Malware Analysis Report

2024-10-19 11:54

Sample ID 240612-lp951azekf
Target a034cf3c02f186147c05344007853da0_JaffaCakes118
SHA256 b1915f5693bdf1ac3bce0f968dc37de6d37e50e009678e8176d07dbeed937d00
Tags
banker collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b1915f5693bdf1ac3bce0f968dc37de6d37e50e009678e8176d07dbeed937d00

Threat Level: Likely malicious

The file a034cf3c02f186147c05344007853da0_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion impact persistence

Checks if the Android device is rooted.

Checks Qemu related system properties.

Loads dropped Dex/Jar

Queries account information for other applications stored on the device

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Requests cell location

Checks Android system properties for emulator presence.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 09:43

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 09:43

Reported

2024-06-12 09:46

Platform

android-x86-arm-20240611.1-en

Max time kernel

177s

Max time network

185s

Command Line

com.sina.weibolite

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.name N/A N/A
Accessed system property key: ro.serialno N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.qemu N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.sina.weibolite/lib/libcom_sina_weibo_lightning_schedule.so N/A N/A
N/A /data/user/0/com.sina.weibolite/lib/libcom_sina_weibo_lightning_main.so N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.sina.weibolite

/system/bin/sh -c getprop

getprop

com.sina.weibolite:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 user.jpush.cn udp
US 1.1.1.1:53 kylin.im.weibo.cn udp
HK 36.51.224.90:8443 kylin.im.weibo.cn tcp
US 1.1.1.1:53 bi.im.weibo.cn udp
US 1.1.1.1:53 fp-bj.fengkongcloud.com udp
HK 36.51.254.102:8106 bi.im.weibo.cn tcp
CN 111.13.87.90:8443 tcp
US 1.1.1.1:53 dp2.im.weibo.cn udp
HK 36.51.254.102:8106 bi.im.weibo.cn tcp
CN 122.9.11.60:443 user.jpush.cn tcp
CN 123.125.31.21:8443 tcp
CN 152.136.248.158:80 fp-bj.fengkongcloud.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 36.51.224.90:443 kylin.im.weibo.cn tcp
HK 36.51.224.90:443 kylin.im.weibo.cn tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
HK 36.51.224.90:8443 kylin.im.weibo.cn tcp
US 1.1.1.1:53 wap.cmpassport.com udp
CN 120.232.169.168:8443 wap.cmpassport.com tcp
CN 120.232.169.168:8443 wap.cmpassport.com tcp
US 1.1.1.1:53 api.weibo.cn udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.phone.igexin.com udp
CN 115.227.15.225:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.231:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.6:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.237:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 115.227.15.235:80 sdk.open.phone.igexin.com tcp
CN 115.227.15.239:80 sdk.open.phone.igexin.com tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp

Files

/data/data/com.sina.weibolite/files/storage/version_meta

MD5 aaab76f7ee9cc80803786fb9826a9436
SHA1 8bc48d4c0b68126f33d638cd06c3c3f275ad4885
SHA256 1f3c638f1c3c37933f7f09df2d8df86194abaef46729b6c84db40970c5892853
SHA512 3708f6d755228a843e155e7e38feeff8bf431d9a5d94676fab93f38a02129093dcec13b1d1de8e0c5d38a415fd7663b04b45f3b5921ee42fbdff1a8205895bf0

/data/data/com.sina.weibolite/files/storage/com.sina.weibo.lightning.schedule/1m18c3vekjrxr/meta

MD5 1deb6b895a2280f63ea2f3783f0a5ebd
SHA1 c01eee51a200d2007d3972b551e2515fc8f96d95
SHA256 c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d
SHA512 269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

/data/user/0/com.sina.weibolite/lib/libcom_sina_weibo_lightning_schedule.so

MD5 6aa3d724bbdbaa7f7750d13423051cad
SHA1 67dbb86eb261d246a799504cb62918cdde901b50
SHA256 a1a0dc3505bb60459ef9590c76dc423a6c82a11adbbcfc8d50ed213f5f14f7ab
SHA512 fbc1994e3451ef95f3b1d72384ffe8cb94fb47221aa63a6c36554b7b3b9cb91f5e6557a9f734d50e6148db78ee70e62451338b7e69041b9e918e9cfc9d4f8d12

/data/data/com.sina.weibolite/app_crashrecord/1004

MD5 c4523a596657e636e5eacabdce18f41f
SHA1 64bbaaabbf224931f82a5d3071374f907e4fcabc
SHA256 088b185a16da56437efb3ac5720badd6563880aa31b624fd7f95068ab714a100
SHA512 3dfb6a4430f915ab96537a5108013cf3a28acb3581fb47b9c818a4350e7493b5a7231fca3125390d0e074583233920c4fab8eac84c3b84f484a07e10de1787e7

