Malware Analysis Report

2024-09-09 17:38

Sample ID 240614-llm63aydml
Target a9000c449a9cfc91122147759d0964e8_JaffaCakes118
SHA256 85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

85493521fa2e6fdb0bccfe0ae5ebd19bd8e215713f777e669261578933978f2e

Threat Level: Likely malicious

The file a9000c449a9cfc91122147759d0964e8_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Queries information about active data network

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 09:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 09:37

Reported

2024-06-14 09:40

Platform

android-x64-20240611.1-en

Max time kernel

128s

Max time network

149s

Command Line

com.smapp.habit

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smapp.habit

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 api.521app.com udp
CN 119.29.27.226:80 api.521app.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.179:80 alog.umengcloud.com tcp

Files

/data/data/com.smapp.habit/app_crashrecord/1004

MD5 af5cb07c509e545c406e3a7638040b34
SHA1 135cfcc0df1bc2d4de851c196a1be6a33969a4fc
SHA256 c96133c45b21d104042729a8e284905c739d83f2c4cd277f56ef1197ed747393
SHA512 38f7b3427bb1bb60f893b94db90143ef14bb58589757e316c257ff002e69ea23a20174ce2f1dbb1d92d5b4d6754b1327ce0f354ed32a010949ea33251eba1f30

/data/data/com.smapp.habit/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.smapp.habit/databases/bugly_db_-journal

MD5 712f49ae4ecf6d13b5285c10e089c396
SHA1 a0d32b600358efada6e284e17712aa4b7096755b
SHA256 5390ab1125e83dd103838e41e9a932d444744e8cc7087bfb1c99be5533c79b75
SHA512 ca2ec468ece5e5da5566489a262d119e366ca994855df82cbcf00e394ab2e8cf7e1d7ed794857a97eafa3fd9835a2e630518d681500ca9bb6b65ea0e1c99f7e6

/data/data/com.smapp.habit/databases/bugly_db_

MD5 fba587ad00c39b395bc9598405f1a5c3
SHA1 9d31f345069b163d66df2e747a98f25ff85e2992
SHA256 44fc589bb9f2cc1bf4750c9fdd5843b21f0e5550edcfd903562590939915f1d0
SHA512 89181aaffa05b0ebc66f0958958410508dc366af78cd28937103581784f5a178321f0bb1e2be98f97e64889e5d4dbf61d6e27999d48b88353016de8c77ef6fae

/data/data/com.smapp.habit/databases/bugly_db_-journal

MD5 1c6cecae160b2b65ff69c56bcf5e5580
SHA1 d39a17d7db84081d4cc260bdbd3f5aca732d904e
SHA256 aa46b6734ba7e8ec596d593c40561050b18a3d789f8dd29e1fc467b8a7bf26c7
SHA512 8e4ccab121e42def011545076c9e42e9ee699474c263c75385c10ebf4bfa4a5e1d89e684179c3c18a1392e969f21d4e590aec5300c695b821f09ef19eed47e04

/data/data/com.smapp.habit/databases/bugly_db_-journal

MD5 48e69fc3fc2aa18d96db86cefda2414f
SHA1 af871a1e7d7c1916f4e431bc4ab1e624c81adb7e
SHA256 1b1c50482efd730e9bb6730be078ad210acd4b974bdb7abe3dc656c1135ecc9d
SHA512 62c95367e05a5a2b4e3c204c47e90e2a61cbdc5d924b4a1cb78ef0957ca6aacd40655b12b8cef2c907e9b5f56b7f4ffd15f6230f6f39b56365f20efc1a575e3d

/data/data/com.smapp.habit/databases/bugly_db_-journal

MD5 8b208f1a7d7b3d100172fe8955af8c91
SHA1 4eda3af99d4e891a6f69644cadb3ea5d9f8cba51
SHA256 29b8f40478b06b13b2597fcf1a408005645c19749528a545e2976a5ac6086578
SHA512 e4eafd032dda14ae4704e656883eaa933a7cc9af54ccc4dcebc8f758eaca366864695a70909bd3b454e7928d14e0a36bed27e6585e1e64417763057c640d1812

