Malware Analysis Report

2024-09-09 12:52

Sample ID 240614-aqjtna1drm
Target a74d121b8352ee70b41f666354918c9d_JaffaCakes118
SHA256 594d820b64a04ffe089dee0e1591ef293857bde5776b2eb9d24271ad36c436e0
Tags
banker collection discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

594d820b64a04ffe089dee0e1591ef293857bde5776b2eb9d24271ad36c436e0

Threat Level: Likely malicious

The file a74d121b8352ee70b41f666354918c9d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker collection discovery evasion execution impact persistence

Checks if the Android device is rooted.

Queries the phone number (MSISDN for GSM devices)

Queries information about the current nearby Wi-Fi networks

Queries account information for other applications stored on the device

Requests cell location

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Queries information about active data network

Checks the presence of a debugger

Schedules tasks to execute at a specified time

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:24

Reported

2024-06-14 00:28

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

183s

Command Line

com.ss.android.essay.joke

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.ss.android.essay.joke

com.ss.android.essay.joke:push

/system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.ss.android.essay.joke/lib/libsupervisor.so /data/user/0/com.ss.android.essay.joke/lib/libsupervisor.so com.ss.android.essay.joke com.ss.android.message.NotifyService com.ss.android.essay.joke:push /data/user/0/com.ss.android.essay.joke 0

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 hotsoon.snssdk.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 163.181.154.232:443 hotsoon.snssdk.com tcp
US 1.1.1.1:53 mon.snssdk.com udp
US 163.181.154.232:443 hotsoon.snssdk.com tcp
US 1.1.1.1:53 ib.snssdk.com udp
US 1.1.1.1:53 log.snssdk.com udp
US 163.181.154.238:443 log.snssdk.com tcp
US 163.181.154.234:443 log.snssdk.com tcp
US 1.1.1.1:53 dm.toutiao.com udp
US 1.1.1.1:53 oc.umeng.com udp
GB 79.133.176.213:443 dm.toutiao.com tcp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 geomobileservices-pa.googleapis.com udp
US 1.1.1.1:53 lf.snssdk.com udp
GB 142.250.200.10:443 geomobileservices-pa.googleapis.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 p0.pstatp.com udp
GB 79.133.176.219:443 lf.snssdk.com tcp
GB 79.133.176.219:443 lf.snssdk.com tcp
US 163.181.154.233:80 p0.pstatp.com tcp
GB 79.133.176.219:80 lf.snssdk.com tcp
US 1.1.1.1:53 is.snssdk.com udp
US 1.1.1.1:53 abroad.apilocate.amap.com udp
CN 59.82.44.11:80 abroad.apilocate.amap.com tcp
US 163.181.154.238:443 is.snssdk.com tcp
US 163.181.154.238:80 is.snssdk.com tcp
CN 14.205.47.194:80 mon.snssdk.com tcp
CN 14.205.47.194:80 mon.snssdk.com tcp
CN 14.205.47.194:443 mon.snssdk.com tcp
US 1.1.1.1:53 iu.snssdk.com udp
US 163.181.154.233:443 iu.snssdk.com tcp
US 163.181.154.233:80 iu.snssdk.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 211.91.65.60:443 mon.snssdk.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 apiinit.amap.com udp
CN 106.11.43.113:80 apiinit.amap.com tcp
CN 116.172.74.234:443 mon.snssdk.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 221.204.209.228:443 mon.snssdk.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
CN 124.166.237.138:443 mon.snssdk.com tcp
CN 115.56.90.140:443 mon.snssdk.com tcp
CN 180.95.234.184:443 mon.snssdk.com tcp
CN 221.204.209.125:443 mon.snssdk.com tcp
CN 116.136.12.138:443 mon.snssdk.com tcp
CN 211.91.65.60:80 mon.snssdk.com tcp
CN 211.91.65.60:80 mon.snssdk.com tcp
CN 123.234.2.64:443 mon.snssdk.com tcp
CN 122.188.38.237:443 mon.snssdk.com tcp

Files

/data/data/com.ss.android.essay.joke/databases/MessageStore.db-journal

MD5 b300decaf9fe3dd65d4d9a814e298055
SHA1 a00181ec9641cac38dd70c05773d752eb8be0f8b
SHA256 d6aee3a53b821600a10c0bd6e0c168b2be64d26e64e08731d8a6e16de99508f6
SHA512 2fb6333dbc5a2056733300618022b18b5176a91b03b754dee30c7137fdbfd82d7be214aa9092a9d89acd36e486ce058add9ac58ba0c11ae8a60874109facdff7

