Malware Analysis Report

2024-09-09 17:38

Sample ID 240614-jzx73s1gmg
Target a8a91b51afb1cc174ebcb207d5ba7129_JaffaCakes118
SHA256 af7d7ad5718e1f2b319073395ac9a8b4331a1f6a7f0a21e7e5cba8354ed43c18
Tags
banker discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

af7d7ad5718e1f2b319073395ac9a8b4331a1f6a7f0a21e7e5cba8354ed43c18

Threat Level: Likely malicious

The file a8a91b51afb1cc174ebcb207d5ba7129_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about the current Wi-Fi connection

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:07

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:06

Reported

2024-06-14 08:10

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

184s

Command Line

com.xgbuy.xg

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.xgbuy.xg/.jiagu/tmp.dex N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.xgbuy.xg

chmod 755 /data/user/0/com.xgbuy.xg/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.xgbuy.xg:pushcore

cat /sys/class/net/wlan0/address

sh -c ps

ps

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.sobot.com udp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 log.reyun.com udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 a.xgbuy.cc udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 203.107.41.32:443 api.sobot.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 180.188.25.42:80 api.share.mob.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 t.gdt.qq.com udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
NL 43.152.42.165:80 t.gdt.qq.com tcp
US 1.1.1.1:53 update.sdk.jiguang.cn udp
CN 119.3.253.130:19000 s.jpush.cn udp
CN 120.55.96.240:80 a.xgbuy.cc tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 sis.jpush.io udp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 api.share.mob.com udp
CN 180.188.25.42:80 api.share.mob.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 124.71.170.130:19000 sis.jpush.io udp
CN 117.50.198.131:80 downt.ntalker.com tcp
US 1.1.1.1:53 easytomessage.com udp
CN 1.92.77.21:19000 easytomessage.com udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 1.92.77.21:19000 easytomessage.com udp
CN 113.31.17.108:19000 udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 120.55.96.240:80 a.xgbuy.cc tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
US 1.1.1.1:53 139.9.135.156 udp
US 1.1.1.1:53 139.9.138.15 udp
US 1.1.1.1:53 119.3.188.193 udp
US 1.1.1.1:53 im64.jpush.cn udp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umeng.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 117.50.198.131:80 downt.ntalker.com tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.53.90:19000 s.jpush.cn udp
CN 113.31.17.106:7000 tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 124.71.170.130:19000 s.jpush.cn udp
CN 110.41.53.90:19000 s.jpush.cn udp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 117.50.198.131:80 downt.ntalker.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 1.92.77.21:19000 easytomessage.com udp
US 1.1.1.1:53 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 1.92.77.21:19000 sis.jpush.io udp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 log.reyun.com udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
US 1.1.1.1:53 downt.ntalker.com udp
CN 117.50.198.131:80 downt.ntalker.com tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 110.41.53.90:19000 s.jpush.cn udp
CN 113.31.17.106:7000 tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 110.41.53.90:19000 s.jpush.cn udp
CN 54.223.175.26:80 log.reyun.com tcp
CN 1.92.77.21:19000 sis.jpush.io udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 54.223.95.86:80 log.reyun.com tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 1.92.77.21:19000 sis.jpush.io udp
CN 54.223.175.26:80 log.reyun.com tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 54.223.95.86:80 log.reyun.com tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 54.223.175.26:80 log.reyun.com tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 s.jpush.cn udp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 110.41.162.127:19000 s.jpush.cn udp
CN 1.92.77.21:19000 sis.jpush.io udp
CN 123.60.31.166:19000 sis.jpush.io udp
CN 113.31.17.108:19000 udp
CN 1.92.77.21:19000 sis.jpush.io udp
US 1.1.1.1:53 _im64._tcp.jpush.cn tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 113.31.17.108:19000 udp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
US 1.1.1.1:53 tcp
CN 1.94.137.47:7003 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp
CN 1.94.137.47:7000 im64.jpush.cn tcp
CN 1.94.137.47:7002 im64.jpush.cn tcp
CN 113.31.17.106:7000 tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 aa01dd97609092ce310e17bf791069ce
SHA1 f000840a8f68ea7beb2e29ea466088daf55609db
SHA256 e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2
SHA512 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 2a9391172256c79ef8abbea96b7b1450
SHA1 25b4e1b87a12410abac9b6931ac4045c3b09ab76
SHA256 057524f76c6240486c41ce6bb5004173c81552e9a6019452025c8e28ba1e3559
SHA512 1c53da79ecbed23afe1f7031d5d8029049567279e9297ca335fff52004b74f8d66bd00e3d2ea8f9f32faeb051617bbd686f05ad8e691cf5b78f450ad8b1cdf4c

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex

MD5 87cef9b102aaad85568ed5ee5a204093
SHA1 27adae802d638c1efbe07557afae0f3b1c1ede13
SHA256 e9c4e1b3287e667d1999f5c892b93be28b8305bf21eec2da29fd59cfae6bb1c5
SHA512 5d0a8805d4fde75e5a9c256ac13015ab15fec4e19e812eabde3f53fb66e678524809d15c928d7afecd9ef47318795aa03ac3dd625a565959f2ccb763ef19d01e

