Malware Analysis Report

2024-09-09 17:10

Sample ID 240614-fgv38awajh
Target a80e800b3cbf913beb0640e52aed4748_JaffaCakes118
SHA256 549c105b7d69f9638fdde3b93531398e6ebaa2c7cf45b9af143d35bafd762ca7
Tags
banker discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

549c105b7d69f9638fdde3b93531398e6ebaa2c7cf45b9af143d35bafd762ca7

Threat Level: Likely malicious

The file a80e800b3cbf913beb0640e52aed4748_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion persistence

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries the unique device ID (IMEI, MEID, IMSI)

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Requests dangerous framework permissions

Acquires the wake lock

Reads information about phone network operator.

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:51

Reported

2024-06-14 04:54

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

183s

Command Line

com.travel.koubei

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.travel.koubei

com.travel.koubei:pushservice

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

io.rong.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 a.appcpa.net udp
US 1.1.1.1:53 www.koubeilvxing.com udp
CN 54.223.142.201:80 a.appcpa.net tcp
HK 160.124.167.55:80 www.koubeilvxing.com tcp
HK 160.124.167.55:80 www.koubeilvxing.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 54.223.142.201:80 a.appcpa.net tcp
HK 160.124.167.55:80 www.koubeilvxing.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
HK 160.124.167.55:80 www.koubeilvxing.com tcp
HK 160.124.167.55:80 www.koubeilvxing.com tcp
HK 160.124.167.55:80 www.koubeilvxing.com tcp
US 1.1.1.1:53 mobile-collector.newrelic.com udp
US 162.247.243.24:443 mobile-collector.newrelic.com tcp
US 1.1.1.1:53 pingma.qq.com udp
CN 119.45.78.184:80 pingma.qq.com tcp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 54.223.142.201:80 a.appcpa.net tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 nav.cn.rong.io udp
CN 223.109.148.176:80 alog.umeng.com tcp
GB 172.217.169.10:443 tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp
CN 183.134.98.112:5224 sdk.open.talk.igexin.com tcp

Files

/data/data/com.travel.koubei/databases/mta.db-journal

MD5 019a1efa2161742c290b45242d00a6b1
SHA1 987da7b69310d8d9f7e65aaf154038b8ed7400d9
SHA256 2e954d0e6ae8d565b63f3c5c661dd0cc39292d6d72c707646a0ee6cc00901908
SHA512 08c9c91f6e8da62ed9316ac4baa8b910cca7352d85bc39737bba467cdee71aeb43d678b9114920b56caa27a5c774d7605b989a2f2c050ec8b772bbcaeff00856

/data/data/com.travel.koubei/databases/mta.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.travel.koubei/databases/mta.db-shm

MD5 64d61dd170fef2a6241b833fc022e99b
SHA1 b70b8d3638d8d7ad5a822a4ec6ce31ef2e63ee5f
SHA256 a450e222d928102ead4121ce61acc67294f3171fadd0288908070fc8bf9b516b
SHA512 55475c6dca79833ed5d3a237c6ae0495ecd9db33de1835cc0a7159f651a7be9d3e6eabb784be0d280b0c26162609488c01347e425c335b7c8c253659e891ef08

/data/data/com.travel.koubei/databases/mta.db-wal

MD5 5395c42879a2d95b5eb9c8eca3450167
SHA1 78efed9500d324df40e73d93458313ac8fc8bd4c
SHA256 cc75e1090e972071cac7903c9f2ffc1c4badaad9be30d2bb43d70c63179e61a4
SHA512 0a01c75050f0477d343c092cbbc5b851ba1ee53db2d07496e9e7efd5050b7cf0b302b100ae9951ae45caecad84362befbcee769ddac90782192499a1e1f90872

/data/data/com.travel.koubei/databases/rong_version-journal

MD5 abe57927253f77fb0206db3ee4950437
SHA1 479e84fe752aeed6d533915878a0fb3c0fabd150
SHA256 b6c0dcb1adb7a8e64c84a15ff7a8daa0c11b20d3d2b9425d9352babc22841e2d
SHA512 de5490cee8bab78129d40883531be414f26aa4e2e0a4a06dd1f643af058c69af9401c8f2a4b931ef306cac2c39d990706cddcc70d7ea1ec5da3c1aed033970e4

/data/data/com.travel.koubei/databases/rong_version-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.travel.koubei/databases/rong_version-wal

