Malware Analysis Report

2024-09-09 17:39

Sample ID 240614-ejtshaybmp
Target a7ef527ed1984584ff18264ee5e1fefa_JaffaCakes118
SHA256 9ea322f554d6b9adf4371d47c21285410a5b43a66e35fbf97f121cda60a50780
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9ea322f554d6b9adf4371d47c21285410a5b43a66e35fbf97f121cda60a50780

Threat Level: Likely malicious

The file a7ef527ed1984584ff18264ee5e1fefa_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Queries information about running processes on the device

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Reads information about phone network operator.

Acquires the wake lock

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Requests dangerous framework permissions

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:58

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:58

Reported

2024-06-14 04:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

171s

Max time network

186s

Command Line

com.strawberry.sisyphusmod

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.strawberry.sisyphusmod/cache/1582435991586.jar N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.strawberry.sisyphusmod

com.strawberry.sisyphusmod:pushservice

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.221.18:443 graph.facebook.com tcp
US 1.1.1.1:53 impact.applifier.com udp
US 1.1.1.1:53 live.chartboost.com udp
US 34.107.157.36:443 live.chartboost.com tcp
US 130.211.33.175:443 impact.applifier.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 34.107.157.36:443 live.chartboost.com tcp
US 1.1.1.1:53 pool.ntp.org udp
US 1.1.1.1:53 v-ak.chartboost.com udp
US 1.1.1.1:53 v2.chartboost.com udp
GB 104.86.110.225:443 v-ak.chartboost.com tcp
GB 92.123.143.227:443 v2.chartboost.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 92.123.143.227:443 v2.chartboost.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 104.86.110.225:443 v-ak.chartboost.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.102:5224 sdk.open.talk.igexin.com tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.strawberry.sisyphusmod/app_Parse/currentInstallation

MD5 e390ea11f8e0700cd969bebcb8de9f24
SHA1 a7d6bd83c08d955b4639116bdec09efc5e7dbf84
SHA256 3cb465b8fa3c981b9ced6eb5242ef3cb8ea6ce10f7f7c94fb7e2723744a9a52d
SHA512 24d07ddf508158458291f050f2d27da7e07c074bf4e696bdfd0079c2dc0ef493e09a9039431d2189b9f48ce2766b04b93058327ec07e38ca49046accb39b1361

/data/data/com.strawberry.sisyphusmod/app_Parse/installationId

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.strawberry.sisyphusmod/app_sslcache/api.parse.com.443

MD5 6cd1a81d775f6ee3140085ac0c50cb1d
SHA1 d204ee8c02cb23ed9f55388e2672a63399e708fe
SHA256 ddc2b696c711c4acedcf93821139c6bc05007883c55379feee14a4c63e5d9fe4
SHA512 b854d08e4b9ca86f1d3237c346b76138c7918195772550b74281b3c04d26522c86de7c1d468a01f9c8014298573f223a12b1591a261cd839b305bd347cd06487

/data/data/com.strawberry.sisyphusmod/app_sslcache/graph.facebook.com.443

MD5 878eb9e39d7f45960f16d65c88f2652c
SHA1 b7d798356c2c9f8dbf8ae86ae99759a9ae2b24f0
SHA256 f7add8009a09a4671b042d02d816f875e553cad5e94edd15c875aabc44a8544f
SHA512 17fae905b18743cd8c1f18058d4d7eedafb9f02e1f31636b74e135aa77fbcf6e40c62a26f1e5a8e6e3d7aa5eff4b18dc41253b0968ebeb6abced21ff286ed4c2

/data/data/com.strawberry.sisyphusmod/databases/google_analytics_v4.db

MD5 9cd30030750a0321277bdde2e0205ebe
SHA1 4af7b1b2e2202a1d4f0ba6c70ed06c11e3866099
SHA256 3036ad4eeebcbaad1b90bf6ae4d86a99a9ea008724d5378a216283dfb53c7a9f
SHA512 9d9b287edbf0aff440a4dd4e09b770ecf598f1ac36a8bc8c3294847eab74c125b805ffe09551285f4e426795e4ad282feaed42ce9e4effbffa59c8bbe783b400