/data/data/com.ss.android.essay.joke/databases/MessageStore.db

MD5 ecd051ea44a3af8cfa8b037dfe9a2873
SHA1 bfddd174133e5dd77181401cc3d6acd4e972a018
SHA256 b868501ae234f4d90644242bed7475ef1b51fa3b18de7bcbefb0b02248246338
SHA512 05c9b400312076b719f0fdca16697e31ee039314895d02c8fc3fb8e5b528c458918c25878551fb0b0ca6fe3f54a6b2f1e5de34ac42361f22159cd9c3d702e9b3

/data/data/com.ss.android.essay.joke/databases/MessageStore.db-shm

MD5 d457bee8990f3a54a12f6c1556273a0f
SHA1 df65da4e34148e34e16249c66a65ff4647e90518
SHA256 67b4a9cab06571f2351a1b7bd1dbe7128e7064b0a68dcb33e809d5257955cf5f
SHA512 cdbc25ac444d46df0b077b29df66218f7536426094bbe9061f9db4dce1095e7839280c754e0181ce3229601dbb420f54fb4ff7a32888b4864bc7689e0809035a

/data/data/com.ss.android.essay.joke/databases/MessageStore.db-wal

MD5 64065e635aebf1ae36624056e22479b5
SHA1 f781a40960b1597e62b7db94ecd3b84b5368eba7
SHA256 2a0a80298307c80ba92474c70a6df4103b46cc27e5b2ca515704db16cce6df4f
SHA512 e458ac229eee21a62b61f6c3c7adeaba89b584121bc0fa4464a8908800d4219ef10b4177426e36f9feafaead0d19fc8c69042924dca9fd1f8f5b8686f8bf739d

/data/data/com.ss.android.essay.joke/databases/MsgLogStore.db-journal

MD5 ece97d02324ef6db0c6988eb181e7450
SHA1 52981c083317ecc97e5334a9f612f9f79c81c292
SHA256 e3610aca46c348d88d98d0f2e50f6c47dfe57842d524fef792ed40310aef61bd
SHA512 807d0f4f4722dc1775217d71094126c1665c6de6a9729af785671a089d084188b19b6c16511076de06ba339c565b8d9fc4ce067fe0eab71561144f4732dfc230

/data/data/com.ss.android.essay.joke/databases/MsgLogStore.db

MD5 6b464434b0f12a87aaa36c46f63a7e70
SHA1 80a0d6bfe6de6f8a616e7c13127aeff1d9eda5e4
SHA256 7ba5eab8e9f8e81b92a5c4e632d89822e9f54a07b643978b309a7c58982406a9
SHA512 f9913a5623735f936c8cb6d14657de645dbc24ce7c73ce2a24070ef44d4b28679851850282042d9ee4bc59aa3f3d58d64e3a2910c84c72e90ccba341126dbc3f

/data/data/com.ss.android.essay.joke/databases/MsgLogStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.ss.android.essay.joke/databases/MsgLogStore.db-wal

MD5 48e3b1cc39eee8027dfe30986def8a27
SHA1 f7db3963f40cd53eb040d86857803fe5a26261c2
SHA256 0fd1a8f003a89568d9a092edd94dab6751a064ee7ff62ea540c97bbc1188383a
SHA512 5484dbf3d33752a7ed042c2812b96b3b0ab73dc046df374f7d804620e70b555dcc636b8a11e0445028dfcf06eb037583611fd9beeebe1d124dbd13ba3df1af27

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B8DF40337-0001-1051-AED950DBAA07BeginSession.cls_temp

MD5 077dd4310a634ceb41f58ca49333cc12
SHA1 b33b25b63050c01bbaabdc94b5471e2dec1e6b6f
SHA256 67f790350a78cd37d42b9c0e2a86986c66e44b4b3bab5b845809de8d4bbaf4b4
SHA512 94952b0e14b3c74639237037f5bed121ca294d9e1f143570d398bf35424a560481fd6768c1161d13be6530ed5b49b6b6fb9cb9f328475692b7853d405e14a386

/storage/emulated/0/Android/data/com.ss.android.essay.joke/AppShareIcon.jpg

MD5 86a99712efa0d62c1cc92b8d595d6d09
SHA1 026b1626bb44e478656dcad8631957c16bd6ee8e
SHA256 00fb14454c850c8a7a739849dcb554c4ffafd566ae97bdc7fd3c0fb1178f6d7f
SHA512 9fdf357d385301d14ac4cec0b9ab87502301085fffcadda4ba9e23b31d0d2705af0ecb81532d4ae299eab7cce25f9981afaa7e331b50761fc646f4947908f676

