Malware Analysis Report

2024-09-09 17:12

Sample ID 240613-nzj3nsxdnb
Target a5624fc40ceea54e9224a803be3e7152_JaffaCakes118
SHA256 79aa2d0ffcf0b77557a6257558c0e4de9ab8a634cf3ada50be72bf9b3b872795
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

79aa2d0ffcf0b77557a6257558c0e4de9ab8a634cf3ada50be72bf9b3b872795

Threat Level: Likely malicious

The file a5624fc40ceea54e9224a803be3e7152_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 11:50

Reported

2024-06-13 11:53

Platform

android-x64-arm64-20240611.1-en

Max time kernel

158s

Max time network

184s

Command Line

com.ddumu.bdqwqs

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.ddumu.bdqwqs

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.wapx.cn udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 appx.91.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 ads.waps.cn udp
US 1.1.1.1:53 view.ddumu.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 devs.data.mob.com udp
CN 180.188.25.17:80 devs.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp

Files

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 225b310ca09e97c928250823a64da711
SHA1 da7da5d56c09952b7d428807b990ef171a074cb5
SHA256 d3fe4c6d68cfdda5416f3c077701186c508e83941a3b7b37b01ee19269faed07
SHA512 8f61c950489ffbce83e5a702359c0366ddea5810c74cc8063e03addf6c2c2d9feb5fd54c43ca60808150d6dd076aa27d66461f3558f39949ea488f6774646d61

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 255146e40c9734756827f617d11806a0
SHA1 53387e7b3a18d119900563b9e935299d0684ec68
SHA256 bacc64bfc41bc1b6855d7523030fdb3ff4c489efa50d903feafba031c7da69d7
SHA512 5cf252b3c31a56365931f5525130054906ed7d38cb226871c571fcfdf0ec78c23aeda0e17896d71a0d590470fb10632eef113b7a81d8f7048721a9defffe1d23

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 f6037db0cc8441c4171c248e849c2f84
SHA1 a62348e1f3f9fe34d1b648e6f06a229b820139da
SHA256 f44660123317d0fa859eaec0ad63c1bf4fc8f11b92059a1777f807cba14210d3
SHA512 54e719f9a8a9d60574a4942d1a2ee09b6033dee8205660ade36d927366c907466d7f90002638ed1e0073a088ba99d7f911d655653cdbfd4ad4aff1a11a6c9b7b

/data/user/0/com.ddumu.bdqwqs/files/.mrecord

MD5 6c8c98b90fb43073b8820c209ba0fc86
SHA1 487be5ca2f4781dd4eab5c186f84c3f85126c57d
SHA256 f969bf7662daf137f22cc10afee7c004271e5bd96e1de59100c8ed7c584e9848
SHA512 139af0c65fd4027047a0a3da88f6b7cd0842a54559579688e0765011f66cb944fb055b8ed016bcc3d2aad5ddcfd9ddf0da84a693942d52ad0d6910c13137de9b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 2c6f52ac753a332a0e51e1636d9373d4
SHA1 b0397bbf042ec48e7d8a11ecb80230822ab80f6e
SHA256 84227333a8283139ae090e621dbb17dfff0b654de01eaf4a16790e18bc86ac65
SHA512 8f87af32b52620144f8dddd333511c9f1a634499c92d0c7e98b86d0fd1b7641fa26879bed26880b53a207c481b5f29316ea68546087d604483bfb7038bacc961

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 dc0b28acfb5ddeca20a14c3648beb69f
SHA1 46c48d9271b5f9a4caf01b9b19e50d6880ecaad6
SHA256 ac3d4d99939cf51cb2588e71aa3747208952ceeb6e3b5c2ce498a2eb2a28ed1e
SHA512 ea96bfe1d2a2407547bdbdcc5c82bdcd9370a03e5128159447a5830d88f45ae7700900eb58cdc23680778fac3a31b3f59f214d9dc4ad272595a50840ed71cf65

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 25cfbcd701e553739fae0071b710cb7a
SHA1 4443a38c614cf4383ddbb8a9cb19c82dd1c8a5e0
SHA256 2e332d14fbcaa31f42827f639a1d90f90eb6d89e03430044fa5ef8504e6b1b1a
SHA512 a44c7eb78fe24ed8eedf49631d84607f8c81a10303f00cb90ae099428d275fc342cef45fc65841ef791ebfe12c76ce15f590e9668e79a5cd9d97f3f3b5b93f02