/data/data/com.sina.weibolite/databases/bugly_db_-journal

MD5 b81165de03326e026233e4bd4143a44c
SHA1 e43d266466c28825640454ba9df27f895d4636c8
SHA256 3d73d4f85b7eae8ba90dc104e982022bb156ac2f1d0dd09b4fc8844aad518b55
SHA512 cb0f79e604def6b41f6747d8b73f14ee64c715785b6188eaaf46745e6dc1857a9699eba34f1077e1ebdc84a00e181bcb9fde395b1a301e0cd16407e191aa17a3

/data/data/com.sina.weibolite/databases/bugly_db_

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.sina.weibolite/databases/bugly_db_-shm

MD5 0dbf8973a6efb4a1c5554defc664eea4
SHA1 18315da7f0a4f3a7a06e44f0e679970f30d52ea2
SHA256 d6899d3c29ea019a174aa4886dabf022923f2d56157e0abc078c57997776af10
SHA512 c2e025cc3243387d53835377d79e92d8621dd7fc61b6f6dc705f48ed1af93032b6ab2b0a7472a3aa2fa7ef07092bb469d0428ca909acbee596d95acc0c582afc

/data/data/com.sina.weibolite/databases/bugly_db_-wal

MD5 1aa4dc7bc539ef7cbd9b2452d41c072b
SHA1 ae24a9d449f567cfd5b4588d69e9dbd4054c846e
SHA256 cf0b2b00be07a6905cfd00487dbf71b5c22d9950aa7b257f7e542f4083aca2fd
SHA512 2799347f92420bd473a78761924ba5a53580db354818c61c7daad399e1b916d3dde25fee814670cd3b55209efb2e00cd8b1f9d70e99095e2e09f27a70a9da517

/data/data/com.sina.weibolite/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/storage/emulated/0/shumei.txt

MD5 8f7930637829f6267cf31da8a254db5a
SHA1 3c263c225fc97ed5a536d0d4bf098e6e455f81d3
SHA256 b093f472ffbdd384b93e3973caf109dc1ab713065af0a9f2600b8301e839eacc
SHA512 94d3892666c1fc1cc694b10df05358b07db4db80fa54ce86f3c1b68dc45337ebc468e45a63c3b6b121df799c49461b1f69bee9f37457517efa211dfd79f6e220

/data/data/com.sina.weibolite/databases/account-journal

MD5 1bedeeb3a243e29f198ab34e28df90eb
SHA1 9307c970a97f11ad456ebf064c69b2714644b866
SHA256 08b545586604fe13d190276558947eabe6fd9e10345c2414ec26e509116c1f7a
SHA512 4e34cc25367d7e899b6ed1f5baeff901af7f669be664878c6e5c828932f3a5873f7adef229e2d82e8c4fda80537cf2e70490d78eacd24c933413b7164f37ca99

/data/data/com.sina.weibolite/databases/account

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.sina.weibolite/databases/account-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.sina.weibolite/databases/account-wal

MD5 052b22a50fed462350edbc132787166a
SHA1 9ae5bfecc4b11a5564cd7eda546e3a48bb91c3e0
SHA256 2d0d1836858c8c9191e7a0939758e3bf744f06aabe941e091a0bad3a71d93100
SHA512 cf4c29286e06a3729c67c326ae76b56e5b73120f46ca6dd571cbd9725fab0917963e332f3cffb30d6da2748cd551cb7def296b32423e5ffb5a8f60827e76925c

/data/data/com.sina.weibolite/databases/com.sina.weibolite-journal

MD5 ef1ab1dd470c1b29c0d9217fbbab1caa
SHA1 002be85f26ecf107ddecf89f3d07084561b8f8af
SHA256 eacab28b2e5e1e07c870f356e42f6d7c4b488a9e9b8cd32c06f4c13d06dd9df7
SHA512 12f31871f8fc653a881f62de89c278cab164eff5ac24913e64f617ac908c657005b66333cbe58424012327d6c6c39e62a5a6ca4310f0505b2bc430573b44b26d

/data/data/com.sina.weibolite/databases/com.sina.weibolite-wal

MD5 0226e697c4ca854013947b2dc04b986e
SHA1 49424cef28e8398d6868d99975581dbe99eaac2e
SHA256 fa2894bbd4b562754b8c0ab29fba1d316900e69e0552153148c4cffff523aa0b
SHA512 895d697af986d4606a718efe28c8c003c5dfe4656fbbe1aa76b3a538e7468b62f5fc46faff13418ff196950e398b9ec8e847b94836c2f8843a69a25c886e0129