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B8DF40337-0001-1051-AED950DBAA07SessionApp.cls_temp

MD5 71fbe5a91b9ada3e6146096175add09f
SHA1 9de6985bf310a0b658353cc1de8df6c85180fd2f
SHA256 38c377900aadaee8bff606fe00a37710a1070e1999991cd9add0adbaa1e17a67
SHA512 2368ea30f43002f3057fc9af4143d4ce03a9b36fbb929549702a550b4ee4cb4108904f869f10ced6f7d786895d22301233681c6a62bbe3eca581a813e2227d07

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B8DF40337-0001-1051-AED950DBAA07SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.ss.android.essay.joke/databases/essay.db-journal

MD5 1dba3f5347fda4e00fb0d1c3ceb7bfa4
SHA1 bfbfa51c3195646b9c711a2f7377f14b4172c053
SHA256 a702530c99eb3921f1522f5758fc1d06bbb5ced784ec6a70bfbec99569da8fba
SHA512 599c4efb532a35b82578e7e7d7428307a7160a83db192885b5ab2c5b92e1b67563e325832f73f56f88a75c8a5ba22d83f8b0eab23feb6bc6d578f581b6978a0d

/data/data/com.ss.android.essay.joke/databases/essay.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/aixin.png

MD5 02feaee97fee01ed4d2c942ff873ccb2
SHA1 f39060a9b7afc2d76933388cd88718675199673c
SHA256 243aa5328f9095eccf7b79a04dbff4523696be66017538b7447b35bf91474ca7
SHA512 8a0e239b2c7536997cf6698a96adf8c9ea8e6a76a2f4a63538b4751fce27b9300aab4d98ba2e06a5719a2818647475f892612d659efbc700d97788a6d1fa33d3

/data/data/com.ss.android.essay.joke/databases/essay.db-wal

MD5 badcda784499359fab04d2991b869b6f
SHA1 e832849b82a2d71757067d100fe8b7039d1a0a31
SHA256 fc85ed22f9c556de74086b7cf00cf6116d7655626b501a6eec963663c5166202
SHA512 b40c38a4e900d4e06b1fa94c167d05b4e7365f30c8bf79aac932031e82f07e19816f38951aeb882a53a1da56e8715374551cbb4f08ff87d9f0c0876f863cd1fa

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/feizao.png

MD5 bc1f8d43c1e4807287765c3663cab3ab
SHA1 44fa0abd2a7d54c4fe5c42b83b58f31a4c5685ba
SHA256 99d0962f7131869331718baaaa0172e55ffe10cbe8361e33b1d4a152ccd52378
SHA512 7c463e39a9ef450192263a1bffe1b61418d2ebb1cba154247f185e96edc1bd0c7397627f80527908509043423546b738dd5c8e14d550a811d1cb9c3cbb9c01a3

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/huang.png

MD5 bb81b6629e16bfef71cf65dad695f0aa
SHA1 5f37b2b9351ab464989961b031e52d6b06e0e4a0
SHA256 beadbd025f2fdfc2edc95eb2b88f303ceb13d1afeb1ad36256c6a14dd7895328
SHA512 8526250618bfc672585924c78ced54f5b3887108c2698f84860cb157ebbfdde1ad19d1a7b13173e19ce76ef39172f5e186e4518bbd3b1da7bdca6c557cfff486

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/huanggua.png

MD5 563ce41db63906f7c9a6497c9545e430
SHA1 5c656e20f1c0f26c5753206d457cb64e254fe1ad
SHA256 d809af546c92f32f952cbe418c29a7026748ae0146725431e80c0195600330fd
SHA512 42b0cfa7fd78ed9cd294b8e41728df1cf009f4dc076a76fa7016c3705f2687565c312aed35571decbac6d88f93acd31dd671fe2d12106a630aad39bd8a58737f

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/jianfeizao.png

MD5 dec59259d858287634fe8762bc21f884
SHA1 7e2095d2307665cb744e8fe587d3cbb776923edb
SHA256 3f27e9b7c679c01187b2e5f62f1efd2c9f94d1c94c2bd7a495fb1ed4989d8e86
SHA512 23581be08c473087c8a94e246251255aa9c2ef5e79de2c6d250a658016ecc757bf501d5f872c4d2da5e5ad647881667d8f95f51f088d9136d3687eee17a397af