/data/user/0/com.ddumu.bdqwqs/files/umeng_it.cache

MD5 f8b454cfda56f0bf4dc11371c40ce0ea
SHA1 8da14773060c45877b9bb5c0b203d5a8e94ad1e4
SHA256 420fad5bda52b535aad94af6e143c9f69235fdcaaf6b049b0fde055dfcb95c92
SHA512 04ec9c6b92d0caba94ff85c18fe29375351f5ac0edc1c63c2c13e3f14f3411ae4e0a0f3c5a41604429f3492b56b89b6bd44d2cd13713e2b6eac7bf8d7a0e835b

/data/user/0/com.ddumu.bdqwqs/files/.umeng/exchangeIdentity.json

MD5 3425b72c009c34064cf0d29923ffac7e
SHA1 3c12fa2b2dde6da4c8e990d1600bebdbb4c2b767
SHA256 6052fdf764cb3a4a6d19fa2ece18e9d8f30d35604aa6314da4aa09156d82799e
SHA512 8b4133ed10c24501bbd0da718f5f318c7b3441ef0514ee5341b77cae1e328caff4d6ae1d2243acc5079c93c28f1a9b142613ae61b049c4ba7c56652c5ed792a7

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 481b4dcb49122c56da32481e9b7b72ca
SHA1 940c5fd3f730f62c644ea7c8533ca818dc615c86
SHA256 f5203ad56b06dd606d45674108e2ad6f18a4f46660122a72f60e72c229e933fe
SHA512 2f05ad6738d2f371192c14d1f7993e9a0e2e086a2dff059ed20e81423d8d785c6df2cee05686e3098249f307a311a5456bcf268d01685d557ba7525d1bfc033d

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 a09b520501f14816893a009e3338a581
SHA1 5df055f3ad6040fb039d3df0ef06e3fd3cf99d0d
SHA256 be1c9b4e16af42c025bddae750f0b37fb0c2efa8bac63dc8bb45ebcc881fd4c4
SHA512 0c29bf743776c0577542216667322a869dd61a51f00fb19a7ef8acb665a901b2ab0b44186ac686a1ef36440e3501acc47c5709f07c1bde25b95c5b33a0c9907d

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 ab709b0fddf1b85b741f722090044631
SHA1 f95d03805d279e900792af790433c926f564db66
SHA256 0928c8cc91d458db180e0882e57c48db69d53dd2e766687d13d6756d33af7702
SHA512 b04f0408d0fbbe1fb432d77c48c77af9330e1932e2a5acbc476a897e952b9736889f8efc6ada4204d65170b57d2794a700a38c732a2717f8d5c588c9b7cd9a32

/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 bac055c51697aba3271f4df584327f33
SHA1 b4fa2190e8b6b36e17212cfbe6c9dfe656916ffe
SHA256 f45221ccc5625ed3210ce38f6c490210e48622bfae5d359ee0ed91b64d49785c
SHA512 348e6339f4034d7942a40b96a250b2e02bf607cc54ebe0cd9fb46561c26c7a118749dffc3ddfd72248091128c87c12f922ab2eb3fda18462e97e7086b50792d8

/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db

MD5 e7e80f5a59ec9f22baa8fdb4ae5cc91e
SHA1 4ce97e8e0532d86342b66ab8f260ab61c2d1abed
SHA256 e26fe3d63fac22110efcd071e7808b575413970bd8dbdaa1c36a49e4ced0fb85
SHA512 a3bd3bbaa9dabe9bcaa3c2ea9db47b693f0004edb03d8be0355431928255cbfe0fcfc3570fce3a5dbc40eeb9ced4c1f288b98edd979bdf1562ca4c5d812729c3

/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 0b5544aef6688bc2cd52d0810219ccf3
SHA1 73f1847fa7832b179fefc10c18eb29de0445c6da
SHA256 6414f043c915d4b3fab5d9ec8c2abd6f55d1bffbff60ba9192208c83b48486c0
SHA512 afde7fbcd43d6db757d88edff83a9513ea3ce058276e1c09f46c4eaf581f3ec68a5746ab079118874a0345d21de9f40752b4c39bf549f7141876790e3c44363d

