724a7be3f789d2446de86ab2b00d54aae222047
SHA256 58adcf9b629d15b5a4b2a721546c47a8446f4e61be8b1e7aee8deb4401fb6d89
SHA512 edff6b55bf9fa970a6f404da6f391c04038ac8b7f504d762ee9d88b51e3c4292562a311bc83be845a2741b23c6ac92ab14a48b82edbb0424a2687c7254943910

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 0612fd063500f1b34a2fb1c04b2d3ba2
SHA1 07ce70c465afc842f1647050e39bc8e04ae57679
SHA256 0686bf8fbce3dbf6f20ebff0d115ae47afbab0c1db5bf19d116bb88f8437bde6
SHA512 b6e03155f709a86f9e5fac1f44a6c33eb0d89988b040b6eda2cd44f325856eb5a1c9abeaef675cd813abdf2085aed3aeadcd1654d6285bc42689125b782772c6

/data/data/com.xgbuy.xg/files/SGMANAGER_DATA2.tmp

MD5 e226bf9446849dc009baa24a537ac74c
SHA1 b6b4de6d0febe5a29c94656ddbf85823f20d6204
SHA256 f4748057d8d507d1ff277a03fdef8184f0e215e4be2de5315b48c647fb0d8a19
SHA512 0acf633e9b926ee1c43ba5f11357a9f31524a62e7487fe95b70feee27740197a4cf725c3a0aaeadb2fdc441ce4af69e0800ae23bb7a64c7525e7044ed49c6541

/data/data/com.xgbuy.xg/databases/ut.db-wal

MD5 95434faa8b158e64cc09c2c057378c6f
SHA1 b6b67f98c78819ff957628bb4bbbe2390cf9508a
SHA256 12bab6080ede77ebeceff554432785baec7267c0f37b3af34d16334b82b26c56
SHA512 0cd5c38cf1efb7de713f0dfe07a27ba77ff76bae50e8c218fd7808f92b9c984e0765433ca7b54d91104879903cdb0246314a369045911c526763d0efeb699ee4

/data/data/com.xgbuy.xg/databases/ut.db

MD5 bf641b9ebd97276f487ac7dded45bd82
SHA1 d3c712c33c86f3149d00502f84510949095da2fa
SHA256 ef195e1ea35e65d4955f5f51e8b26a36dd2c8babe3d200f9cf5dbcb83eeb9874
SHA512 1f92ae0e1f742ca216b31b7767eb403038c2e8ceef364ee76e2150e63047ea010a267ab295f18415312dc8060356140989577d153e27be4dc575eecb2f9e63da

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

MD5 e98ba2b3e6935e7bf332aa31bb9099aa
SHA1 a62992ab0ab434c5762b218f7294fcdb04a1e627
SHA256 69d10af7e391ed96caa379cc932d35e1ac5b6eb31524dce415eba589f5ef094b
SHA512 aa9a165a762b85e5e747a6b95168c601a1ec77d7a1fbb01de76299575e40e37d14b9c5c705092e032f4482171f098d29ff7f3dead6cc991553282570b51c0e03

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db

MD5 b0b254e10c81a34773a77b440fb3d1e4
SHA1 c68f72390b63e4834341e647833cf15ed20b1079
SHA256 bb16e927536ab45b8bb45bb7c6466dfceba8975d5f0bef721b2492425706d557
SHA512 264bc29d4cb8477e08be75e417bc15982efa54440cd13638455592d0ea5c7e16844e650b80e51f82af382af90f7b04c86d2c02f357a05be08a4f6be603d28a73

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

MD5 cdd41e1282ebcb7d6eb57727a13cc6d3
SHA1 3c20a8903417f42f6ef862bb935c50f53b04a5ee
SHA256 91f5531d010ad15960a4fbbff535a07ac09e5650c31ea07f0512ae600d68a4da
SHA512 1b73e0f367400fd33c250d7810dd65858d97874c39cf3b2ae2e062254a6f66191114243f708c5ff683cd2dd3e55e19ea21056917e2a949fce07138d15e03e23c

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 8e24e79baab91c4d0604eaa9006a0cb3
SHA1 e427afc94a4b957a7096f73e395a10ea404c076b
SHA256 65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA512 45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 b83ec2b97c0dfc1025c43e2e3cbbbfaf
SHA1 3a8342cbb31c97455ad5bb1ce261343edcee216f
SHA256 d11c5f22b77fc221edff055697cafd973f36736a46610f068c71fcaae9a14ebb
SHA512 514e4d264121366759a20f117f3d9435f39bfb146434b1bd4754f683b603581f347034fc25ae6bf61f127123929a6c0e1f2fb6600620285fb9d95eb185d82e64

/data/data/com.xgbuy.xg/files/0a231bd8575dcf72.txt

MD5 4026d664c37f37089c950ab88f6a2def
SHA1 84545a7471d7ef7bea1b149db7471b7f0075c448
SHA256 e9304fbdf0b421a0729491afe67f0f15710fb847a01f2910326cd26e9ba1fc1f
SHA512 cbf2916e58ce6a601ae2caddaaf0742a64ad153269be6aa9f3a77875c2cd3e2bfa5d08cfca878036aaa2d7b871847f3a0d4192455a9f31ec021f7eb04568b87e