/data/data/com.strawberry.sisyphusmod/databases/google_analytics_v4.db-journal

MD5 250bbb90bcc46581b335157a26341e1a
SHA1 2514942565a9504ab685b6ae259f018d15407375
SHA256 bd385b25935ee64f04f28825dd47bf097071d623c21928875098c9138c5fe678
SHA512 e3b89d35ef321ead3b452cf2f1f5ee8326d876299aed3d0cf7240b642495bdfe933a65eceecaacc037948c7ef92e0c34036c2379e6c40ad0eab5eefe0b8b5c20

/data/data/com.strawberry.sisyphusmod/files/gaClientId

MD5 670d94e1c95400b95a7dc331c1066f4c
SHA1 0a0b84e516a336804e7886a13bb8b24a55c94365
SHA256 c7bb200f963c5e15580b5bfeee90bf19c4a92fb8c078d6db3a7029fe86a8e406
SHA512 73330bec3504780e29bb64fb397860895401c4f0cd27794b3d94c41ffcf11a76c33972095569fe3605f555f24569ab2b67c840623303664e0eba47fffe51f0d3

/data/data/com.strawberry.sisyphusmod/files/rList-com.strawberry.sisyphusmod.AppActivity

MD5 c9369fa837e962ed88668dbad8a6ead0
SHA1 c8e4d011358e67d3884aa2415e42566f9f3917e8
SHA256 6957749298daf11b35e93c047dc1d2b5e2de2ecfb61289352c5f87c15a1f0696
SHA512 1790f0ac06eb765d2e1f76676bfcff5790f8962dd81d6e4825e5af664d6c08051b2d90cd2471daf547297d77f5836bfb124b57d669a27a0c2d88a01eafee3ce1

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/561258870063-0001-73B5-F3CABAC1EA9DBeginSession.cls

MD5 fbb94aaa78de59c4a546a10ad767ba70
SHA1 df1bcc67a646b3ed9bc6bc25a49b6f6f3653604e
SHA256 29a61203ea380c20e9f78d0d59f007cb60f0fd8658a153ee396bad84128e81b3
SHA512 d63632a8cc5c526b1fc528c2207aae8c6908d8fae24de6e156aa9525a0fdcbc8bea2d98432417aaa46ca0de612be428719f13a59f4956cf6808320f94777cb5c

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/561258870063-0001-73B5-F3CABAC1EA9DSessionApp.cls

MD5 d19aa0e5333817315cf67cf1b01ad7c8
SHA1 129006769739299c33695a7ea49f54df2cf424f5
SHA256 212550a09440cc1165a9da9ad75b559243219bff0a8b485eacdc10d2c19ca615
SHA512 1b3caf818f24d8cf9e27a4c3ef7eefdb1e17eaedae7735ce90fdd8b52e16f2ec5b7a89e21e7afb4c4988a864dcf99e71074ab8acebf0c1b518e1b6124c79dedc

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/561258870063-0001-73B5-F3CABAC1EA9DSessionDevice.cls

MD5 b7f2c993be925827a7da8c8b09f46f91
SHA1 c3ac97c1bf340bb21edfab68b1fe2d499be775e9
SHA256 abe1b68891b0c20421039c5c0604091c667fcd03e5c209d09a95850da04ba4cb
SHA512 ff54c923d80fa7ffe7907f4a5dffc96e700a30bcced8ca88e7717544d25fcbc2e4bcf968fa59bf7e94aaf82240ae855bf71d9066894dd151717db3ac82d7de32

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/561258870063-0001-73B5-F3CABAC1EA9DSessionOS.cls

MD5 8e04db38941c5371378cb7486d9ddbe3
SHA1 a491d9258851ceb29794e857f7bd6f589fd196a3
SHA256 8dd6528d35a7756f044c5cf98aa7405e9fc36b8396331b00fa716942ef77c6e1
SHA512 c863bdb222921eac3f9c9b485cc4fd1c0c92f378ca45282a85b9d0074652d08edc366b0e22e26bc0478df32910e74b001f9ccf37d2fc934c8c6310d833d775b8

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/5612589803BA-0001-7524-F3CABAC1EA9DBeginSession.cls