/data/data/com.sina.weibolite/databases/db_d_resource-journal

MD5 befc45c2fb83d7786eae9643458a8a0b
SHA1 58e1896486a512ca3feddb3206884df7462a21af
SHA256 0e0f89a477284c0668d77a9b52e92de4adf364628c8964819d41b33cb2003bd7
SHA512 12033a7acbbc31a79de422cb89d91726a03d7ede9ec2a68d6e5b366a09a794752e9716056901b6308fab594c3f6dd7d22daf6c9eba4690fe6b2bfe1023301fc8

/data/data/com.sina.weibolite/databases/db_d_resource-wal

MD5 1e0457c58cafdab8737270ef77b13c8f
SHA1 43b03c967de8efc756e920c80a2652dae8dd6ea6
SHA256 94d60ff8764bc80eec7956d9b7c3f22b258b136cb6cd69fb32ab3c97c8b127e3
SHA512 7bae0cf57957b110a7be29638084574be54e266458710f32ed1e8dc03466f36b5d6d50d989572185ddfa8514ea2e220711a0f4548000335e6fec3445abdf9626

/data/data/com.sina.weibolite/databases/db_ab_test-journal

MD5 336ed6db947d82b540b9d9a8f34eb837
SHA1 b385ca8fb76cfce0035a5d186dc08f5d659a6a08
SHA256 868e274340fe965add90eae93929c79e5c85ed4c93223751b3bfcefa530afe19
SHA512 91c37b3c5641b7b7f6cd584964701d88cda102a15c181f2ae020fe37b4b48ab78982b73f0c697e2b58423c5e00ec73845e5e8f286d8336d940ba3781fde3a2fa

/data/data/com.sina.weibolite/databases/db_ab_test-wal

MD5 a537bea08bc4a6bade4b7088dc3a4fec
SHA1 1b59e8c65a60a911de99127ffd306823018e5f0d
SHA256 c6f23cb439d78b6a6ef00b30073fb8f01903cfc91b4cc930c8b136479d26e96a
SHA512 1514c64a74fe5f2eaaf6ef9e28f6067d680ff096b866ed042512a1ef2a077d4dff54fbd67a2c93fd597691f75b8ad783d304146c6feb3415ce7c6f589e36b94c

/data/data/com.sina.weibolite/files/storage/com.sina.weibo.lightning.main/3qxfxsd10r0yb/meta

MD5 95d962bbb94497247a9816c2701cbe50
SHA1 b3bf31a3f82a5bf71878ce82acc97988a05270d1
SHA256 0d2f50ba2e54905fa4e2fe2d3f3df14aa7b47a4f73acc4304d637e0e806ddb9f
SHA512 dcc9a8a4e369694c8ce4e4be57e988d5e5b5c06812fc4494ee89f08f419c290de93be703c759a332bcde5d61070f427e3c65bb6f7dd256afd886be7a01968f5c

/data/user/0/com.sina.weibolite/lib/libcom_sina_weibo_lightning_main.so

MD5 13aecfc46352bd6eee686fb75c18575f
SHA1 1b6021d8cc06de6c2ab299bda9e83b2c3ef44eb5
SHA256 c602898fe2e2d300ef3a250d78f63afc5a97bb44d8d168148a7c40ff2462b63d
SHA512 efc467679aa7bd5ee8bed09439044f28f4a2bd4283b66f690f0d4e84c26a4b08b63634d32480f0b9ba384a465b4d5608742a341c60473d8ebeaba3602a8ac73d

/data/data/com.sina.weibolite/databases/ua.db-journal

MD5 4816fe02a2afe4e0f94613c68f1af819
SHA1 ae972a8bd37bf54e0c925be8d5620da778b0495d
SHA256 abcae1cbf749917e9f62ff34f60cd3105713b663bd669146d121a8bc39f2a685
SHA512 8ccd2892a5c790aadb8e79e63046e4888dbefead4bdac5825473021aeb014f928fc5821932368c87eddbe04c06a56f84bfe4f42c9341b56196d3718140d0414e

/data/data/com.sina.weibolite/databases/ua.db

MD5 186f90a5c99ff74aa38788ae30751e2a
SHA1 b6aa516b53fe5c47f47a12c008be1e4903eddb88
SHA256 4480888892f2712ded11dcda55bdea2f793c20591f545bc32b636255cbf47d4e
SHA512 fa88082378eb2ff5dc345d6552885f85a47c3d6db4d908f461386432f039b1505bc108f62315d413625e880e2c66e126baf1410c640a54d62b5ed01b5a4a3e5e