MD5 06d9bbafef6f676dcef92760e6f24fc8
SHA1 0ad66d415c85bc9ddb4fcb71df7916d1ad7542e8
SHA256 0521b83c649b44d3e57aef1771140f71e9a735c58462a0a5e9d61ff82b77a8c1
SHA512 ec8fa5dbacaf7ecb518961e7747f0357dbcea1e0e4699e24e7c3b6d2267487bfda567e2f9a686a2fe4860fb977c2609044ee30899a3472f4dd6ae75aa41126fe

/data/data/com.travel.koubei/app_td-cache/tdappcpa

MD5 3f040f65f46e3c6eb6ebf9f96e1022b1
SHA1 374f554add6d781c85904caf175c91b89ea135c1
SHA256 6557f342cc8637f1bb9d287c44996123cbe689983a06a31e59e458d9bf0bfcc9
SHA512 50f90ecd2db6c178f3c471af923cbf42da80bd2bc3095b989db66f62e5085cf68fa6762d6ac49ea48bd00b1e57f6de443ff5fabf20aa5a622fa42b7ac7efa522

/storage/emulated/0/Android/data/com.travel.koubei/files/RongCloud/cache/journal.tmp

MD5 8c8bcb7d36cb5a71729c00c4e7f2d330
SHA1 a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256 fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA512 4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

/storage/emulated/0/Android/data/com.travel.koubei/cache/http/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.travel.koubei/databases/pri_tencent_analysis.db-journal

MD5 9e5f553b97777cf19acfc7036cb744e9
SHA1 5bf7e9b9ed4b519b62ece89d99ee9c6af4e4a0b5
SHA256 6790c37f2e8243e792ce60c15d9c974bf6fde32dc9f8de0db69f79c49f0caf98
SHA512 c24f622939c6617b56f785112ffb853fd9f065331dbae318b0dbba068a6f4ea78a93288a4d6b95bcba2c5eed6c3d208fcf7478629e72acfabec701dae5bc5c0c

/data/data/com.travel.koubei/databases/pri_tencent_analysis.db-wal

MD5 b67be6f2dfb10d6a8790e9b81c06544e
SHA1 8716f28a1020c7125af84869dfd849dbc4be1c6e
SHA256 872e450da718cf3efb8a126190604752d99df4b8741d295bddd0c804548c39b6
SHA512 54cd329b67262c854904d971856099b27ea01402e88499bb8186b4cd2c788114f864419dd0dac3202633dc13c158c38b60b8edb6a5cd02bae592a8cb6a4f8087

/data/data/com.travel.koubei/files/umeng_it.cache

MD5 2c798e87fd3311ae8b68b02668048297
SHA1 f8f5c9b819ab7ad8c18a29d9c2a253dbdbea8365
SHA256 ddd95292b7243bffdb8c68e11e89b1c59d1f8bd331ff399ab74fc198ed4d5805
SHA512 6dcdc48c992fb14adfec3fbc7d42f14767698a1a13c89f8e71cad76d74922e384c4fd3fd16abf6908ea799957b3be05329ef8c50eeb0bb4c436b1eb3cec450a7

/data/data/com.travel.koubei/databases/tencent_analysis.db-journal

MD5 f2c05dea23752013259e26561bf9d19e
SHA1 1d56446139d064d65c1ef14d2da6b616e6095bf2
SHA256 d527437dccc804ee6a68f4e9fee5c1f7d844c43901841160eb161f506a25b950
SHA512 4a7326aff174e2529d81d8c7ca43c0a5dfe3f1ad874f30c6814274a03ea01cae4dbf56ade4a9f1ed8779ae8627bc64f21779b3a9845f497a38b5bdfc9e67d61e

/data/data/com.travel.koubei/databases/tencent_analysis.db-wal

MD5 f1eb4672e17d5f481e1d5b1292358755
SHA1 6aeb4fa7a7345b5682a87eae0fe6a35fbc2c4094
SHA256 3fbe88bd2052d809a74ec43c598c633d0a742384aad1b42720fa5d14fa776b87
SHA512 7cc22a2477f03c124007318344b439a48069bad902e191773e3d9f5b607ab95b7c481848c2f0fc88ea3d67bb71fb78a2163a84410394b56ba6c920e6126e0f2c