MD5 a3ddcde89e3e401b0196ebfb35df1548
SHA1 c0f8853d17c8b666d5fea925e057c4ecc132de76
SHA256 3f0c18949736e42d4c8aec8624d74888afb73998ca960ff0589c4099c272a813
SHA512 80fc3f987a439b98d13137645c09cf7e1f89bc36923ef4799692183d2ddda0820833efd2068e849a8bc7a82787a945327f1611a708ac67200d679c9ea7e28888

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android_answers/session_analytics.tap

MD5 a5bb7e92979fc02b79bf81dacc0ccf20
SHA1 ec997551a4d17334c0e4c8212072e726222ed7eb
SHA256 1a70e2a012aaecd8408fec40cbfd1f3288c7cad90de8bf71dddfce1b7d2a6eef
SHA512 01aab3333968feaa3d0cd939f2d6b7731a91e6cb8944f6f849875cd0c42d0c452913e83448ff46fd5f783bda14c33c57c3ef156c6bc59633f33af4fb67b04a25

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android_answers/session_analytics_to_send/sa_06fee4b8-ceb1-4474-ac8f-a915d4d4f0be_1444042887134.tap

MD5 94d1a110e08828c16d8b25468d25979b
SHA1 2ec9a68eabcdc703588dee63067f556fbd8df1ff
SHA256 b9a55cf7dee17c6694c4529b187a513aa8c513d8353488ca7714148271f98a4f
SHA512 767fa9f48374e04b4a1f51dc32008155b2a8df69a0ffa45708340dddfd9ec2fea83bca92e6d20ccdc22c980741c615b4d8a8863743547086089c75896c47eb83

/data/data/com.strawberry.sisyphusmod/cache/com.parse/applicationId

MD5 f411723f96f6740f55f27469c95acfae
SHA1 2f65bcec9c1a087db6b09ad9e1c013aa9adf0cf7
SHA256 c54b59d4e87a0631f4230c42eb57b46a16ce710170101991756200e106a504a3
SHA512 874e11a1fc62e3b881d1ade64259c678057759cf0cfcf44fac37d24df9749dd4dc2781dc4a2d5953b11240541de07197b58526d932416a0bc19b5d061be56744

/data/data/com.strawberry.sisyphusmod/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.strawberry.sisyphusmod/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.strawberry.sisyphusmod/app_sslcache/graph.facebook.com.443

MD5 b34cd33659f1d8e64488d7b95e181cad
SHA1 0732ddb0e04ee65a92d356178d911b4488fac306
SHA256 6547f19609e84fda30ce6aee0b8aa904b8673a7282091ce23772109ccec4d8f1
SHA512 5f5b4b6340418c40a45ec822ceefeabbee9faa7804d3988a2788897766171e3e93ebb4b8b6f69bea2b14972b0d86728520aaf329ebc5d7dd9d240ea2414cf03e

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BC01001F9-0001-1065-F3CABAC1EA9DBeginSession.cls_temp

MD5 ba4e28396ce0e2c350f61841406c570f
SHA1 fe72fa6220f6fefdd7a780ce7a0f78cb939664d9
SHA256 86b0fa3cabebeb35b00f0e01ce40e490891409de85265908e2217e75f4ae97f2
SHA512 77baf5fdff43e885ccfad07d7ff7ffaf81fc145164cf573cb21a09756ebc47a2d1bd034631ac9a1f38dd4a308a7585259062c8768f142106579d8af32d39d2e7

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BC01001F9-0001-1065-F3CABAC1EA9DSessionApp.cls_temp

MD5 9f76550fdc23e0a2c2c94b04237f237d
SHA1 ca890b5d2c4a76dd1912650850541bd8b4c5c374
SHA256 675c7f1a0ad40f11db9da0f73fa0a872cb67f9af9e3156fd67717e3de9e47088
SHA512 0b2eddacf78b1d181e1a3e8f5c14e542d6c4c0f73eeaad8c134e43844c0067c93afc612d3216f6bddbaf8dcf886841eb7adda71205e3947855de0f451ee3b8b5

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BC01001F9-0001-1065-F3CABAC1EA9DSessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.strawberry.sisyphusmod/cache/__chartboost/CBSessionDirectory/cb_previous_session_info