/data/data/com.xgbuy.xg/files/0a231bd8575dcf72.txt

MD5 d04c5e108b5bb9765609b7ef0950e158
SHA1 18e21ef6adc63a5cf0cbf97680a360ebeec25e9d
SHA256 5e7197cd315771e233efbdceb0aa8f5e7edad17128c1e961aec5c90356122a8b
SHA512 77b3f6bba33fd84ac160eb4e496e384f8cda44f09c200a847557613b7f29534ff071cf403f0e0fa2e35974d3eb258453e84abe321f2feb33b09b65edacb19fd5

/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 f72bba7d1d05a193d049cc2d02fb9595
SHA1 a17011161877a6cd8dedb3e02aae7d5fb4c8ba69
SHA256 6221e7a0f245debb50fd9c970ab1e7c43c6918129551d91bfb08c26990df1d3b
SHA512 96c8afcbbccc25b5c67a145004989e34532b065d37fe6b5816fad96b154040239a7849bb4c097b01f41c0ce2a97560e747ab74e36748692b32924f7742367a09

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 67225c939fd10c6606d8d29a22314811
SHA1 97390e7542afca2aab8bd58499c4ed7159f12253
SHA256 6cd1a8f816d104a9d382729478a3ab607a0cc666bdef7d22f56e1d963d008c17
SHA512 a03c849065e6d230cb6210baf0fdfd3fc6d7e8bbbc2d61898d5bfd8c107971f0d41b18b048a7ec78434d00a0d9c8188c31645f23652abd9542aba4a17e629878

/data/data/com.xgbuy.xg/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3NTk5ODMwNzIx

MD5 6643daf6ce5c8239929b3b993def419c
SHA1 0ea453edd0b27b299268aa6603a5869976a83fb1
SHA256 72f0f24b287e90c3361e407eedb3443e5edbd51078cecbc21deb2e5361b3a956
SHA512 326d09986a36a1f9ab29a71ef026874e0325e2aa297cb46c98eed496df876ee2f9c4ac1b56f30133b02ad4270a331a93407800b45d1a8eac690d09a41331462c

/data/data/com.xgbuy.xg/databases/ut.db-wal

MD5 ebfcf325c6728253ca53d9e8497fb8db
SHA1 922e0b643a12bd4a92fd88be39e232b436b9d41b
SHA256 76d1eb356dd73240fbc058145cb3ec0e92436da46d4fe39cb5f980b131494822
SHA512 958c70c77cf68e73bca2da0ca92e4fc106d6be28dca495db4a7789edf731958c6ea4017ed98bd4227b6dcd70a0b34da8d40508bf1fde24488ab62419cecf4632

/data/data/com.xgbuy.xg/databases/ut.db

MD5 e508fd398214e1a29e4a33429899c82a
SHA1 b92d35827b73c5f44f4a6fcf6741c8dc010e4c3e
SHA256 ff9dd149224e3f149779b1cd58199a22e3e06dab8169965f2621b172f1f4341d
SHA512 1e9f4001f1dbfb89497fa40be8fdf889938a9299cce2399c5ca625c484cedd7860e679eb2f98a5ee0569fb75f1ca9147c5fc733b8ccff437f51ee9ec4f5caac4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 14:50

Reported

2024-06-05 15:06

Platform

android-x64-arm64-20240603-en

Max time kernel

7s

Max time network

137s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/qemu_pipe N/A N/A
N/A /dev/qemu_pipe N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip N/A N/A
N/A /data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Processes

com.xgbuy.xg

com.xgbuy.xg:pushcore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 116.205.165.66:19000 s.jpush.cn udp
US 1.1.1.1:53 nbsdk-baichuan.alicdn.com udp
US 1.1.1.1:53 adashx.m.taobao.com udp
US 163.181.154.230:443 nbsdk-baichuan.alicdn.com tcp
CN 61.170.78.160:80 adashx.m.taobao.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/storage/emulated/0/Mob/.slw

MD5 ac8246bf1dd7ca16b2d70b73bc5ae2d9
SHA1 b68a31606145d5a666f327d5615d92adf89654c3
SHA256 cb804cfa89f95b3a2ea3643e0d17a3eb10596821dea1b866fed7dce5c505dfe4
SHA512 6cf057131aeb260348bb6b479f0776187d78887b03d0a7a824f9f99ee0814d66c5ab158b231ddc16eed4d941180b9dc4997b3d1629af43b1f17aa8ca4d7621c7

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 82ba9983afb7b0582789e32b040cf371
SHA1 e96a60b5437113b71f2eb1e14513a5dbfcd51647
SHA256 45e46ef625dbe7a06f96480cbb0aae4c624d03f9b393844c50de2611776c0df7
SHA512 936bb929a3a974987c13e3aa58bb25bc4d861965f5d17cf1b15979b72c8f0893120208fdd29818f3db813a5318f63f6ee7e314980e2d0d221b3b0774c8f3bd7c