/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 248c24a4cf411f7e4e4b212c4c6125be
SHA1 2a1ba7aed5754f51dffa0ec7bbe67207205331d8
SHA256 2444d92dfd56e7a645c4eeca957b32f57bd795847b2d8da09431f59eaaa91b49
SHA512 68825d324608b07d88407b282134a2d99fdb96d45f2aeab1e8e137a5b7eb3ef3ad882ce172c72851e4350d1ef27d73574a40f917e4389687d68915741542f4ab

/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 55b2e601d639e70bf7a68480b93bd141
SHA1 178b550607ee3bf530e7a37456ad0ba248e9c9a8
SHA256 10ab474c9d450e168e0c534969debf6cb5fdfa44315a10b934b50e2ae261290c
SHA512 e72237a519e07ff7609cb4b7609a9858e1c5be2adad7ae4d3fdf4d11bcf66d261ce38cac10e448a5f4fa3749ca0847466e84d5f89d42bae7791be7cd8c70514d

/data/user/0/com.ddumu.bdqwqs/files/.um/um_cache_1718279479228.env

MD5 041098ed94b365751517d7d4f2b33208
SHA1 5de9315ec33c9a26285ceeb097d9b0200c610370
SHA256 9d12788af224d69ee5fd82aba830ff34c6e3a8dab3ce662bee5aa0f3a3da2ec9
SHA512 91c557dd96b84a9850f7788334d9d4e3195a4608b09ed4739fc7add2f308c70ee91e3a3a5e806cd463ce09a2370be45ac141b548db2259e8df9a00c5584885b2

/data/user/0/com.ddumu.bdqwqs/files/mobclick_agent_cached_com.ddumu.bdqwqs1

MD5 366c3e2caeef4148133a6b9a639ea803
SHA1 8185fa5a26dcdb2ac5ac605ef7bfc8f27b51bd18
SHA256 f3fd246e594b90c244d7f7eb585f583437f45b516ba3bbdb8231fdaae7bce09e
SHA512 a837f7912fd9c69628dd6ce4a4b34dd096b38398bad9e1221ca8dc5f7c4de62c16e79500957d66e6282d01bd76412e774d45ba5860de634923af4d89aeb45fcb

/data/user/0/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 d3f8a2b33d6cd66256527a6c28d2abea
SHA1 f1f73afb78ae371df3dce9f4cf0709ef1c42c1ae
SHA256 6c6b1ba17e2a48f9c101feadae78b5663d38830dd87917dcef362c816326852e
SHA512 d901b7175b775c8daca76ba398f8ae8d622f55519de943285867b95b5e17379f54b250efec7e7c4d87caefe643a4bd55b1020303d277f7a956af3975002d9ab7

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:50

Reported

2024-06-13 11:53

Platform

android-x86-arm-20240611.1-en

Max time kernel

160s

Max time network

182s

Command Line

com.ddumu.bdqwqs

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.ddumu.bdqwqs

cat /sys/class/net/wlan0/address

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 app.wapx.cn udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 appx.91.com udp
US 1.1.1.1:53 app.waps.cn udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 ads.waps.cn udp
US 1.1.1.1:53 view.ddumu.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 devs.data.mob.com udp
US 1.1.1.1:53 alog.umeng.co udp
CN 180.188.25.17:80 devs.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp

Files

/storage/emulated/0/Android/data/cache/CacheTime.dat

MD5 42e3908e65e05bf3681dd22356f79d71
SHA1 b27aa5ccf200dae2f80d5945f0dc10544374b32f
SHA256 d669dd41a3c44df211570d84835db1febe4205f4648b5a48108aea4bb73090ea
SHA512 2b6086f8705807fa07be7ab7f82bf14d87eee83d97a435a29031be3d0fcffc1e617eb0d7e92ed08e65b36b408d43213bef93b3ada3123c89af7af1b7721ad50e

/storage/emulated/0/Android/data/.class/android

MD5 3d01a0cc7abc4fc30bb3e60da34f59ef
SHA1 a77628ffc105519271a9bdfc24bc0ada1aadd20d
SHA256 687bd1f19832d515445c688a6acdaf9212540c0b08796179b9a1b27497f45e29
SHA512 6d3fffcd24d6a65a48a89313861896434f7dcf4dee695dc84f3b55d6c19e457a7a68dd6f5e464acb007d16922b44192f994e24064d69062c36481f2cf80636fc