/storage/emulated/0/Android/data/com.travel.koubei/cache/http/journal

MD5 72c1e42698debfdbebc1ef854f06c6b0
SHA1 fa28934e50ee9453aabd08e679af8d7eb72f569f
SHA256 041576f84506e8eb2d491a2be14f8c859f451a95e24a318ebb4ee7076f8e9889
SHA512 6b8104bd28a5a4d065d1d4776f138733f4d56f10b3d25445f4a5c0c6105dbef78813627393e9f143af459a42cf29115e5f4fa870b7110db134bb7edd3d187def

/storage/emulated/0/Android/data/com.travel.koubei/cache/http/304d4c9a72d8b8d2c0b3dedc2ac3dc6b.0.tmp

MD5 fed01292a10987ea5da4c0dd1c95a32f
SHA1 858c60583814aa6d72b033084510b1383c584a45
SHA256 e072c178256310de4e30dac8a9822f1c068e7b1b5219c0760ef6ffa3928766e7
SHA512 718469b8beea74fda8ae97f5c730c60c5d4324250e4807de3f0a8d4057d9ae1e4d21e8155529fbe008f034118625e50b4dba91ddf956213ebb75ab9447090812

/storage/emulated/0/Android/data/com.travel.koubei/cache/http/2ab9f239fb129be9eb26c1d00b022baf.0.tmp

MD5 51c9f38e380e3b7f705fbc411792ff07
SHA1 fded7602f098f4b23bbab7b0e94d0aed7bcfd1e1
SHA256 4fcf789ba9f2ca3692091fa785a1e0077a87de417b0dd6d04f21289a5aaec59f
SHA512 24a5b15ef93b94f7afb0c71f7a6a28dd4116fd167f8c382ac30cf56b01a3904518c42f0834e0f870c4528639454610a91637a2b1c0c7c61f23272d37a327a407

/data/data/com.travel.koubei/files/mobclick_agent_sealed_com.travel.koubei

MD5 6eb3cc89ec06f911e1808509e015242a
SHA1 1709b5932afba28452bb4b539c493e8e60c931fe
SHA256 fa6a2ec75cd69d7e3f36e11a5ecad0025587f5dfbb200a6acebdb388cb7bf739
SHA512 e3f7c49dd94a0c6ef1862a1e1b51d2b6400c213574324c395465a3d50990d8425cfef36a509986b7f346589425e3ea5b2cec6068369645227db26a38657905a0

/data/data/com.travel.koubei/files/mobclick_agent_cached_com.travel.koubei27

MD5 4bd0a136dcf395778d664d92ea9076e0
SHA1 ae8840f8fb929158c8f63c970aec58c3b2c53f47
SHA256 9cb6f6e035db60d4a4bbde25a5f7f297eaa41564fcfc178687ca69a9b42e99cb
SHA512 bdd98ddd383413cc1cf773e62becad7fe965d64d2186cf62b2f9724e528276cafb6f87083a84d7b08b20bf0c768c8e9e4ca20ffc5476f3cd547a8ae1ab02cd31

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:51

Reported

2024-06-14 04:54

Platform

android-x64-20240611.1-en

Max time kernel

174s

Max time network

151s

Command Line

com.travel.koubei

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Processes

com.travel.koubei

io.rong.push

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 a.appcpa.net udp
CN 54.223.142.201:80 a.appcpa.net tcp
US 1.1.1.1:53 nav.cn.rong.io udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.travel.koubei/databases/mta.db-journal

MD5 acce75ccae890d8c85b50f354e6eddf3
SHA1 161a91f42508bc6202f74230fd2a0a80a1200d94
SHA256 c6b6fece393ff706047a12c441de8d5bdaad89c3df2be2c338b4ad16c65e768c
SHA512 e9ea14d2cd8251553f78fdf9349d50cbc742080747354dd15b5a514ee36f2bb95fc5eed086758b0a1a4bfb4e4c2e3594f28d9ba603269677b31c30ca69471c01

/data/data/com.travel.koubei/databases/mta.db

MD5 36b46b5e398a35a317af258fdfc2e2d9
SHA1 d6c3fb3fb356946ccfa77381eebc8fa326e6fc30
SHA256 4e436c00bfad5a3e169a630f4d6e7fd7769f44349335cfeea3bff5ee2909305e
SHA512 47bcb0ca59d0171dfefd48ab6fa722bfdd077cb56e615b2410516b990e4a3e60a59e6bde9c83f1af670da93b6c7128bcb6aee396fd674a5a42336d00fbf10869