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

MD5 65ed291041391a1b6c0ff144294f991a
SHA1 4671c8cddbadf45093b4ca5b6b76f136acbfa113
SHA256 17566bfa92a31333736ef97ccecf3452705b8c8ebf4b9a76eb3d68d26ab98633
SHA512 fc72d30fa6e33ae66bd2fe48947a890e8b4b67612bdf1e9ebd9ff3b4c2ab292a62e51019c6465e9d8b05a8a11059b61a3ebdcf2ee8d8a2b17584d84082d6515b

/data/user/0/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

MD5 9aa3ab46eee6fb5cdc33cd55151c1513
SHA1 ae69847969f519b4140da13b2b3cfe17aa8d1f5b
SHA256 18190b59e0ebf193fe76239b78d50ccd6724a1e90bf7bc992c81d3813f779668
SHA512 2f871033d5156d7aec85260b2882e4f402014c022fe68c63095ab5a63a91712051ae6339279d50efbfc4cced73776f8e8a0a275bd05d83cf160122366da29ea0

/data/data/com.xgbuy.xg/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 e55c7417bbe93fb7bd3d667711f837de
SHA1 3554e28c2da952d90ccd20a84720a64e41f5d1b5
SHA256 6ce35149a94df6e0db563b0759c62b68e5d5710e35be7ffd71ba3722b29ee586
SHA512 38f5d5c898b48e8cd38a26da05adb4787f06649ca3617a8094217d3abe11a2a30f750bdb1236753b5e5bdcd623bbb69e72884934497ef322644ef9d919be7e4c

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 e64a3665cf7c0618323c6fa3e4252b6c
SHA1 1f86f75deab64a7094da0ad65cc88c4b3a80b766
SHA256 58603efc4c072d623653119fa4ca621d2af3b225c2a5175f7b7eeea9b013ad56
SHA512 acfdb551833004837687b06be92e65c6ae162fa8b7796c0b8ec017530e92a5a6273435bfbf48a7b7c224935154a36fdaa94779a06a6331bf0cc9e646e6c81e5f

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 3911ad10a2d9a4f7ef7a09639a1b8cf3
SHA1 d8d5dae863fe04bef8d987202e25e065efce1e1f
SHA256 0ae3380b0712c9bcbb362bcdf7b72504b9e495fe2987cfc20aec121977dba19d
SHA512 d58dc5e805e0e2d11a79c725285dbb3f75d351d456c87ce79439af68c3a6c2506f5814bc16f09fbf16462c93f5c781437a5bbadc4d48977782899ce9d741dec8

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 1bd86b90e1b355f123e5ce8c93c3de53
SHA1 bee5683d6124650c8be0b3740ad66e771f29b178
SHA256 3ba28c4fe20d74ea96f6ced27333f04a01e03c50092717eed1b6e30152a8d152
SHA512 6ba3d7ac2b9da3bb2f7ca50488782bfb9f12a38bf17debc4f2853a161551a932885bedaedace0ecd3da9777e1cddbb407ca2360c13512b1b804bd6242e767abe

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 0bb7c3a2ef9b37873f0fd46738beecc4
SHA1 83a05b54fe10a8acefb3472fcb6d7339e6d3778c
SHA256 6d0161fc56783e13b8a09b09d29ddb20b229a52a1c6c4ec70cc3b0bd6b745ff9
SHA512 59cddf24fce0d11ce43310f41b6659d49c215586925ff8216f512244ebe58d2a6d1bcebd8f8539463d30399bd0945ef4e43d634bbf3ddcabc6ea3da7ffb307e8

/storage/emulated/0/360/.iddata

MD5 b443c49cdf8cea5b3af432d1ba454733
SHA1 39b20314401df6f9a9e161c194a54d5e17eff9d3
SHA256 84e4a233eba35244b14cfdb47a65cd8eddc1f65f251a6f802abf70e0ad8dbcfe
SHA512 b911c27955e36d236518c28ed0a84c1ee118a66d4a05d7680354feed3e425a0ecbf7304f1560f02343d1d47e51daf967e497cf115c2117f43c9346c8ed95cfd1

/storage/emulated/0/360/.deviceId

MD5 1d8d16c4e3b19ebf18988530d9b9a757
SHA1 bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256 abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA512 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

/storage/emulated/0/Mob/comm/.di

MD5 70a42cba408700f9a6c01c7941a8829e
SHA1 eab01cc2c0671538795fb0b1146017dc099d0984
SHA256 499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA512 8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20240614_log.txt

MD5 d857ade3951ae644fd726b26e1c6bc3a
SHA1 002ec40b697988b20bfbc6e8a4bebf7b48f111a8
SHA256 335b0d4c03ad25df5500a917ffc641e378fa8c909d837e347fb6e28c8aee6d47
SHA512 c81cbe1886810b19776f2b8a1c36ef62f09933a6b92cc6234f42c7846d371cc7fb9c5294103ef3dd906b291a26da51e98edd072992f042bf78ec77133441655c