MD5 d289d85801111e70b0f0105774f694f8
SHA1 5837df33f8a83868e0418ce4bee607e200bb292c
SHA256 81f2a83be59304ff23bb6f86f2a7acd05633ba222a3f6774e8a8932d4edf4624
SHA512 0524f33e1fbcc31d6ce1c39bdeb347d7b15927e946d6e99214dd07f94559148838bff443738e7546f342c884d59ca02b5241b8af08cb1cfd4292b66e717c1f75

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.strawberry.sisyphusmod/app_sslcache/live.chartboost.com.443

MD5 98c70d872211af04edb935b9aacac0d4
SHA1 b58d0564b0f370c4699f7f2ded807502dae17aec
SHA256 5a45353cb7948f2076bd8567dde52b2bb83388e73905dc29a199398856028d96
SHA512 25cbd579bc580c9060b1dbea08490bb75cc307207dffb46216473ef891c3f44cf72d7106b942cbfb2e0f64d4279c4cb3ddcd1d76652d1ebd3259af9fa7027ca4

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 22b8ed1df86a7445b393b7a1a4385817
SHA1 bc9bf1ed052231034d235a9474c7b059f4bd4c2b
SHA256 2d988c614693e9d042a9ec298b96016a9b10247abf7335f882ab46060c6408f4
SHA512 d92e76e94e8b27a654833d1fee8a62eec8c726afd94f152c1418dff3212166207fcce1dbd582964a4b03d932ca95244a0d94603f69b1870b1e12951c5002dfd2

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_f3a077fc-fcd6-4407-91b3-d461459ef3e6_1718337554637.tap

MD5 abffd1d203cad2283ea809efdc73e228
SHA1 51ee9b69d03db478aec4017b72ed26f5cbffcd89
SHA256 baa41d37389a7f64abe5bb973d8aca8b89140e86aa7eeb02b675480806c40cc7
SHA512 77a38f0e3022dfa978ca683516fa7b8609312314a6579dfd5da164e3fe074d088bd7c65fbf85219f370833c04791872709adbe77e3f37e66bfd9d7906e4e663f

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BC01001F9-0001-1065-F3CABAC1EA9DSessionDevice.cls_temp

MD5 f44c6731fc663006709d6fed914ff6c7
SHA1 8c2a8b85f63ead0b055c191438cdbb16b51d18fa
SHA256 1bf6f285f6909a8fe344b56d18512d616df1f13119a9f7b82cc97be0580dbee8
SHA512 108a7da89021524f9e580010128f237b5cd957ab5511823b682434b9ffa9d374b198f3ce54478d6be183fefc4cf330647dcfa097d55e3cdb6b78a0278e163c6c

/data/data/com.strawberry.sisyphusmod/app_sslcache/impact.applifier.com.443

MD5 a1fb1d06eced00062d19e398f12507fe
SHA1 3c0ab84f358fc6fae67ac0c61d088e73c9e871e1
SHA256 30440b40b77ec72cd5b68ecb5c7416fcc9ee70506630b42cdbb842b2aa8ce685
SHA512 a12c598a5ffdf06fe4fed7737573fb3dd9c34d8e2d06c708f61f97fd5063bb16198745e5bd711cfefeb61b6b984278de3c1f1630eae97edc1afebef62a639dae

/data/data/com.strawberry.sisyphusmod/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 c8a428294b0e23607d21c20ff86421a0
SHA1 6a40eaba50e9faa2d61bf8da5810babd349d63a9
SHA256 9c477520da85dfae4174960a4fb6f28dfb8469d45b956997881c6875e5279c87
SHA512 bcfd1e121e00dbf83cbf15430ed93e3cb331271b69af8e1d8025eae73864c885031f1bf00525265526591474390a35be449bf183ff93d07c247c065f978dfc78

/data/data/com.strawberry.sisyphusmod/app_sslcache/live.chartboost.com.443

MD5 21b3a21b7f3d73490c325ebadacd25e2
SHA1 4a2307ba66783a777117afa85ae00ece72c91a4f
SHA256 b00bc70bd8bcfba81e769ab9ffb91800f043a41f7026b311a428d23f9bcf101f
SHA512 db29c8a0cdbaff4011cb3de5c1a738362f11e2d822d178e4ea7de3f75f11d324dddf41e62c81191c55a84556f3d829e2979a02602a6a05d4243e61e5303ccd6f