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/neiku.png

MD5 2b9ab876f0683f543f1a408b42f863c5
SHA1 1c1fce61fb6c6de2f984a035f930f9418d463fbf
SHA256 2ad179ab18101fa4af55ef473adbaf40d1449ec99ffb8b3ba0184115d56b3626
SHA512 b58f9ed92bc1f6f8c65de4be2e8ac5755ef2f07f965003321d1c90084531c4a69117facf7cf994876aa03b47fd7d5bf041a91814434ebbca8e34dccd4537d918

/data/data/com.ss.android.essay.joke/files/stickers/text_sticker/xiangjiao.png

MD5 3f5c5ea951c14337f91e0f660d6441bf
SHA1 e861825cbfee91f943f3b27a350046e7d3e73f35
SHA256 b21fde5832460f9e5d4bc2a08af76b41c081cdc6fc0065aa3d3215d2babd2aee
SHA512 5338ac2039c5aaf29cd5143b1b1662689ba182d01e2fe67ad165c2d85082acc634676fa4847d343959e3f1880b6860209ce62b995ea102721fbfc945c91e860c

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/aoman.png

MD5 7eeebce794ae42a76abbc0c85eeaebfb
SHA1 fed08431cde95353359032cea48f80374f82a12a
SHA256 055691f077264acac227f1b9ca05dec2b4c158fbb70b3bba78325c3c886eede1
SHA512 67e2a8ade0455ed43867f0b5211890b13611c79d011d883985f0114df2f8ff28b7b905da7a988a05b77775e7a3689eddaf12b850412faa871c3551ff1c8f01ba

/data/data/com.ss.android.essay.joke/databases/ss_app_monitor.db-journal

MD5 d97c6bba1c11334e439998d1f84a5f01
SHA1 bb6aa7d2d3afb620f067c3eee39a84c306180a8b
SHA256 bc23d3df6caf0096eff1013919c87de67a6bf674b404df7160e64a9a902fc70a
SHA512 ce57a18a18bb0fc33fc791442cb1e596c076bf11187a9de9d133d63baf95b5515b281b0f4c1c73a100ea742f8fe930f954affbe970c7c867d1f0ed05d6ca4d7c

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/bikong.png

MD5 376894aee940f0d69790f835b08bd7c3
SHA1 fde976a67046a106d412f3da3cad322e803a2a9d
SHA256 b4b469569841745ce0879940e26814da5abb090a8c93c8a835da7a1827ef6cfb
SHA512 9a2867ae968986eeccbe0ab6492bcf31c3ea05a167bbb6a0ab54ca1da3096dcfd437e9e3379835fbba73c215860618e7ab4b5f5ee90ce50d334c27c9461ecb01

/data/data/com.ss.android.essay.joke/databases/ss_app_monitor.db-wal

MD5 4cbb55e10b0c43426058ba695ae4bbaa
SHA1 d820868e8564fe2a7476da1ffd723dab129f6d2f
SHA256 ea22d42450f6fb9b109c6e5921a66f6361c94c3df7c74d47876a60b534338835
SHA512 e6257711b11f8d66818f2faaa6488f512cec64662558bc8d76138fdff09251a1f12d4607e48991fca12c70e38dbb5a47ad032b57cd38e300d5003ca58b753b0e

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 c57f57fc60012d9dcd3132c718fc01c7
SHA1 2fb976cc1631f3f8dfbb9bf3b68c1ff417441bc0
SHA256 64a6420a1ceb8b13f48f6d8a4ea894717d56812a7c21fdbf94188cbbecebc68f
SHA512 91275557bc35e16ad6d3524d1a7715930e32a82fa6aeee90a86f76b0fc96697112c13741dd9c2193d1c58c583c0c2c159feee14f227f4ee075ce04abd2cb487d

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/bizui.png

MD5 f37d9f65c056a55d1e15ec4082419ad7
SHA1 40bd222dc813f0cd1082dbeb71a42bcbf56d16d2
SHA256 7604182f36ac6f522ca97ee45a16db62793cd44594500720095377c02fd6e339
SHA512 cd382f73edcb1183c76a33707d7a6b9f69396af3fa5ce2211d4b77e7614fa7b005f4d65f28f778f9f4fc7cf14abba2ee6a581a27edbeede586fb1e823920069c