/data/data/com.xgbuy.xg/databases/xinggou-journal

MD5 509fd1d14ee805fc7542cebcabfbd03a
SHA1 1c3d6cde4084384c6ff4b2d9b3b493bb4d2f3af7
SHA256 0749e30c8aebba50cff8223e020a42e8c416320f98653370adb00385324d4a8a
SHA512 daf40c3f6dd27ba7b6e9f2228590cbcf03dc8e73cd4fd2388d8a2c667786b1c59ebbdb7f1952ef11710ffaf19e756b51bc9b2653232269dbab752f57ad737059

/data/data/com.xgbuy.xg/databases/xinggou

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.xgbuy.xg/databases/xinggou-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.xgbuy.xg/databases/xinggou-wal

MD5 e80f02e3185881472852608a206eb5f2
SHA1 50cfe14e4de8e6f8165c05dadd470aacd0c3289c
SHA256 2e68fb4f140ffb5422fea343fa92a71fd14410cab7a3b73560393c3feb9d13a1
SHA512 7107cc0aea43f164690104bdf29929c8bce210bc02949357b541df9665db2d588fd4bab40331616bf5d28adbb556c212ebf92a6a948a05a210e9aba730b7f476

/storage/emulated/0/Mob/.slw

MD5 19402718bfb1c685a726b4e1d846ad98
SHA1 02a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256 079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA512 25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

/storage/emulated/0/data/.push_deviceid

MD5 da98e123a6210c5fae8dcdabd4c3b159
SHA1 e035ef66591e76f91b0bc2c735dd6600fda57a31
SHA256 718aedf5bc58290f5fa09029c565b2883ea1715fe31f35b8919563dce3b4fed9
SHA512 9a547e00bd4852a695be0e7e923819e021747963e4a782f0730c8b8f8c882aedbc921591a25b3d88ca1e6e9a63b6905ef8c533197cbc84d6ee80311005bdbbee

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/com.xgbuy.xg/databases/ua.db-journal

MD5 104d03c261a30b4de6e8e000df56143a
SHA1 adacc74b1a98e4c7e9635c9e0ce989a5a513c0cb
SHA256 9c852f891faa7fc46fa78235d73ca7ec85776cdd24ae40bed5027547965198a5
SHA512 89773c5850976ed749efba9f8b52c47f7febbc729afb5a2828cb2915dcbffd604d43cfb9bc76160b5dd16cd5d5da1a5031933c22dcb53e3b6923b233dcd1a4d7

/data/data/com.xgbuy.xg/databases/ua.db

MD5 b217743ac2109e6d1b9145f4190294e8
SHA1 3dfc286cd4e25580eea1523dfbb85ff6e90b0502
SHA256 785e0545fc54f32d55a30fb48a33b0a002167928a80f9f4ccb7f5633178571b4
SHA512 15b696ea1c87893c36ad619d39a0343a114d7bd59891308add8f03e0543cbf9ff0c71f963a3b024b0f8331e860360970a7e2e178580233f8baf82b6459dbb7c9

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 fa40f016296c6b16ebb0ae68b78834d3
SHA1 529372fcbd6b0e4af72c278fbf590b6db251ad57
SHA256 18c927c72cdfaed66dfb96c69592357436288f653497b12a683e839f7aae602a
SHA512 5e1cbd40f5d12fe8d9e4d6506d819a74756e27b98968c2dd0841c0669d8d0b2b22fa714f8f0a00fb382a659b422b12c23cbdf366e9c4ebcc3ac6a01f91ee1cbe

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/journal

MD5 572e99e56905de66bd575bbfb70c07ef
SHA1 9c450ebdf2a4591fb24ba098b7d83e7cc6b1ee8a
SHA256 48781da7a8683a58fbe4ec6bb4291c553e94b87c81e81b52fa94a3db6f8f614d
SHA512 c6e78adb63e30af05f6915f2e8416460235d888697c62f0e3dcdf48803143e5052c2d925607cd61e7a273ce684bb021e4db9c0d15082d27b87a50ce0c3aabaab

/data/data/com.xgbuy.xg/cache/image_manager_disk_cache/6936001b0843c9baaf6a3f320fef658f74b649cd15210e9aafd88153117e16a1.0.tmp

MD5 3ccf674803e2bcca74d940a369b98a1f
SHA1 b82beb53b74476af3563d05f4b49b4628611c19f
SHA256 897e90108102b4d93eed118fbc62f4bd208a2651c52da15431f3ece36f4ff274
SHA512 b98a53d48cee9d8d4fae804736e7b66c28beb429d4e84cad49f4f3e92f5a226c99eebe093fabee98d657d41729eab74fdf6081cc29b693e076b213e0e8e60a5f