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 488c66a48275c9c15fc6c60d7b6faf60
SHA1 643e85ce7e35fc5dd627fd8b273d9cdc6d1c9434
SHA256 406d7632666ece2d3ef644f6f87560ee440e4a5a213c2968f044202088203bf9
SHA512 ea0bff1c0290def8e35ef718f5168626341bfbaf5762f878b86ed9f88f10623016a50557cfe4ae5f5804dc7eca2410d9449a5f29755042f2e9ee560574818554

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-wal

MD5 43fd17f91e55798c69a7a5004c3b41f4
SHA1 6c1f89f59f7c4ad2e3095838618f638bf2fb6aa2
SHA256 cd7524adc90285a7c5816a0c72bc4cf75fe3bc7b74e12e0bd7361a066a8b131c
SHA512 fee3df4721b25e7e46c76895cd3f04cd93ace3e211c08ef8894f45720643570ef7737d2d099e09e7d707881702e21c1b954e0155c567d81efaee24112673fb1d

/storage/emulated/0/Android/data/cache/AppPackage.dat

MD5 1bac15a859d81ed59c974ca4d6af027e
SHA1 fe95d88b34c8a89dbba9e5c7f5db08727a9706c6
SHA256 a202798647c851b263e1216bdd8f85ff321ad2832f5c3b67187d0883f9b9cde3
SHA512 219a903380f6f34bc818969d1dad324a88949d8a14692d84032b8a9de6c6e404967b5739a7cd0a358b1fcf492891f31e22874918dc3716c272f00f381994cdba

/storage/emulated/0/Android/data/cache/UnPackage.dat

MD5 90c3dbbdecb99ccd3ab165fc44599651
SHA1 2d57f6a47d79f3db5db2db2140ce749fe74bd5ce
SHA256 b84ac5fcdb2b9d9ddf137304dfd8b9cf9ba75cb02a2fa3d532fc833271dde1aa
SHA512 51beb79c6dc187440cfc457d4ca92a098d45c0b8b14b415064ba4358f62df699f969538346049492b71429b5643a3740948f466ec231936c180d07ce166736de

/data/data/com.ddumu.bdqwqs/files/.mrecord

MD5 6c8c98b90fb43073b8820c209ba0fc86
SHA1 487be5ca2f4781dd4eab5c186f84c3f85126c57d
SHA256 f969bf7662daf137f22cc10afee7c004271e5bd96e1de59100c8ed7c584e9848
SHA512 139af0c65fd4027047a0a3da88f6b7cd0842a54559579688e0765011f66cb944fb055b8ed016bcc3d2aad5ddcfd9ddf0da84a693942d52ad0d6910c13137de9b

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 e24c3db33def1abb652bf5e6cedcbd82
SHA1 8f9deb6972ccde0cd909d0e16d857eb910d7e940
SHA256 fedaddf39774f33d5d218c394bb7f3ea850f1328231a36921f0d2e653a5a463f
SHA512 fd7cbfe1aa6b93c0599e700b6dc41c14f18e045c749ad47693febec54eeb6001da2ad2834c8594388494f4faaf948c307ed96798316b393d4032fa2a68d2acf1

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 dcce663e87aadd5010a8d47cc5f799a5
SHA1 9cba8c5785821de991cf6d74d63632e1145e7551
SHA256 092bcf7eba7bcd103b884b4d9d6eb318b373076131ab5a8003b81114f3faddd9
SHA512 5fa342edd54c7b7e205673e17393255fa5f5dc2cb0ffdfd2bb3bc753bbd34594d256c0648ffc4d73d9008d258c5fded366942fd73ed477b945d720b54c11b4a8

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 6749b8d72b5b56eae2197c8850815724
SHA1 511ffe5a3066f17fd99b024a05148706be3986fe
SHA256 18cef5da7eb86c3ded3f543ba51e9c3db127bad5da97fdc57ed668c3965dfee5
SHA512 95c3f3f8975e76fb3cdbec81c2077a116aa5d8b0122e0b40fb0a290f4b6d146a249680b5c075154fbcadc9d3dcb2abf0fa7f2dbe8cbfc0a31398a5b6227eceea