/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

MD5 dc9d35138472afc4311a75806b688bd7
SHA1 e1e75116e8c1af23e2fad5b7819d134c1e3031f8
SHA256 005f4367e5b8afa335964cc5c1a60d8baab17d44b3b8e9904c0becec0676144c
SHA512 2a5b9c9ab52bc987c730c7c907a453f53c1420c4384bb4cd5c06c3dba8f5d19171e8846fa49a3765ef493875e6040c137912a2825d1023da2ecb9676dbe646f7

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/ciyan.png

MD5 e13326484bd9a35b9d4614006138de8e
SHA1 97fe483725f7875d52fe6faf90cee684f89493c4
SHA256 1fdd259a2c933d36c37498f0b346642b4c7215e491af8ec1dcd5cc422e4e48c0
SHA512 4d4417ce8ebf8fd2f30ee73d4b83a0ff2796aef2a68f73be8c80311c43202076fdadd2108612eaefdc305992387298cce67310887478aaf051b59040309635b3

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_db5c5bd7-09f4-40c2-8049-4288bf836c0a_1718324727154.tap

MD5 cdd45353c70891f02f9b7bff71feda92
SHA1 b9fb14eac2c57b46c4bae1fcbe86e76fab584606
SHA256 4008a30617e444587316d4db921f80af4885015263dfbf5f73fad278663d59fb
SHA512 f6e753c5e9e5ac2d98501269a5fdaced2260ea7f279436d3b9d8b4a5f1df112703fbf2a09be5a6c341fefd1cdba25c1d72bd546e0de7c491062b59ddf4d3e38e

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 684487444021e53f4ed21bb72fb6d5ed
SHA1 527b4023ebcce4968e7ff7c1f187f4c97a686554
SHA256 88a957c8394f5d5f1355220893e5b9217ff964960b45c8446827345c89976a7b
SHA512 02d6cbdc0cb254f597770b4ae8470f5a189ecf91eb6a3c2f0abdbe1aae7734a43a6fdbd1aa1a01c7376b5076f6e78ad44750af12ec4fc0fedf0e8a51404fe787

/data/data/com.ss.android.essay.joke/databases/lib_log_queue.db-journal

MD5 155d94cfa17fddd590f19c4aac632dbf
SHA1 2e7b1fab0de5a3a8bb0055a646fce1a8d9905e8c
SHA256 5ccea2228b17c60fd0e70d74d09d8d007e0edb5788cb7da275a17374fc646846
SHA512 e290d00b0842f919027c3f40a9cdaa058c7dbc5f014f58332c2c9b8a1cd5d4ac878e42a5e4eeb56456a7fe7932d463c56cbff7d3cef8e32921c97a55058aed9f

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B8DF40337-0001-1051-AED950DBAA07SessionDevice.cls_temp (deleted)

MD5 b8eb90820ac7158e1a5bc8b763779e84
SHA1 de46f89d7740dd10e882962a46fa545977edb7c7
SHA256 a04828465cad1655da91559e73d5ac9e3b615e8f123713535df01654ff9ab20d
SHA512 8cf5da90f85b1140cab017800b435bc74c436519de2308adb31d40d42b93c6430bf25cefc2ceba87856879a1035ac138376dd2fb85178babfaa6ffc420a85726

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/dazuiba.png

MD5 4d6098a5a7fd0db4b662cbd53e8cb929
SHA1 454997ddb03ca92b024d6c3f2382d6fae88f6f1c
SHA256 a3d664dc5209f1eacfd433b56fbb0bd0601a46d5cc894259a78b4f9615c3fe19
SHA512 1aa6cd389cf55f81daeb64cd5e434b67032660257b27ae0b7d706cb1967474c54fe24a1d01f744b6aeb9a62e7fb587acc26172318581d23bdf4051a97247118a

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/duqi.png

MD5 260b8bcc011173aa5ac632de21fdde16
SHA1 12895988b74506f71a7dbc0b7a23e0912e0c4fac
SHA256 07ddfef57b076b70726f53d09977b60537990e169b9dfc0dd82fc7fff9ed3554
SHA512 07f1a7d2311d2c7296317973f4f5259963e7bee7903300f74f827b2942c9d155bb82ebd45e59273fd602a3cbd36ca24406f2f041646d81a16cc322d9fd449547

/data/data/com.ss.android.essay.joke/databases/ss_app_log.db-journal

MD5 bfc3e0d0962553aefc7ba56f2fecacdc
SHA1 eb1529950a82dc2e89c4c82326d50a594fa884bd
SHA256 ebe4bae3a69e30a0a1eadd084812d1815306d4a5563e5efaa2fec011089377fa
SHA512 5af178e36d178022cd1cf13c4ddf5779d8c7afc1aa9af92d1e1e0d247c24603d7c560cab3664bad6f26e0b1c106752eea681080637833ee1f49adb5e00168a23