/data/data/com.xgbuy.xg/databases/cc/cc.db-journal

MD5 4e3a676a4e91714e4563077470d55183
SHA1 63d7f84711e4487f8c34a195c86727e48909b014
SHA256 f09ffb3dac62c61d6a720847c5285f7b6f4f8b35cfd3673ba5af1717dcbe0670
SHA512 c931260161bc2223a23d19fa30076c9c346ea8b0c5ae2e19ec4051b2f65bce0127a15fea91a3d27dfc67a5f074e50bed730cd1e6ce43d6292806f5b832a5fbde

/data/data/com.xgbuy.xg/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.xgbuy.xg/databases/cc/cc.db-wal

MD5 c238699d3141a00acf54abe4ec616e68
SHA1 2abdc0a852c0225fb19c8d9a1e95ac569b100aa2
SHA256 802b6ee91a25270c96e4759db5842e1e4d3831f785b4f8f04edd700947b9021d
SHA512 a68636b8463705200921d45d09bb0db6734e37057dd22eb4562ecb902420e177d003b6e245d1f01746757364e1e0ad3338f1b3580b1aad97a69baffda9c7bef0

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 ac350075380202777164398261a0de00
SHA1 442118f4ad5befe03152a2c19c3f232863ae5cee
SHA256 93e8470fa42e155dde0e1509307b87c075c3f1387e74b0346cff72e2cb351edb
SHA512 b5126612a8e6db059fff7fb28c44267284a254e10923da805cb7fcd609aa413e260a674b48ab19822a8a76c4dc2b9ff8d4d487c7c878a73c36a256db08622b07

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 d5dd55f3eee38ce77fcff63bacd4a841
SHA1 c911902d9ce3f5707903b8c52340e56f8dd3fc0d
SHA256 08cc6031bcd8d34f0902f370b3f7edc3c4a324a26a3072be52bfec938a7e7b9e
SHA512 74e85509e9456cfd35891de709d9c4a79c44cab1a4780bf3f881e7be4685a6bd5af7f09c1d0c0dfdbe92b67684b9e2a01074398cdfb645f5a9bae47fe1157637

/data/data/com.xgbuy.xg/databases/ua.db

MD5 75bc09d1d85eee3723d0468ce0a78c28
SHA1 f8c20cf1ac99c0d3b557258fd1c9365499db686e
SHA256 13b9fef682ad1c58729aeadf6470383f1e86fee80463903247ae0b747ca04029
SHA512 b7bf2b09e1aebf112fbb6a48e95dc50fe425c37d744cd88dee0c521dc6de4397b246e25c91e7813632983b87d0a02848a244ed63929e10fd81fe6ecc53e0d770

/data/data/com.xgbuy.xg/databases/Reyun.db-journal

MD5 f7fb91f55e8414e98048eb6393a8954d
SHA1 8ff3c0b726a29cf2f4c9a1faa880a45fc245d656
SHA256 4eb8e0acbfbf969904e217f549af16ea4de86e09527f3816a77f366a6f8c8028
SHA512 640f4e3d9ef2a7619d0999b35acc2d1a5d419510c35aa7acf6cc59559fc2c1c6ee587db7c252ed8bfc293843c832718ca4e3471d5e7514b9087b4446b1169e59

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 a5537108bfb619ea01400c9a60df911e
SHA1 ea5bb6d86f731ba001165266b41442011398f595
SHA256 3e8681ab415322316d9ca9350db67515a20354bd556fae51780fc64cef28bc6a
SHA512 447f32d84c97728be3ade978ad4d663bde6efe796ea4c5c012fed1789e2cdae52549cbd295b2e018ff57aa8cd216aed2e5d0ed9581774b0518d0c43fa8dbbfe2

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 ec9ff9df3c096e34b91770d4b2e1ab50
SHA1 d26cae8254319086e263e774bc1a295f6ad20ff2
SHA256 f8b549f85557e1f385a52f2fe0b397e62b29a7fed81f62653cb9c1ce08f1967e
SHA512 7b57f3397fc587a4057f8d2570ab69c6052f964ded3c40af33e313019d231509ff9ee1c9c5a0c860f26ce630cf5bca0bd64b1e85fd501a361e0bc9528e7fd313

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 4a18adf0d7e69aaeed2b57fdd13a3c1b
SHA1 6c76db5e4f519a668d4574b5b031443d68e93273
SHA256 8513fb513638f575d1a705857fa733cbc44542f21ae379c9f8b9d75db15e0f40
SHA512 973cc1d8f2c305d5c21e46100136c637d26f7c4721b4b624f4c9b61318dce93589a9a76259516c75613b356f3cd71ae93142d34676b0b433ac126c6b06620552

/data/data/com.xgbuy.xg/databases/ua.db

MD5 90cad8be1ad4a8c3a49b763b3c7dbe37
SHA1 bd5fb96c0619b9c6603201c7fe840a2e7e7f2f76
SHA256 02fefb6b3d206c1a3ec8cae2c673fb91090840016ed01e1c895e6d697ccf3ce9
SHA512 1c1a8f1d8a242e869f2a08b530217d5299495eca2df45024e572f858ff4edd278842f35f429fa855e4cca37f5cd0fe4f8515c06c048906f42a022702811d3ce9