/data/data/com.ddumu.bdqwqs/files/umeng_it.cache

MD5 c8348751ed6957b7720f765cf37bc453
SHA1 3c386454ae0b6b83d8dc0145a5c9cd1109f1fc0a
SHA256 0f69cfb7e4e4c483381667ec88cd70fcee69c19df587834f045210f17fad26ad
SHA512 675362549e0076953d2d1b08d70755d9387190d692cad62f928aa01233aa84c490d607b86abf08bc57f2cfb29a74005dfba24d409d2a5a4474f7a20e008a4716

/data/data/com.ddumu.bdqwqs/files/.umeng/exchangeIdentity.json

MD5 3f375d79098ae8bdcc4a0975c60821ac
SHA1 e96aa67be209d957e2905af9e16e8ac9437e5eb4
SHA256 130bd6aa8b96b5aaad9954436af8a4836d6a6a0c204f7c161f862cf79fdd2b9b
SHA512 a629921750e8b67da579d3ac3da10aa47a7ce295d837db0a84d82cc25c2d13351a39e92239e125ee8522551407b82fc18dc267ae373e4f0314b5c20a6e64dcb6

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-wal

MD5 6ba18e17cc85ff2b207f00df0ab25584
SHA1 5457d11a5a6413cd7a80ceaaa1a56341e1879487
SHA256 6645a9c649e3afea177adc4c08b52a6b5f5f3fd8082a9ecb687f8ae296a4e34f
SHA512 4a367f9816e31f11553054a2ca204519f52e3d7073a8476feea76660a5fec69124bbd53b43f90711c106bbc56bc54ecb8c9c872d2d9d2358262be61163fb8ac5

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 2efa9c2a1d50f575c1ca24e15ede41b0
SHA1 ed4c4c0613689ce00121d47923b628d81bc9609b
SHA256 f4115421624113bdd3d9e8b93b8b72c74997e3508aac405dfc7499ca1a560e71
SHA512 62847272f769bf040d53b6a2e1cfd8e96e00f9992351be47ecc4d64e75168e099c16666b8712f9d68cb9588e91ce2447670646314cd51023d0deb9be2d9a2d2d

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-wal

MD5 311db0f4d7202c3b9491e1181746841a
SHA1 1607d09eed8997402f73afd0b77cdf39b387b7f5
SHA256 3f1d6201e5ab5f49f153d16ab35b4760a30923721f8aeb45ca445bf60a363a9a
SHA512 327220907e1febb12a68f52436b9dab198a91b214ed6cb938c30baa9b421aac1148f9067193af78fae4b2a42b224db470991772bcceed15e1e9807d67d967e5e

/data/data/com.ddumu.bdqwqs/files/.um/um_cache_1718279480260.env

MD5 8a01f6d8cb11c30500aebd2e5d03f20a
SHA1 509cd94d0896da518ac67b43053a3b3c867af498
SHA256 32071d70b10f4fa6a5c8ecdafef5cd6589de0876df733cd15fb5876585e229bc
SHA512 0a9e5d3ed59eae130a64288debdbccad8f54c4158691a7e7500198dcf995c5bd0b41a5bd4b494cd1c2ca1af40bc2f6b31cd7e50f641a461e91b87fddd0978c98

/data/data/com.ddumu.bdqwqs/files/mobclick_agent_cached_com.ddumu.bdqwqs1

MD5 bb15d307dea905dddb86f67beea7d81a
SHA1 a194156fb506d12177c7143344d8ae2b2da84bd7
SHA256 ccdac19e577543917a282ac3c5601448f74b710cd7becb9ceb311363771aa383
SHA512 da70850e0634e17c876852fe3c2d31d8d8bde9b7d405a304499abfbea697b4fa6ac4704e0928cff54b2a6ae8ed9001432f8cfed968523356f8bb8d8beb35bd2a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:50

Reported

2024-06-13 11:53

Platform

android-x64-20240611.1-en

Max time kernel

160s

Max time network

185s

Command Line

com.ddumu.bdqwqs

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.ddumu.bdqwqs

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 app.wapx.cn udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 appx.91.com udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 api.share.mob.com udp
US 1.1.1.1:53 app.waps.cn udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 ads.waps.cn udp
US 1.1.1.1:53 view.ddumu.com udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 216.58.204.78:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp
US 1.1.1.1:53 devs.data.mob.com udp
US 1.1.1.1:53 alog.umeng.co udp
CN 180.188.25.17:80 devs.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp

Files

/storage/emulated/0/Android/data/cache/CacheTime.dat

MD5 d71fc13b81ed5072a485fc22583b41ba
SHA1 66ecb8929ad72a733754226e60efb8bcb7c87c9d
SHA256 4d5b69c775dd01880934210c2d9851929c9e82e56e37aa3e33daad6125bddfc8
SHA512 bae8aa86f50641b240a770737f7e02fffc7d6a6beac010e47d8f89d3521b22a7250cfb4962bc0e124af5c7f902233f2557a813e646a0e7ff7f3e0704d6d22cd9

/storage/emulated/0/Android/data/.class/android

MD5 0f44edbc45401773c96dd5e2a39ba212
SHA1 116c913e3b6f4f77f9549426bf6e4a4d279396d5
SHA256 745fd71594e73895acc4a7b052c1c08184aa5239f3edf22c152826c49953fa28
SHA512 b9ebcb18204d3b6a6e18cf1f140eda5bf40026e893415488d5d69c7288002512955ba6d9b2811609d48e1d3352f7c58fea88188d1b47747eeb6339dbd4a3b471

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 816d7ffe7d577cf166ae4ef617230abb
SHA1 c56eed232d53b6278889e9d07ce79130fb6366d0
SHA256 cced3abff40596b48edf08a12b8917dab24ce2f20766b52316229e2a86e16b92
SHA512 8dbc98b307a015a63f71e6c01284ec1aa04d02eafc78ed4004759b5cf9c69bbe1f12ae06d0b6ba543c7f5fbb7fb015be19795ac9afab38610ed0172962e87fa5

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 edc088885565320dfeaee693a024b847
SHA1 0d125fdd6f741ffac967920587bdadf2faf49f33
SHA256 34efd6a40f5d5144651dca2763afc572007d6bbd320bc3151f55d56999eab699
SHA512 0f2612e1673ac5b4a01d98fe87b14e5cd11eca12d1baddb7038375bcd8a4269ad7e152724f77fddc19f7287c5cbce1ab081fcd7f92b99ef1ac9b8ee1ce564495

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 0a950e398a4953dc375bc6bb35155255
SHA1 69048e83a5ac13f3b342c8f3303b5c49b88a4136
SHA256 faaa26be002fce0107d952c8a810d4601d2ac57fc23a4f7aee281fe1ccf2273e
SHA512 811378f38de0d1c7d7649fd0f569a4cacaf8919ba48a9f3a7fc7a7735ba8e0bc95b81070b56b177bbde84a68c2b3f3f85363165dee280d190e783281e45db65b

/storage/emulated/0/Android/data/cache/AppPackage.dat

MD5 1bac15a859d81ed59c974ca4d6af027e
SHA1 fe95d88b34c8a89dbba9e5c7f5db08727a9706c6
SHA256 a202798647c851b263e1216bdd8f85ff321ad2832f5c3b67187d0883f9b9cde3
SHA512 219a903380f6f34bc818969d1dad324a88949d8a14692d84032b8a9de6c6e404967b5739a7cd0a358b1fcf492891f31e22874918dc3716c272f00f381994cdba

/data/data/com.ddumu.bdqwqs/files/.mrecord

MD5 6c8c98b90fb43073b8820c209ba0fc86
SHA1 487be5ca2f4781dd4eab5c186f84c3f85126c57d
SHA256 f969bf7662daf137f22cc10afee7c004271e5bd96e1de59100c8ed7c584e9848
SHA512 139af0c65fd4027047a0a3da88f6b7cd0842a54559579688e0765011f66cb944fb055b8ed016bcc3d2aad5ddcfd9ddf0da84a693942d52ad0d6910c13137de9b

/storage/emulated/0/Android/data/cache/UnPackage.dat

MD5 90c3dbbdecb99ccd3ab165fc44599651
SHA1 2d57f6a47d79f3db5db2db2140ce749fe74bd5ce
SHA256 b84ac5fcdb2b9d9ddf137304dfd8b9cf9ba75cb02a2fa3d532fc833271dde1aa
SHA512 51beb79c6dc187440cfc457d4ca92a098d45c0b8b14b415064ba4358f62df699f969538346049492b71429b5643a3740948f466ec231936c180d07ce166736de