/data/data/com.sina.weibolite/databases/ua.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.sina.weibolite/databases/ua.db-wal

MD5 52015db09f0d71da577b22451db5fa67
SHA1 ff037bd5d70c3e68713a5cfd1ade89f613f5dfaf
SHA256 6bb6404a9644f04d4de42454645a82d9f7b70632baff18e2dcbfdfee509fe0f7
SHA512 cb1de7fea51ff1d36f59259f5ea97e8449344b5bdd77e5c255709fd97b43112a7a01ff3f84cda7a189daa45e73f7b23e4713c8dafe8e25d606b01ed399984de4

/storage/emulated/0/Android/data/com.sina.weibolite/cache/info_ip_record/0

MD5 fb4f942582a595e7640dc28b0c44a0e5
SHA1 5b9bee54ae32c8c5f07f9ace2fcbb78f57e58d95
SHA256 a01681ff1a7586f6ffe967de811b67d96863b714b7ad760f07ee5f4f041ef4ac
SHA512 bd0c07e4de2735267f32bb613fbf52cae5be5bc0ac599048aad4167b5ab17a6da20c9d7e397ec9ff8c9a94853d855250971665c25ffc547bc6061177851dad07

/data/data/com.sina.weibolite/databases/cc/cc.db-journal

MD5 e151c6615b725310fb47ef8f82299200
SHA1 d029787fb4516c4ac2f00c92cc7272089711c821
SHA256 d92f28e7a9cdb6d8e21bba15736ac5d5d0da7a4a8ef380fc74cb405e19522efc
SHA512 73e129222ff6492e9c5bceddca4fd0743b857907003ec4fb1dadccb764ca6a653b7df7a27ca84ad44bff7d4207b83bbe3ab9bdaa2d493e904396e1c49388a6ff

/data/data/com.sina.weibolite/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.sina.weibolite/databases/cc/cc.db-wal

MD5 4549fbb43977265a36e4fc5440087e8d
SHA1 b9edfce66110bc24b932d43fdfe918d9b21a636b
SHA256 961058ff451a47e5ebc0d3cc1cb43d32a92511960ecf41684f2fec75e3e8288d
SHA512 504b6c349a9d2f2c7715e4d14b12119d438374c7e3f7ac8ca0b7d2bf00c3cac76c2991835c9d0237336d8d565089d4243c0bb3f8f76a327cf9004aefef3c27eb

/data/data/com.sina.weibolite/databases/ua.db-wal

MD5 2be86794ed4336a893ce3bf326557afc
SHA1 8fc09f1433161cbc7820736d16790cce009e2537
SHA256 80936088c0bb885e83b6b50d0a16e6b762fe618dce280039941600060341117d
SHA512 cf078cde05328c0673dbec374015a27a5c3db403dbcc90c1adc6fffc8059ca5332d27a5c7544518fa85d42777cc662fbec10d40d00d079333b223e502822866f

/data/data/com.sina.weibolite/databases/ua.db

MD5 00d132f90140121850940df85ba4eae1
SHA1 bb92655fbb46b6512e5ea4c75c5ab890d26f4700
SHA256 b1d7580b47f8011ba8fd5c640da807789298bceda22a4d68d513724d83c1c232
SHA512 688d48e9023e821ccfc067b3c9eb97e159aa7161993ca43224d34db3560ef6c21eb7f98496e4676ebbb258c600fba73ed9b98d8c857d6e80a793c8cce23f67d8

/data/data/com.sina.weibolite/databases/ua.db-wal

MD5 483728cbd804afc05af93ee1adda4def
SHA1 8cefd0805b1d89018048e4775a9a2b0042e0efd6
SHA256 74adcf1007a0bb5e36a298ad9b5e12d0a4d10c5a12297d03c4e129f777097ec6
SHA512 8444a43cfa715dbdb4705c7f15202dd072554dd46d8a07f5e748179ab35d847f0ecfdd81b4d47529ad40f3879e1488c757ce3bfbb91337abc1ada27b12ba226e

/data/data/com.sina.weibolite/databases/ua.db

MD5 790efd62a552f551bc6582c0635a8341
SHA1 b453f8233f87d84ee0e052e4a41188b2e317db56
SHA256 321aaac63dd47b8db1659392ab9d1c219942298022963ab1ec7c60c4bf79f3d9
SHA512 66e8d7098a3bf84ac3e77369704babc5cdb49eb82b0a688528f7db77207fb540fbd760a19beae51e2aadfff354d84118675bbaed8b3f63b4c481bd4bce205901