/data/data/com.xgbuy.xg/files/umeng_it.cache

MD5 df75ec7b58d24cb9716d249e14611221
SHA1 92c5cb9af785fe78037c7971d98e3f1c9fdc6ddf
SHA256 9fbf9e1b2f4c765033bf3d5172e771de4cdbfbd5fb314d988d1e00bad31863c6
SHA512 5c28c0d0e75155b40a6eed66e4294fa4240081ff08eb3d681c2534588f85d742568b9ebab0c42ecfca15e85fdef59423948771d102e5955651084058d0c91382

/data/data/com.xgbuy.xg/files/.umeng/exchangeIdentity.json

MD5 b5489f94e71de3c8e334370b31bfa54c
SHA1 d0701d7671478ffb86caf35bb73040923cc1f56f
SHA256 dc1c1960fbe0fc32369798ba68dce21002951edd23181b6682dbbc9a6bcb5f7b
SHA512 2b270abf1f5088faf81a91b2bbd61baf68557d1e6c072cca4ba0da55a39015d2eef425af711085a6f769ef3a643ceeb55bcd956f10c8916a2f69585469fc4cf0

/data/data/com.xgbuy.xg/files/exid.dat

MD5 664fc8c499e175511e48239606c1f404
SHA1 f2062707f1e5aaf6fcca4210d6b55f1c4fff3862
SHA256 56f77e614ad04d160ec0f07abf441c14aa9ffac9b59b564e4b3576022eb48213
SHA512 57367759b5f38876c008eec244514193ac0e3720e5868b47294b673854862fb07cd593036163a24f6f286e3c9e89a6ff60ff944e30cab6861f972a29bdb6bbe4

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 26872eeb7b5e46cf811aeb0f21fa7774
SHA1 e727f9256b36795f8eb8af3a259c83c344008c48
SHA256 da1d46e40625dcb26e8277e293ed316bb84961002bef8aa5485b7107c2b1b4a2
SHA512 498fb81aa728a5f870f8519eb0ad82ebbf72e84791865f1010b85e8c30c65bb774e6719e82e5f122af29a641242650612f0e013d75162eb6bfa3ab1e4e54d702

/data/data/com.xgbuy.xg/files/jpush_stat_cache.json

MD5 7a64550bfdb57b6eb0d058d5e4ed7c2a
SHA1 adecd24fca91f3172726212af1d0afd35dbcee35
SHA256 f62a043c6594a24ad2e17af5e096766c0a3a49efe3c9d41c95f5f11e64602b1e
SHA512 dca54294b293da7a528fb7478a3f1072f31c6fe4854a79ee9ccff817fc97940e27cb25bac5931829cecd451b8e7410a603a5c62e92f44c2a97981db5a0f12eaa

/data/data/com.xgbuy.xg/databases/ua.db

MD5 4bf0021e406c8d3978ef44fe72af7c43
SHA1 946c64cda43b0f70acf567aaa47228a0742ab2ab
SHA256 cc206d818d6335b822158a12df27ff1f235d4090eccd4eac15b44703d33bebb7
SHA512 04f33d0923fd68ec5a55964ab56b3895789e1e13ae79ecc65cb33fe832bab1d54d274abfd8de344ad2527aa30c91a2348d5afaa23715cc5228cd7dc7b3333e19

/data/data/com.xgbuy.xg/databases/cc/cc.db-wal

MD5 96f09b8ce2548ed1d317d7180d05af30
SHA1 70a76b3ad9147d86b64c41ce7f271bdd8e14f681
SHA256 ba211cef4f28d325bafc4f1946e1b77d57e0c7e204348f7c1dcb4d5276589f6f
SHA512 f1e7688090082043bf403bf1e1f2534584ef3e16dc6e262a057b38c97a31de081e7675e979e3022d99465f075555bac57720e34447687fba8ecb2b67a7bd4e84

/data/data/com.xgbuy.xg/databases/ua.db-wal

MD5 da1223286e8343e1cc222daebb90c116
SHA1 c5b365e1fafa75cf759526f6c46912f9fcc5564b
SHA256 0af44f683ac6aab488c6f1d2e3b410662f78ef9d3ac5f3f7d121ead8f1324c27
SHA512 d02eb1505523494fdf702f5f3881cc4ed9cf20ed67ef18c708de01b7ea7759e0c5024741d3f096610cf690818bdf3c2c32e7e302f06f84c1536632911d8caad0

/data/data/com.xgbuy.xg/databases/ua.db

MD5 892e081b694fb8bbc8143a945a37461a
SHA1 ab1c3a2f46cbf15b4bd4edc1c996c06c37daed49
SHA256 e8f94f4cbbf7b2d6fe22bb1062480a6ad24eed9511781b522819048626bc4e8c
SHA512 416b954705913997f1bf44d1960bdb0166e46d3cf026c725f3d79055a300cf2997ae15e30573ea926dff195200a947a9463cf98707f10425d7e29d265fb45f1a

/data/data/com.xgbuy.xg/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest61734289485615521022680076755503589452-journal