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 428e0df9f14d997636d432da53cc8265
SHA1 ca27e3502ae1ca07eadf1a4c80f7431cac39fd09
SHA256 a7c7fa5df6429005b69aae049a6be2d30868574083f5d6b9f922e10d14eb1be3
SHA512 4e3365d582dafd471ad368b62775bd0b1664fc4f5415ec0a59283c5fd7c3005023501dd247b76db4b5eed4d163e692961f83e0a500f70f896cd9b1e0e0fd9881

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 20527cbbcb8e6bceea57c0f628d1c8de
SHA1 e6c18953058fe0a1a969e1e325ade39dc1e6e6e5
SHA256 4b163526cbe4e20b6603dc033de90dd687e0e28f2398aae52233c49cce143b4e
SHA512 afd9514c0a7c7663a1171835842eda9e98fc962b56ac771261ed7fb9e3699b2ab94a4e76fb4381f406c693ddfeb3468aa86c16444fbc695fc61ae8598d518200

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 307a7f4dae982b87825ff6814dccf27c
SHA1 7fa37879a85f2955079b24626ab43daae7572188
SHA256 ba501f6ee2206d4ae3c6606d7c3bee5efbab315daac14b2e3384902dcae8810a
SHA512 b15fe3c1435b8baaa22aef714e09146962e26cdb5819e147d2c7974f99ac2cc324af5a9e87c4fa02271e86d08503cf04fad04cd6eff4581c778535ce0b2c09a9

/data/data/com.ddumu.bdqwqs/files/umeng_it.cache

MD5 4f6b400a4ab035876b18fd6eb7832b7f
SHA1 56e2dacaa91671c11278291a8daebe0034f89322
SHA256 6b3c536bf48a45a6e5d7db84326991b76fd97b9b77cc39c1ab82d65baf9441c7
SHA512 a9877000b721d72a07db889894b5e4280e93264def7efc0a9842de2cc2754c213d7e040bb530385e93988c9c4dfca391c95674283363ce4332f1b735a3c88677

/data/data/com.ddumu.bdqwqs/files/.umeng/exchangeIdentity.json

MD5 40ee514047b6d1aeccac9b0e6a456f26
SHA1 919ed755770f4e28a6538adaa573678c3d06c7b8
SHA256 9df7ac6a061cdec950b7572aae501a8326eacb1f05152b2a7d094b3939ae194f
SHA512 83c1d243963f0aa3a0e048583d5daf70070e429cf2d76fc6ebc683e6a3c79fbcda63e17cbae72e474fe4a1f3fec4120e96e7949e9c4c31735b942cfee72682d1

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 15d178c70b67dc0ff58760045f4720ed
SHA1 26e1b01b2c7c88cb57e2bd2b6701865fe218bba2
SHA256 afd0e82cc7b1a6f4b14e5129ffc9ced5f95ffa6da349e09aca87b27c8b2d73c6
SHA512 4d8b288afdbeed61814f19c1de40ed85b81c91c982cb5feacba1994004903de79338c98e8d4adf396772c93e72c17c24d897ec33f9ed089f21014e6a5dbeb3b8

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 1b9127b4314e0a4d832b56a2a76317e4
SHA1 5ff5258f08b93fba15582ed100333759cc0dd6fc
SHA256 916a978803675938f2f61c4f49c7b05f7338c878ada3af7a88f48cd3d64c5d56
SHA512 0b7da745e9c83ef42539e3cd13ac5c0defb18fe35066e62934b33a69e39195679e69157f771b204efea7821f68b768927673e2feed1202375cb2ad43bb84dd6c

/data/data/com.ddumu.bdqwqs/databases/cc/cc.db-journal

MD5 c4b1570403277e7d6c1cffbdc8b0f25d
SHA1 f781bdf4937b2e26ada3d6fb938200921fa55ed5
SHA256 81f2877e61cf910259909fe23f8e0a0bd2abcace6953bee79e50d744db33fdb0
SHA512 2e8aee2f86919afcdbd840c75fd8110d69211d083c88d4003f21183eafa63fa9b4b0a90947c22a0497a0d3074dc4c0cfdd07512edc6042ac15ba69320e13f2ec