/data/data/com.travel.koubei/databases/mta.db-journal

MD5 2b6e9bde32955d93c871513b0d758b0d
SHA1 ccbafab2f125532e85f1414644d86ec94cbbee85
SHA256 c0ae171e2dfff7a0d9365f53a7178c2aad838a91b4314edbf791ef697bde5d38
SHA512 4ad4f6c74a492980b5fef41f9bdacade12fe62faa06548e8feb2d8e63fcedce1333fa3311969a4592b063b1125dca92a117715105d677ed678be405ea2bcab0a

/data/data/com.travel.koubei/databases/mta.db-journal

MD5 f3f779a2b0da7ffa6105c230250169eb
SHA1 da9c42c53377c182f2429f3a4dab045ec080433a
SHA256 208b9b3707dcbac4484baa15c6ab4382a9e8757545c1604b99fd97e82f8085c6
SHA512 6beb7326da2718e8a14cc6eb3196b8e99513d635a295734c06ba496b3f5ed3db67014ae167615384b8e83550791687c341742062d14fab8d6dbde30236719b75

/data/data/com.travel.koubei/databases/rong_version-journal

MD5 bb238fe3b870b0bb64a19ee786996c6d
SHA1 e0b8d9ba61a11ff3a9fdee94fd6f73536b945cd1
SHA256 a0c7ba35e6ef29fb81187d54d5565edcb4df2985c4d41c60826372f10138547f
SHA512 3aa7ae39fe50e6322b43cafffd765eb7e16cb0c24d859fa71c3081b1e25a21201621a2567076f8b7ad892e290894d96809933630988b5b36529d193e50e1bda8

/data/data/com.travel.koubei/databases/rong_version

MD5 b92f522dfd4593eb9f8ed3c1cf2a4a0f
SHA1 ed7ce696b45f23e6eac417eac395fe817e5276f2
SHA256 c3188bd794721b550a9890a5b31194d271aaffe688e3bb989cb17ff4ac09eb2c
SHA512 32d81335cee050b4d1b39082ce1bf40647f4ae476200b35fa4524630730911300dcfcba757d1708a270fa874b3638ffd86688529ad6b6a93b7a4e755d1949079

/data/data/com.travel.koubei/databases/rong_version-journal

MD5 a9782fccd5516543e64488be012bf9c4
SHA1 8ba05d802250405e4b81aea8c76d2e16af0b24c8
SHA256 ca4107e9aeae276022054fc7ab81e477e25d36fef7f260e32d8c749c903b21ff
SHA512 6fde5b9ffcd9b8171d09c6a52b06b0b3da44b5b175fc4602b6fd1e2b4661fb6664beb82930aba081a40648d79e61d72b3a8edfe476934541e82c4e28aa378888

/data/data/com.travel.koubei/databases/rong_version-journal

MD5 5315c6ead4a64c516e84e4a93d4e38fa
SHA1 9a69907fd63425a0a2c98b33896bf3d92e2a56d8
SHA256 2b5c72f870e68eee0e5bf3e463c2cff3ee169e1e2bc51b999c1dcd0e7b888db8
SHA512 93aed7da1ddd6d6bb92a20e70aa0c890bb989f64e9e4711734e6edc213142e301f1862d6b31e111640059e94bb46b8d3ace673e8fe38e66f1cb15a94e9b8ca17

/data/data/com.travel.koubei/databases/rong_version-journal

MD5 5f5093c6dbcdda52de52917558ff848b
SHA1 f5b6b4ace633fa999640435a5d0b48fe30585f83
SHA256 090fc989d12dd91672b51cbd9fdd2e52b5c9ea777e13bb37573e2dd89ce7bdf7
SHA512 4953da83f71dcf980c4ae27beacff200131abb0ac76f46acb9ff609a88470b7a40c1d9f727a197e28467d34069b6464f95a6767d04f2f11f94ae6d1428945cbc

/data/data/com.travel.koubei/app_td-cache/tdappcpa

MD5 4ebc417bea22510a06fe3f511010da36
SHA1 000dc7aec183cd0de1299f559b2f32cc70a1afea
SHA256 3c7c33dca2395c20492e1e4321189baf6d35032d0d8d2093147822020b5dfb11
SHA512 8852e23ca18c2e487ff70c264a8675c9c444f6548741f26b91775142d2d847da6be51b3395885438cc89890bc1b780ca02d036e70afdfde25bb59932382a4595