MD5 0f7787acfc8ecd3cc850d4e3e243b53b
SHA1 913b9ef3ef28cba552ca8aa6704298196ec3154f
SHA256 2f39cffb4c60f05d338d0f830f2291f33fa4d56d61235d9a7340339af265f2f2
SHA512 362e93776cf011bd374effd2689677de6a6edc3b3b7a5c773668e7aee801fb16d2dc3769ecc4e9f29346d3bb5aae48f0e228edeeac803232ca4b839d0313ae3e

/data/data/com.xgbuy.xg/databases/je_1000_ISME9754_guest61734289485615521022680076755503589452-wal

MD5 61960bfbe78ecf70eba43e3a95c8d284
SHA1 e60fb2ce7fa1fa937d7c8af612e1564c452eead3
SHA256 58082bd60fd9550d466bc82e943f60515c3a61b00664a3ea0ca120bdc611615a
SHA512 48b16f84a0a873034781ed8a7ae2ab590c6912818799e8feff06ff6ecb2bad0402ce7ea002354f0c217bdb74e45f55f42850bf68c15d7c1caa078bdec5423995

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

MD5 20494cafc45f208fe91868114b320ea1
SHA1 8f751e0cf8fe6dc0d6fe5ab908eb1c8accd001db
SHA256 18d4f707c0969d042d5c15d6938f12016a16bfb9592de7458fcb6368de1ed3fa
SHA512 269d23abd8aabb53af1223f81e0b2eb87e97212a1e5385f1f62c17323ccb6d24bbd53baf000598d79700d799fdd6322e1cb60cc4b305d31f0124e86277faba33

/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

MD5 95d413246bc457b5b89cdd9315650ee2
SHA1 c3783f3cd2b5c6b150642eb30e843612348223aa
SHA256 b157e0f8a745696ae44367f26a08f1ca3957a8e6de07ffcb79397857d373bb8f
SHA512 de5c717539741138498717dc189731fe6fb1489fb0a79bb3a3b0c887d00c815a2acb8a9ed1fbbf2a08256124da3bd1e130baf4807ffa81a47d2f9237cbc7e174

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 e8313ece66e1668b0f4e5889d1788f3b
SHA1 bb0cfce750feeac810c207a35419fa6f7d01a773
SHA256 9049c63b155c68da2db7ad9844b5a2f84031881424d0a09f87aed70dfa026f52
SHA512 3ad2588b2fec7648861df25552f895af9ef3537675bce41b10bd42e5f695c971455a6e3e2e770bd877fe6310cdff8869ebedc95046456a345bf82a4d7cb71958

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 723a499071d1e8d7958a7ebd6b50c8b5
SHA1 942156ad4d1b888c2df56981c39facac3cf15b84
SHA256 70eead4ebc7b41d473bbd768bc101fd7fd86b7197020840ab9eb48d27adf8e83
SHA512 52b4a2e13cce913ea13fda844a236f00f95e5ed82983eb2a851846bdb593698ac5e2c441b4093ac9a9dc35bd5dc5a52e37ce489a16e810b721b4ce9bdf78de4d

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 c51ef43381120adf64d514a9256cacfc
SHA1 39e245786995fd234a202562c3f46eff10bede9f
SHA256 93e48f7bd6f7400f855e2716e24be1532ef1cec7b8d4a95b157f53119aac0416
SHA512 99e581bedee057e007590a16019ce8beacf7dfd6b72628a99ffaf7d15f53a53f225a1b3e148ae5db2620561ca4767df0ffdbb3e3fc936ceb033dc5995eb25945

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 63211d62691b52db001db4e8fe925d16
SHA1 83d60d623f2a104794ee950e26d821fca51ae6f8
SHA256 95a3d890cb782e1862e5f59c649bff6a9e04559e9c8b7228a1a533709aa73e98
SHA512 05bd7e9e9979eb168b8fce52410376cf12f3d422dbb57e2f1c217f741b8974faa63af205561935a310fb6022a63c9f490b1491371d8b8ed868445de2dbf9a57b

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 fb6087569237c1e0287c15f1f1dcb034
SHA1 04d0ddedeb2f31e96d282dd79a80e5ce70891420
SHA256 2d5f57af67bfc9a59978517dbc53c6c23d8fd49487a420f581bfae3ab0138e1a
SHA512 6e29f7818f2d57e106f62ef609cf26afefbf289e2974c1c592e7c8f675e1aad5f2f34790d32b0ed5860510cf8d46c1b3b81ac4c148727924d69e2ce1fabe6703

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 2bf1170a6e1928ebc9a04cf3662c8fb1
SHA1 0d9215b8aa1ee54df213748f5e610ceddd9985e0
SHA256 0598fc7294ee177c26c9097735bda7bf601892fc569141ed301fa19ae8d36270
SHA512 a54a01282ae75216f3f137d506a2b979ac746625e44b0adbf3f698115f8f86435496a08d58e3ea8f2aaa20b16d00ac6df919f9bd46c2ff399e880707a58cdbbf