/data/data/com.strawberry.sisyphusmod/app_sslcache/v-ak.chartboost.com.443

MD5 b083b6fd69af8cb790b0e715d0b242ae
SHA1 18022b16eefcc437ba57014675d6b6f639053002
SHA256 8d7cec06bd893f96ce177784f45dc2497cc4fa35cb546b74936eae6333ac44fa
SHA512 e4f9334940c222e033e8f58d593c7b4b36826161eb501987e31e5dc36a23e7e09d90a444c2f9969d73c95e382457a50030dcace121a81f3d46ee07def45fe6b6

/data/data/com.strawberry.sisyphusmod/app_sslcache/v2.chartboost.com.443

MD5 d191d12acc58895dffdb4f8498b8a8c0
SHA1 0a50e6e5bc973837074e4261a75e63156baaf57c
SHA256 685afc510f4764f3fbc6714d74d4855d7c1c96ec67ee2f82619d623ab8ab1c23
SHA512 430a7f94b52ff570dfefbddbe93ff547f5827a2d18ddf9b9466c73de012a5d5ca915a035a88bb09a09d1bacd87b921dda63f440f5f6843413a80a360257f5895

/data/data/com.strawberry.sisyphusmod/app_sslcache/v2.chartboost.com.443

MD5 cea62e6d4392e162e2d528df2585e2d0
SHA1 42d8406859390830fde1a78cc852003b6224e6f6
SHA256 19613ee40d56c4423f319a8341363a0930f5fe4239653453cd4b321f87d276dd
SHA512 d1d6b8fdf55f7082eb7f9aa5d6064dbc9fc898f9ca2815d1d6e34ed18776360dfb8a5393f4a9ab987e785f49a841496f38f23cad80b4c061b07a1fe44d7b4ad0

/data/data/com.strawberry.sisyphusmod/app_sslcache/v-ak.chartboost.com.443

MD5 2902e6bb43b3b725aa0d3ac35b4834a8
SHA1 541f1643927b7b89cfa42952c707d4fca00b643d
SHA256 8e87ebb68e79d73a343d402d4042ea52f79dcb4df38829751661f0f5cbcaed94
SHA512 b51d98ee95c0eca4ebd0f40f78c23c79fdfe29b541e271c6e7778c521d5cdcb897fcebc8ba305e7fd77c4034d460cebd8356163e8cd83a042c25707505ca594e

/storage/emulated/0/__chartboost/CBVideoDirectory/6595c5a9e92b92f5bb82703d_568-1704314281.mp4

MD5 d6dc2f693d2ae41cd2478642ce711403
SHA1 edc502dc6e740a83d57cbcce5740c76692a34581
SHA256 44db2036c1be9e0d0e8c361b152a86e91d02a39ea2326726e18060a2e7196585
SHA512 7074656d5365d85d8a73ff5e398302ad5c237b182320074d3d979a4c004dbda496c5563996d0441d67df96c56e7da982f8e2cd5697f80be153f5244b184370ac

/storage/emulated/0/__chartboost/CBVideoDirectory/66657ef5afb630e35ee5298b_568-1717927676.mp4

MD5 906e2776934d9da8c5c2aa597323ca87
SHA1 64f08124cb17278558b8cff3614cbf9d0614055a
SHA256 9f6b95b7fbb6fcfd7b9b826861ff06f04910501142d8b39c14277e8ed5406cb6
SHA512 2e07b4d6b8037b84e071fff00aa92456fd2e9594f62c2d9bdd8b51ffa37ba569d31bcf3ccdada52e150f5a1bec154558215c33e094a1467ee147f95e68a69e60

/storage/emulated/0/__chartboost/CBVideoDirectory/5ecba0556abc7e0aece609f5_568-1590403157.mp4

MD5 c3cd440d8dba20be171d0673a786ed90
SHA1 ac7af27f416631b5fe409118f56c436422c8077a
SHA256 b3d1476d8d823dcf3f4de8661a5d3c303546dc630fb828be43ce8b402212e581
SHA512 792a58a685f43e470062250cd936209f096559349b46990738a8162ffd59dda987201937d6b57838fe54e52264ccb95c6fe67847cd5b34538ee99b9813337229