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 f4285af7bddcd09e3d1824b33f09612d
SHA1 d702d43fa0d075592371c0c2048a17d8c50529fc
SHA256 38e5bf25135796547256a661b074ca41bf26c07640414017ded96adc8661cde5
SHA512 3868175028c7bcf06474b9622aef69fdbf71dade36470f5bf52df537cf29241917c9cbd886dbe432ff13adb15bfbd286bd53915081f7afee588c49ed2f363716

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db

MD5 4e96c0e862a1bb82698299769251a445
SHA1 0318e7506f120e156d50ac1f0cd95cfb4d10bc85
SHA256 9f45e979b76fcd32ddea3fc102b2f65b79777e99597ed546ec61807d2fe24995
SHA512 9d1ac9760268153791e0a751bcac713ffa1d2670d48e82607e08ff94e149aa76a474122546b4412d3eef5b54f0fc2078c97a4b196a8b2c342168690822eda697

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 2b8fcf624bb1e76be8b37bbe5bc06f52
SHA1 5eaab0e35e3d72e65776d82033c0ebbb77ea63c7
SHA256 36322f4254349892b2ee935c34fdde89179ee425530be4845088fb6eee976e4e
SHA512 91c7bde149d7f4ece3e1c29a18ac617dd6284309bdf2897be44dce77fcbf80e54eef3f41355a50960c5c9f6b20e6a38f0522272608cfa710d6cc2d4cfdf4ee8e

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 dc53b0ea30d20e823408333b6481ee42
SHA1 04790d180240973507fb4d728c1c1e56d191a6b1
SHA256 a08d0c419770776e344c547451d480ab318cacb4dbd578acaf7a447912cad500
SHA512 67d5bb1f073fb008ce3af51cba0b9f4e27bb931315291c61285423d495532fa8e2916a9c523d535f783acea4deae08c2d469b76a7e1e1ba8d6885ba27e89a3d1

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 9374b5647c85cce2a18a384809815982
SHA1 4d8bc28c18ba10d3ca4d8655d20daaf2d468efce
SHA256 69875d7cf2dd3a893f445700e0ffbb8908699eb62a501b08dab407f259a751bc
SHA512 f00bac9f73a031fc3c8720957506b9fe20d8440f958a482faba20dacfd330119ae1ad2d1d7f39ac34cadbe7a99eb8036e3bd4692ceaec10f63c0965332a7680a

/data/data/com.ddumu.bdqwqs/files/.um/um_cache_1718279479779.env

MD5 249efc346ce42cf13821a2e47a819bb7
SHA1 1eaf0db36c9f56741552b6edf8a3476bd5a35f55
SHA256 beb18a65157b6af7dad89c993e73d21be26a9a599e41c35e2a1fa6612f172cda
SHA512 7597832ebd8caab03bdb244fa3aea538759b17a67de8945384c546ff22591875aaa035ea2b5d33656e300267013622b520005f1b8de2ec0dccb757417d5497ad

/data/data/com.ddumu.bdqwqs/files/mobclick_agent_cached_com.ddumu.bdqwqs1

MD5 572afec0ffd2841754173290a5419778
SHA1 5f14d9562f60d875e4359a08aa924566159f3338
SHA256 978972d2824aefce8454fde637aead4fe7152e8292c41f7ee30dd9f4b4569537
SHA512 db1be432ea9cec5799011f8cc682fd3d643fc8f85a1404370e4dc4559f26e1757fa5c064208ffc15851622d8432ae8fe209382f8ea9cffd8f321f56f7b9b53c1

/data/data/com.ddumu.bdqwqs/databases/ThrowalbeLog.db-journal

MD5 c98555cbc3856a592775ee54c392adb6
SHA1 e5d810f171a3bbf4a73e769edf8e166b11d22961
SHA256 65f2e407eb689251425f99e2ad68ad0792eedfd90266d53b300b97e3308160a4
SHA512 fd91a55d730e525de168804ee9b59447c3fdf198c33e5461578ff384bbb2dc993b007e0a1e42fddfa050892d6cfc0a96b7ee519684be405e29593c84faca1ca6