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/fadai.png

MD5 67ae95c498b011eed680fca408a5ca7a
SHA1 4ee7320e33aa8d8772e1e8eae04ca11a61013b71
SHA256 b1462ba357e80a7017a2feeeb0f24a483991835cbbb3fd11e21f29f10691a5a5
SHA512 dc61216c74a722d03ceae820beeed3105ead942a557594ed6433ab574ce5519cfd8be7b02586b33470c9026d519e92ebcab2a0edf047de21c77db56179a40edf

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/gaoxing.png

MD5 a64c830ddd126604b71dde47aaded736
SHA1 ec8aaa5de50d442fc7a72f57bd0be700d27757e4
SHA256 db3a44c43a5c6dc5239f55b2b1b6e6e278241a5b7a3f10069d9aa0a787d288fc
SHA512 f6d22a078f723d212eaef3e58dff223c7546a0705ecf06639f3c61e7101fcae54814bc11b464f22591312333a0d61e4e341e96bc6a4b2656269332edc71e9f4e

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/haixiu.png

MD5 03853d8c144c3a517733417015be2f90
SHA1 4c6e9d2268a6a4850dce0855fa008a371e5a882c
SHA256 6754a469d2c837c53c958c6c365999adf0bc1f6218e3a52242ddec3cae2f85b5
SHA512 f8cf0e00b30668b8fd7f048e67e2e7e2a49f5822de83649f4cb2afb994cec62a93aa18fd4a1d4406aaca1f58c1338c601c4d707e727ffcd7b9f3bb1bfc5fd232

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/haochi.png

MD5 d986e79da462ff7b80f0b86d6c11615a
SHA1 4a3f4b1e2349dd867166128c8c6017ae28a38306
SHA256 8af4c6fe6019649cc23657359c22af79df720fa25cb8b874e40f1fe94344a8cf
SHA512 9bce34c80f5df2946ae38c4802f94dae042572f38b3381f036c02453d1d53b42ae7b4336ff5932add9d9031fcc19f1d12b8289239d0ee49501e85a334e6467fb

/data/data/com.ss.android.essay.joke/databases/ss_app_log.db-wal

MD5 009e031e0280bf3d67635c2e9458276a
SHA1 e7605307196ef5cdf48ad8681e7f50d73a4820d8
SHA256 bf9475f04c2e46f7a4b577a83188b5c8e9b3535d11c86ca7bd5e637042e09728
SHA512 ac3d80cbd2fb4860ce6ba6d7db266703e70c3ab4a2a355b0d1f3427fd87738fdf5ffe8c5dd8309d55c1d682854f40adff3122fdd7c85609ea79831120087f66f

/data/data/com.ss.android.essay.joke/databases/lib_log_queue.db-wal

MD5 b48124fd9b8041242c5722fd280e0a52
SHA1 03280b6611e70fcae09d87751ac71b8ce1d0afad
SHA256 5509260536bd16c327f4b34f9d685011419b08d7422352a2129326a150ccf136
SHA512 daf7913f544f46383ab3f42146d11a52071ebec0d95c2d7f28942f1e27c456c8515fdf7da571d44084abecc23494c96f809cc28256e76473eb20faf3dbba07b0

/data/data/com.ss.android.essay.joke/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B8DF600F8-0001-1085-AED950DBAA07user.meta

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/hehe.png

MD5 87f61446b3b0431ea7becbe3dcfce6a7
SHA1 e754d327f9e6b47f84a628d4868dfc179c1ad459
SHA256 e3b34e181c08467cbe6bb95a4a746a6b26c57575bf4f8481215c5a682f09d144
SHA512 73ce8b0d9167bb009db2d00ff31fc020f8ea0ea603580c6958ecc1fd7dec7f0307df7f5048f38262d5a5c24d8722877feb79254cd9f8edabb08c17b0e9e17446

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/huaixiao.png

MD5 74a00da16ea11b5634b2396b4731e6bf
SHA1 6f3bfd49bb9a03dc564f541120db47e3ae8f5755
SHA256 9245be6fdfb1e39ff8bb0df190bd3d14f4c4a131d95864215dcc7219ac529efc
SHA512 987e51551866f42caa82e876c00ff10c8d74deb4b354e07f340d53b1bcab994a62e01b82db372bc41cda8e5984ea609b371884b6713b3e438954fd734e8cc35a