/storage/emulated/0/__chartboost/CBVideoDirectory/5ecba0a617a57109d1598989_568-1590403238.mp4

MD5 8cbc50bb417ce03df3370cfbbd298b3f
SHA1 e1f1777a16cc9a5b2f5ae6947c06d830820c16f9
SHA256 d070b43c84638c2db991e10f9ca4c0320688813ab7499fcf287df8a1d9e270a4
SHA512 4536ed5a30ab2568bcb4da973a8bea3a875867649b9e62eae4a511a54b9105051bbce76f7be893d4c87652b64622daf92966c6f8674bf4a18a1baa04f67f592a

/storage/emulated/0/__chartboost/CBVideoDirectory/5ecb9e216abc7e0aece609ed_568-1590402593.mp4

MD5 bbc54dba0a9b5a340bf31b5490ce00e7
SHA1 39edbe1848f5a46dce4aca72d5a82436a90c8e65
SHA256 4d554c2e92b2e707f53f550497eb5790a57a31c1cd039759e60c4cdfaf094b97
SHA512 fec32b3cc167c2444e029c4b5542a6be0ec0c41a297ce414536f480f588768abeccbd2dd06cdabda7768a63ff05fab54c556c14e1449a52ee80439e966dd0e29

/storage/emulated/0/__chartboost/CBVideoDirectory/5b24033f09167b0cb1cff2e7_568-1529086783.mp4

MD5 cf8dffff48962d736620348e9c244f3b
SHA1 ac1a4f07f1b50863875e8b02a6f4a50f0bd7dfb0
SHA256 30783bea54a783f6975c37a5a971b4ba4d56308b822d7bec060dccc59c2d73d7
SHA512 3d3869665cfa4764d9f19906e7b5f4a775fb9fc84dac1e120b103e9d579f645ee3b7fd1298058ffde1eb85ba1fd4c39c168e7736687e7492b1659839606a73ef

/data/data/com.strawberry.sisyphusmod/databases/google_analytics_v4.db-journal

MD5 60975be5169942203e562d5bddf258fa
SHA1 8c2d0b698f2068a79c82048ba82c8d22165b651c
SHA256 0fd21cca99923abbc397814dddefaa766f70377122b4cfe86e6d2c570d0f0d89
SHA512 b9fd0a5a1ad15b3743d0224809de1a6a7d72cff2ff812f37de7f7f2fe314c205af7b9a2059b8232285e8e99cd47f54a590276068876105bf118e5cfd940a7d0e

/data/data/com.strawberry.sisyphusmod/databases/google_analytics_v4.db

MD5 f870b38536b820a5a02e3c317301e57c
SHA1 5586799211811f3fe2aaf74a5a631dd678f07f78
SHA256 4351448a528475ca4fd971a20f22d742fdd8d11a4bb07e37df7b618821d251d1
SHA512 a5b0f0172726ab439747a314e8bb5989d4c759ea901e948afb25bdbdb54d62b384c097ec9029865e36a74558ba7a956c1e2f2a01735558003ccedb6656d80376

/data/data/com.strawberry.sisyphusmod/databases/google_analytics_v4.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.strawberry.sisyphusmod/databases/google_analytics_v4.db-wal

MD5 9461d9ca70faaae1ca6fe23fb53b068f
SHA1 cf117c2ac64dac993e4d8757788117a84abdfb07
SHA256 71f53646b1162f071d6cb3786769110d9a82acb13bada72337c7fc8eadcdad3d
SHA512 2d0e91bc18cdd6238d1e2b0b00402e7e4da197bf6a211864279ecb06f7ef2e72fc9ef1893c2bc7c343d4dfb1acd4fd42c5cfa7cc9a08952541f8a703e8a782f3

/data/data/com.strawberry.sisyphusmod/cache/oat/1582435991586.jar.cur.prof

MD5 a3b78d197d786c13687c3f0f89703bd8
SHA1 9967f0726b6b1ed3f198904547b81920f8329621
SHA256 c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97
SHA512 9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1