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 fe68a982047126ab6f2cd3129c2b17a0
SHA1 0ec17f35741fb95a32c7b0a0e8f8948db9140b4a
SHA256 86ecde75ea74ba8bf2a59441a063a9542de241f4c1ded13634fafd5df45c84d0
SHA512 1a7ea2d9ffa3318fd077d2758afc563725e5d8ba98579ab21f200f40eaa9e20147ab73fbb22d69ffdff59db7a6e23a9c4b18732c1e5298d5c43bd176be50cfc1

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 98c6f302fdfbd343440af7ab75b7a087
SHA1 9b00a54a537589fec2f6792d893764a4401d0261
SHA256 ab6824765a58b8129c10a6678fe9bdbba71a0be32e85224ed04855872c4bf697
SHA512 f3111b8a4343848cf6dc6fee3ee56492e2b712d70dadc4252b86bd97c6d1aaec22925cb0413042e21a2109a520bcaddc32c8546944861df1751c99eb613cb277

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 c85024b64d097ff7c335a7cbcd0b8633
SHA1 eb9708aecc2275c6f361c4901e180b0ecaba9a0c
SHA256 0d1ffc677fec16a764252f898ec7c21d76d9bdafa1b856ea12a7c474a803a8fb
SHA512 b8284a0fc78a6a3cf2ee691ec0b92ae84aa28ccb7ff3b6eace0019f8fd38e32eac5767842464f87a12e9586b0974bd08310972d2ce8e3edcdb7d2358e8324652

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 2051d5b1913e200febf53a501054e7d1
SHA1 a0553579e17318d8cc09e6f12dc4db37884c5ffd
SHA256 f8affbca67aaa252bcd77e0d494b0ccc357814269b06715443ad740c542bd69d
SHA512 b65fa3bdb465665f39d9be4e66b56fef4471c99179ec1cbd88f85b029d58f3819e493241b7708ee9c60c58ea67e88daf1facb390925d73d111e1143f09c24a0f

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 91b0d770a658c910ba2d69a3649408e2
SHA1 48ac48cd138c891308f0b2a1f91595c6a354dcf1
SHA256 c305478fbca712829f29065fcd2a39cdd2467907b65d588e67c002b3b89f2865
SHA512 da4a0dfd3fa144392d108d135783a433e3818b6ceb5a36a0ce1b677e1358997ed77b79e6e4b5f5e4c4353ba4d67ece38bc13a37732cbcc108790efe2f6335bde

/data/user/0/com.xgbuy.xg/app_SGLib/libsgmainso-5.1.81.so.tmp

MD5 c85e8919765cc22095d1b8e40601e34d
SHA1 22d48933b9f30a028cf4c9d993f59c767f9e8e35
SHA256 f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e
SHA512 6715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e

/data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip

MD5 522947eaa37b029a247e3973f3be3621
SHA1 31c88e0d7c9b51904c0f598e80245bba41b1c7d9
SHA256 d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156
SHA512 f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

/data/user/0/com.xgbuy.xg/databases/ut.db-journal

MD5 b370e1261e84bd26686732125de11f9f
SHA1 282656aff8fd0e3cfcc6edf8a10e8ffe888c5f3c
SHA256 c11d4a2ad4c598e9801521c35275eb7ca3c4882501a2a4a2368501e926bf4423
SHA512 8303da96a47c7e76fa8b3c8ebadf83f54c7ee71185b2f245727a02af7efc584e4c0a44c0423e001b77b19efd13dc9cc6df1aaf685bfe1689c25549bff7e7ec2e

/data/user/0/com.xgbuy.xg/databases/ut.db

MD5 75694e403dbc728c85b85d55d972d357
SHA1 346ce6fb424f486cc32f7f46649649470cd57225
SHA256 ad9862b2cfa8b250817df299b073d617bba35aa05292f7f0c6cadcefd47cfaf9
SHA512 591d814f3bdba7180588ec333b554f946a977374df798bf69a352b4f1f0b43a412b5998622a059cfb3ad94eefb56d6ae62c6fe7dfefcb9ec5d47b98971bac6ad

/data/user/0/com.xgbuy.xg/databases/ut.db-journal

MD5 f5e03dfd626d02fa32719f096a1b60d3
SHA1 2c6ab47dde10feb81a86654eae436632bf79fb78
SHA256 fb48587689e559807e42897c00fd0244efb52d37d96bddc71c7634393d971776
SHA512 c704d5a87d7ad5efac65a7f2fe643e20a388ee2360a348efe7838cf3f5ef875a298d5fec97ae78f57413e30a013ad3fa170c652301beaaffe1657410738859a5

/data/user/0/com.xgbuy.xg/databases/ut.db-journal

MD5 8ebd965b3967f25087912d9f1c8f22d5
SHA1 11ff09f5085eb28f90346508d6d93079813606a0
SHA256 6b58d3be557986a90b8a268f4b039b51bf31cee7719507358bb2f88b18dc60d1
SHA512 b838f79205cf9ec74e49781761d13aac6795ba807657bf25d806d3a3452ac35a2fbfd8ecc506e8520738fea7f1e0b16b24e39de082f20a524164af5bc5137b7d