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/jingya.png

MD5 daa6c698213851e86d6f9bbc749d0823
SHA1 9318b8cb4a98789be1911e30af2f59117420382f
SHA256 07c744099a156a224ecc732647755dd0b9bff5369398a0032e458a3f92918ae3
SHA512 fbc1b04ed85cd3b9c57d4ca97fcf0bdede5a57cdb81ddc77089b91b8e23f8b4eed38605e0dc2e951f9b1b9cdcaceba3e691663735943cb07d420f4c2ce95f575

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/ku.png

MD5 04209b63045ed489c6340163c03908fe
SHA1 8c83cf8bfc0680ca0e34a04e5a10b567ddcda6da
SHA256 3483fe1cd1c5e09e504d7918f619d1372802e1276dfd088dddbea19a5fcefaab
SHA512 c6b539fc1bbf00d8b14a3d5942d0df53b3b065e118ed67c145a0645a8ca488af51c045b0db2006737c409f151df3ea65f596e89541390a92d0ae4ae85c1fb7de

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/leng.png

MD5 2e6ade6ecfbca6eb55a6f118748514c9
SHA1 aa4d33a4a912a7769469ad2d561a2dedd1422af7
SHA256 cd131d8815ceb67226995d8a4377e8a80f834ef3840913312584db5986a34967
SHA512 bfe1bb77713ec67439149892a209ba0f49adbfa1a687abfb85fe6f152deb9631599ad9a59e2d5e95eb51bdd67abaac1a6840a14229d3b4f998605301ee63b384

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/penxue.png

MD5 ce170f6b9363a84c37e45923443c4a38
SHA1 47f694e8ec3b5d22259872565173bf3e47a416e9
SHA256 6dd7930d0e29e39e1f4d90dacfd7dc54925ea9a3a22f73c7d42206a177142a82
SHA512 80a11eccf420bce26999c1f53bf84189c0f97a974d672ce952d3a437b5e030a00a8237f4165b9d7e416e31b3010566e7731821a8b6fbf6daac148d6f9025e0a7

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/qinqin.png

MD5 12eb44dfa36e63a43bcc10b37a81e49c
SHA1 ced8084cd203d99ff36c59dd7b4e23818c243421
SHA256 09f568f42f2dae0e655e5b76e353b1ecc05a1c81a480e956ae123665bb7b352a
SHA512 f9f9526a419bc16e55475da5def47b5502aebb873b120f99d83f922fad60347acfb6074edc75b41a7716316a9a9a653bcc9fce846a8049bdc7ce7f88436c27e5

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/renxing.png

MD5 a0140e12fbd07311186b1b56a36c545a
SHA1 2c36186810fff9752067522b6ba1c79c3e6bb007
SHA256 ec9a1131fa359f8f5c40824ea7bffb9597a8271f986c4d9eec6a88d0dfa1046b
SHA512 648587d23128971304d25ef1d21a204166da856ba8479505dd6de78f5e1c3a0fbea38cc6ff442691dc7c55753842749012e47469c9ac584d6fcb953e635ce8f7

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/tanqi.png

MD5 82ec9cb4d62a3d69c7de3d8df45fd288
SHA1 a9c561a50a7974848bf1eeb37681a95aaf83069e
SHA256 ad5eb7de2bbc197faa3c9027faf59f79eb17de7fa0ada749aa94968336e4a174
SHA512 a92df78f5bda73e76b3fb0000f237b8c773ed8ae855fc4a585a3056f50d96195f53720b8647ab3d3e75b6e97c645f39d5386925cb24bbb47b6dd7d55a7aaf1a6

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/tu.png

MD5 199732bfc628bc5570718b5afb07ac0a
SHA1 4bb0e38d72a6336525d53b347d384456fbdd5ab7
SHA256 a5d3eb9eb0de4099f42cabcdb85f763f55ad46bc8d5f2ef9dfa23172c2feda1e
SHA512 071cc48d1421b4a3555bda46bb3e5755275be95890164068aeacef0ab80296fa82e9de396cc9935981eaed6e8b896d8fbfa0328263fc4a822b04ba35029b1611

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/weiqu.png

MD5 5a2ee6a0743fd77afcfcd461a6c86047
SHA1 97a2a856e0225dc2c39aa0ab1f6a9e922ff18956
SHA256 a11542b34632c91c4eb43805111f6e5b339f6ceae8ac47b29cbfe77c160890d9
SHA512 f3641c0c223bb58557c391b5ada60ca9c82191be14ae074f40f093cc2b915b3fe5ce6fd386e411f373173c0b3fd641f946b701dbc5aa0919ffc7b1759b8cf881