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 9ae7e07a674bf05c0549197f191b8a3d
SHA1 9a4f1589e705288975b2edd1bfd159af14892683
SHA256 67fbf1ae091ddb6fa3cd39833538c968bd040c1a4a08f68ef0dd9267de2313bc
SHA512 e1673f913b1a41a28b89d98fba287aa24dead3e4f7bec04407b67106df954c24613b0ef0766a071ffc5be686f503866f2f6c3bed4a56eacbfb5a4ff66f72bb24

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 3bcd1be77748fb947498c28666659720
SHA1 7a44b0d5928766f7971b356cacd0d3ac405b5452
SHA256 39c14c56eeec25308d900b729e45deeaee69f567402767c3338d2187c7be074f
SHA512 290b95f999dc8a7f57ae5960e45f105e321ba993179a02ebf3b473771b2522efe39776b4f885bf59168a0ad462286399a1acb6b4e47561a6599991142205d3a9

/data/data/com.xgbuy.xg/databases/Reyun.db-wal

MD5 58333d49c3db5f28420673f577093224
SHA1 6b93144859b46ed782a8c9cb6c767f404647c7be
SHA256 7f73dae2130e4fc735cfaf13a53943fe3d2421f997c7e515aa538b2c854d628d
SHA512 0cbfb01a38d36efac09e60bddbaa7e7bacca9ce1c4dfd6f254b75de173135b2e547612935ac9ea7411b0b829bb207fd1df18e9f4a4b92039d71a146c3a4cd719

/data/data/com.xgbuy.xg/databases/Reyun.db

MD5 6ddb59748048e2722cc2d542126624c4
SHA1 537eb3945c2ce4d8bc5314cc52cdb1cdc08e32d7
SHA256 03bb33f41e7b54ef658b491057c0557523bd34ce676bd7346e066daddc650c3b
SHA512 1062c83442308d79a2c01404f7dca253d1d52bac2581580a5ff27eced81b89c0ac560534b17ec9b33901fd2c8864c84bc33354384abf59eb296ceeb94fbb77a1

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 8e24e79baab91c4d0604eaa9006a0cb3
SHA1 e427afc94a4b957a7096f73e395a10ea404c076b
SHA256 65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA512 45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 06d1051e1070e16924f5661db6832851
SHA1 43f09c9ddf2a1d480a33ff22cc65521238b4279c
SHA256 9a04296496d4514f74fdb307df12e3776703e84a680c18f6ea657228cfc8dc53
SHA512 5bcb18a3e9f422918852612365e27ef3f4f229c8c13f3393af16e3ed4610197d11802917dba3b8bedacef66abc9ae718ca79e7becd47d91c05fd58ed591fa77a

/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 b3edbfceaa3d514fe2e1965d3168d04b
SHA1 e04b2ca314724b5776ef6d889f957813074e0a25
SHA256 5286c004d33d5129c513d1184bff9f2621be901d65dc24912a3f701dc6cef459
SHA512 68a9fa5a3d084b6d58d00d36a9fa5877eb97f07196a9c8a81411da1f014c1121f4a08e816a9a7272ac77306b6ffdce80a17de08086e8376e193ac7f662b3bbd7

/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

MD5 19fc1a4d57694247cb3f741e16c6517d
SHA1 a2253da8b4029540045f4f4ddb8c6e1a004dc743
SHA256 b1f02e3e91baadd1d5a2372f1d57123039783d6cfcda893d0228411b342722f8
SHA512 1072b1eb22c8cf81a115079afee1b6d9a65c5833f36a9b0651ee5c4a27293cc2509947342b7f842d489993b56f7a271e965e69f85f3f30d15838daaf278e8c28

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 81024874f926b0c0c9e613997c9370b1
SHA1 a7b4c37570f3e5aa7bd575d0dbcc71ff9079a95c
SHA256 da5ea38fae9a292777936eae50a76aae4d2a589550448aa6970383e44aabe7d6
SHA512 8ae3ca2a1a4ea6c514fffeb911f4c42ff173433a7fd82980193d883196e748e458e83ee42051ccbabfa7f49792dabbf1eb8a72fea3db16c2f157e7ada4182830

/data/data/com.xgbuy.xg/files/.um/um_cache_1718352569311.env

MD5 37b83a4e7052df3bda295f16cf777c10
SHA1 cc623b34f63e0a02a50b69ee6ef3cc6ac3bdf537
SHA256 3f41cda46ae7fa5054d6501ac3dcdcc916d2801673a8f7f922cf4c2decc4d767
SHA512 a4ac303bca524a951d4f991a0f7d23bd7abf97e9aa2c405d3306ac4525f12eeb01c110afeb1e1dc88ed12276cac92ed52217c1843cc0ecf08f5c2ff78ad1c092

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 08:06

Reported

2024-06-14 08:10

Platform

android-x64-20240611.1-en

Max time kernel

14s

Max time network

131s

Command Line

com.xgbuy.xg

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.xgbuy.xg/[email protected] N/A N/A
N/A /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex N/A N/A
N/A /data/user/0/com.xgbuy.xg/[email protected]!classes3.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.xgbuy.xg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.16.226:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp

Files

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

MD5 aa01dd97609092ce310e17bf791069ce
SHA1 f000840a8f68ea7beb2e29ea466088daf55609db
SHA256 e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2
SHA512 766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

/data/data/com.xgbuy.xg/.jiagu/classes.dex

MD5 2a9391172256c79ef8abbea96b7b1450
SHA1 25b4e1b87a12410abac9b6931ac4045c3b09ab76
SHA256 057524f76c6240486c41ce6bb5004173c81552e9a6019452025c8e28ba1e3559
SHA512 1c53da79ecbed23afe1f7031d5d8029049567279e9297ca335fff52004b74f8d66bd00e3d2ea8f9f32faeb051617bbd686f05ad8e691cf5b78f450ad8b1cdf4c

/data/user/0/com.xgbuy.xg/[email protected]

MD5 87cef9b102aaad85568ed5ee5a204093
SHA1 27adae802d638c1efbe07557afae0f3b1c1ede13
SHA256 e9c4e1b3287e667d1999f5c892b93be28b8305bf21eec2da29fd59cfae6bb1c5
SHA512 5d0a8805d4fde75e5a9c256ac13015ab15fec4e19e812eabde3f53fb66e678524809d15c928d7afecd9ef47318795aa03ac3dd625a565959f2ccb763ef19d01e

/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex

MD5 65ed291041391a1b6c0ff144294f991a
SHA1 4671c8cddbadf45093b4ca5b6b76f136acbfa113
SHA256 17566bfa92a31333736ef97ccecf3452705b8c8ebf4b9a76eb3d68d26ab98633
SHA512 fc72d30fa6e33ae66bd2fe48947a890e8b4b67612bdf1e9ebd9ff3b4c2ab292a62e51019c6465e9d8b05a8a11059b61a3ebdcf2ee8d8a2b17584d84082d6515b

/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex

MD5 9aa3ab46eee6fb5cdc33cd55151c1513
SHA1 ae69847969f519b4140da13b2b3cfe17aa8d1f5b
SHA256 18190b59e0ebf193fe76239b78d50ccd6724a1e90bf7bc992c81d3813f779668
SHA512 2f871033d5156d7aec85260b2882e4f402014c022fe68c63095ab5a63a91712051ae6339279d50efbfc4cced73776f8e8a0a275bd05d83cf160122366da29ea0

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

MD5 856360495b0c39b55eb6df1d90e65503
SHA1 f8365b9ae80e0cef9aa6a559c1eacd0d664a9ca5
SHA256 12a192602e5a54e9d5a8a0debfd6cb8096e0649d106f38abed8109fa5ba5eb12
SHA512 fb5b47c4c2808935c2edf2633859d7712fb2d0d7bed79ea219975bd95091e20caf1dfff16b865f1f911b952cba2a430caa921af46721d89782f92e5d229a93d0

/data/data/com.xgbuy.xg/files/.jiagu.lock

MD5 ba34905877cf46cda59d5ed1d09c39f3
SHA1 1fb1a373201a595947316471c250bcb35bebbe87
SHA256 e41a425db0a0f3bed6cdccdf6e682564372c66dbdac4054b39610fa016d804b9
SHA512 ac02ab5a165c290c3e673c3565f571f93d267bee8450c5b3aeed4509c0e96ac8ca9abe76dd676c404068cf159f1d6d0a94e1995a0d8ab827e541a0eeb2163076

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

MD5 1264f30db5bc978090c891fc9ba97820
SHA1 22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc
SHA256 6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c
SHA512 f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

MD5 9afbf0dc0b4a4fd0a874cfec2c55461a
SHA1 a42766499eef11be1120ff87588b7f715c1b2a7f
SHA256 75c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37
SHA512 863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

MD5 9844817f155ae1a9613956b982c80cdd
SHA1 4e999682695d325b777bd0e8eb3dc7f1766636c5
SHA256 1062c4f5b1f33d569e1122f9e1e0818727fc4c6389fe512d127f0f9ee4fb8b5c
SHA512 97c121e449b4bd041a2198ccc2bc2805281ef5bc6ece0e3c5f5ccdf093f5b75ad2aff5e2e14df80d703f9f7b8bd84e080c115bde2613f56622f0fae3dd2eed16

/storage/emulated/0/360/.iddata

MD5 bada03a432cfd2e5d21786e5a3477fa7
SHA1 c15f8d1f6543539bca95138283b6a35ce6322cc5
SHA256 e796eb076476a61f6e62d7af26326309bec299da1b491307004b8f3e943d7837
SHA512 16a51f49ded006fc35f85650a4ad46f348a9f8b5190ff0c3ee933b00ce7c8cd85342b0d2373bc6ee75441eb2517dbffbd6d288ebe7de1f86bf64299d4db02521

/storage/emulated/0/360/.deviceId

MD5 4c4c5285293d5141f582aefa4e038669
SHA1 e01852a72e5a8e6f7d63a21426b515118196047b
SHA256 36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512 097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399