/data/data/com.sina.weibolite/files/mipush_region

MD5 4cc6684df7b4a92b1dec6fce3264fac8
SHA1 5f1184f7df96c5928092ad9c6b550699bf887826
SHA256 a258b30f88c30650e73073d5bdde5cfcc6987100ae62d37789e5c46a0d85b7c6
SHA512 116c901f9af5d8ec7cdd5b8721ad28ef3f5a0b3776d3266a1575e23856ee87cd3c370b22d4f329b4471fe9c6fec485d257377a55c4d95b609b51d35e469ec029

/data/data/com.sina.weibolite/databases/geofencing.db-journal

MD5 7c939af232d49707851d5d561dbcebc9
SHA1 76be8fb48aed3870e0fc9a2870b2b0e38eb9c643
SHA256 c14b0fa21aaded5797e13a3746acebb50cb730117c4d88f52208b920046e51c8
SHA512 b6013b07e857aa4e5ce474a901ac5972e259f2bafd1478eb5192e709494a01c70f53cd97b1d7c8d08c035f80d00333e9156a05d02706d665f62650a4b1add3b7

/data/data/com.sina.weibolite/databases/pushsdk.db-wal

MD5 7825e89869186cc827b61f8cbef85403
SHA1 3cf5e620a1565b8e9196d402d5cd1a9c089fc7a0
SHA256 d6cc099721f9c554bbcc07402879accc9f628c22ade1c1fbd2c46efa65ce0dd8
SHA512 5ee3fba73cd152b59310e55c4f5d0de7fae278b95c354fed957a3f85ca9ccbada16008c04f1fb8dbb4f8ee4abd72811ac3b3d6582edab87bb692e0d683c10571

/data/data/com.sina.weibolite/files/umeng_it.cache

MD5 6ae08b4a64c7b6295d9b63b7088d9fb6
SHA1 912d93bb528f42fdb0613c313191c46c77f32b6a
SHA256 5dd5235cf0df25849929b5feb41416db94487c857ba4e41acd434fecf8ee19bc
SHA512 c86c7b7609b7d9144044de38c1c3dc8e94591140a3de10452e81e413bc9e11cdfe48a8fa0ccfe15fb5d0764370bb01db98a63180fb61db0f8a0cce67778b0baf

/data/data/com.sina.weibolite/files/.umeng/exchangeIdentity.json

MD5 b5ce92c4e34d80a916daada473d363f1
SHA1 ef9cefd97fb698c85ce381984ed74518b723a375
SHA256 2509ea94cbddc325d17c0c3c34b9c2efae51e4266dde1145c660749550b9e558
SHA512 c9e47b6b4dc890a4ec3b20eb48b249558e50eec022ead6d2cfe84c9a0b9d5c0dc9c58f719365bb70995b957e6113849d3319d3019a092cad77afc792c7088d74

/data/data/com.sina.weibolite/files/exid.dat

MD5 9e0cf4b402b05e7632f32c5a3e7387fc
SHA1 8b9c684cb91568f42b0d43e286d341d3b06d5f73
SHA256 89e36defbc0de532d8a86639c84fa7c1913d7e0c5488ec354f9588729c9e6ba9
SHA512 cd3b1e660a77e4b580b893243b00cd7478bbdaefa91ea676497667f5c22a5f0be3fbe09a28767e3e5b50d7c106f0307f763f50855806a171e6bec4f5a115f4bb

/data/data/com.sina.weibolite/databases/ua.db-wal

MD5 f48a5642864a3136eb8ebabc9a87be60
SHA1 1fad56808d0382d3677cdb3e38e7eb6d08b902f1
SHA256 50e0a2ae948b0ce729ba4ab54538bd9ac67c505701bcacebafbf98c8db2e5064
SHA512 4d0b2b4a7b3e818f3f7f8995bdf63b5f619c830a2f50149bb73654f57ef3932182ea9535057857fd6c4faea0afe437d37e65e26706f7219b2cee04054621ff11

/data/data/com.sina.weibolite/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.sina.weibolite/databases/cc/cc.db-wal

MD5 4386a54b4edb8b354d563a389195ffa3
SHA1 9c489092fcd359aa4a0c193a382198b6a69eb47b
SHA256 660fa3c8e5377382b90b4798d819cf918cb13c028dbb6d300a04868922b39b26
SHA512 5f33d1a3f738b91992fc25564420b29ee61440d9ba46a1ee1c46eaa0740df401b2cb11df280039f052f5960e82275c5628b738ab2efc3ed88a7f0d9ed1a1417c

/data/data/com.sina.weibolite/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4