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/wushi.png

MD5 c7938bb7ef5a22f178140c8f6f9062c4
SHA1 c48909320f8bdf4644ec744ab503f0ed44b34ef5
SHA256 6e75ae59f3f490e884abab6991b5c058a31f4476be3c4e72957eee419b863bbd
SHA512 917e46d7f9bf165e4d81cabe87cca6abd4d0b122d3a1737e162ac39b3c412be42783b8020b6c6a4a021d9802fdf02d8795d3a18c9bbcb3669f593c0f33eee726

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/yun.png

MD5 71d621560980da3fd2d80fbc996bc523
SHA1 3416e077843d1506a95704a41afce6fc844beb13
SHA256 e88203fecfb2e2955bb185eeab446d4a65c523db70ddd6d723eb96facbec030c
SHA512 fa4b4c0f654656bccf0c2fd36ce681ec836978ae3cbfa08d1bee281276fa65033800d6cb07fee126bac7c8a5b99dbee5b16f720b0f8ab6cc8347a80ef35582dd

/data/data/com.ss.android.essay.joke/files/stickers/image_sticker/zhu.png

MD5 84436a1961532eacbe69031d32439d4c
SHA1 8217e2b9b23be4c54a63bad290ac06277d206662
SHA256 3f95842d55da6e91b0cac392d8fc6d2a6d50de357986b0d66c1bae52b7ab75e2
SHA512 7162f65c78d5b73e535da6a10aacebb588bf64a6923818fd418c3bd8ed738490479cd96c049b108435e6cacb69f908e103d0fdad28cb3ee95d1ddfff62fe5454

/storage/emulated/0/Android/data/com.ss.android.essay.joke/cache/locationCache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.ss.android.essay.joke/files/umeng_it.cache

MD5 88027f92e93513e628a8740393572b6f
SHA1 1a1480544c672b1a98ea272834076076b764d62f
SHA256 76c073fab3c48ead3e7a0539715721e6f32376becff7bbe54c053d6e34003326
SHA512 ae91dd73b809962f5d403e492f5f6da01a3895193e1d526085ab7bc5019e91d7fc9c87119d8ce88f412b8ba272bd9329c0716e848a79e90d32d6417d3f53dd66

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 cedf05f40e4b66b9127170ea4b6bb541
SHA1 4825af9194d43628796dd7838d85cf821fcdb2e5
SHA256 b5fc7f452489b50ea082dd4e019275562b00e6c6b53c09650124376ab0c55377
SHA512 680e3ecc880ef8a185c6afe050ca43e59b5337ff8bea925e94c9bb1a6f91625022365ab68b4432dc993cefdd2e6a4026772b0766a069161bf2f1a7c74b7671d4

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 5606889c8b609d2dc49c54fbad1d1d8a
SHA1 47dea72160199319d9c45cbbccf59bdc6247380f
SHA256 be9bdd2ad0601f982dd879818049c9f4dfbc3fb9a54f8751db42b20815535dfb
SHA512 9c7aaf113c2f7bb4c4c50844ee2da940687f57a31182cdfcafc71fb559e47df86d20ac5037d10ec0e57b80c2422a42697452f04852b6fff1670c1c323a72357e

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 988b5809fd055b443b2ac92a5aec6f8b
SHA1 4a55a87bf7166448bdd5d7f29e1c87b44b622adc
SHA256 95156dd4c341732fa5a006150fe0b0fcd2894bdd3fccfb76914e3e89cfc7310a
SHA512 9f20669032b7c18087b8ef6e38d96712919ecc460a902bf296ae3ed93cca544244cf00eacd300f05cf315bd18212a7911d43a34e73ab779a005d058560bdde98

/data/data/com.ss.android.essay.joke/files/.um/um_cache_1718324793465.env

MD5 60d33aa3ef88d7186eb308bc23f98229
SHA1 d4dc1cd223f9ea9445bee29bb8ee6d825162f890
SHA256 528e4b7b8de68e5275feb66d479801b2623e743f21e469c0754902211b7cea1e
SHA512 6344a4dca4c4fe1d070cd6e063b5d3a40f5978fc459490aa98f21800103122c09b977395ac5ff42c487d70e39a92ee837f3b9568f81902b0d23f25ee817fd816