/data/data/com.smapp.habit/databases/bugly_db_-journal

MD5 a841bdd9264b3cd3e9d0a6ace3a6456d
SHA1 bff99d71b048bea247804b3e27da76e7e745a81d
SHA256 0a7e54172f323f3506d7b96015f7c8c401d155f19eaaaafd6c1df1e7a3fd0432
SHA512 8cde54087a977957c3eb2d5463b43373e1a9a5e7e5ab288deb94348e8d5bf6d95dc2bb27d4d36657172d9d8cedf0131d0f9c270d7f1e2ea0870750b1f5509be1

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 4ff60e768ea9f2cf5fcf1d55497776ea
SHA1 b9079f4136e61e0b803f12f981bbc8c56e446ca4
SHA256 f8ed2e9307a7f1ca52c3880c9ef695dcc4bbc6ddea910179dcdbabec996a12a0
SHA512 0bcd02daa8d098d599d621b6dfe119d3169c657633cf2cfb3723f66684d7cb02820518db2218754b59aefca95588efa496022becb0ab47783580c8654981ab45

/data/data/com.smapp.habit/databases/cc/cc.db

MD5 0908e924aa236931dc7166fef6e00862
SHA1 7782648d6d8f6e835bd47058d4852932c096a467
SHA256 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA512 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 316fd6ad7557642f3bf0f2b097b2a019
SHA1 cd1dc4663adfcb9f625435addc566dde81238c70
SHA256 f73952ea6f3cf20c9ec1eed6896faeb4aadf1a2956e2d683971349d95d0d9541
SHA512 e720b2a004041d5bf92e1fb2a1f17952cf1c9fcd9785778c45e3f223b18185e0a7d9e9c21234295e781164d26d3bb7b851226f7ecc1dd0ae6c750988a97d927f

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 0dc8b96786b2faf3d90f7b186415e40d
SHA1 3ce3e0d4969687e9386a324eea8cfe2e2d082301
SHA256 90a220eb7ba38ea24b9a2e4332bfedab0d79d629b0ebbdf758180bb0faf59a48
SHA512 42a3becc69563a95adc0b96860ea6029aaa04868d39aee2a8c92ca80d71637ef667d743a5883e4d32a805572f7d88d5890571af8a20dc621e6eba17330971d5a

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 e6787d42620e533b615c7ce517852d6f
SHA1 1ba1c22bea00f628f1d580aced8affa59179972d
SHA256 6542494be321812ca086fa4636e6ab92bdbbea21a78ae51f1d2b7ff7250b8c09
SHA512 b3465374cc7fd0b6c90ec1003bd47d1d35b6d970401443aa5490fc6c3221f7a23a761ff62e5377ebc0124796ac9e5897dcde719c46863ddad729c037cdd9e9f2

/data/data/com.smapp.habit/databases/ua.db

MD5 8a83f7ecf20987f05052d52dfe9681cf
SHA1 100d516fc6a7cc3bfa4434b4d9e531f5eac2dd39
SHA256 dcbe186a9202ead289667476df61dca890062ef4d91a9fde2e53d24244d60c38
SHA512 333b5bdfa2077fc0582e300ef59fa777a7370fd85d54c78fd46e98abb7593a3810960cb146b75ca35d717df03fa08fc3264a712f51f69ea81f1b502f690ede23

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 b868d182a8474e3ac5d29d430cc7b954
SHA1 a1db61c73c8865177f51ebb8737548008acc76d3
SHA256 2f2e63506f92c334aaae0a744a90ee7f7541f10842ae6dfed7b0719c0448346f
SHA512 f7858bd0c80c9285d55b5632a9ba9372d2e722aea184cc04f8407d2d66fe69f1dfab94d0f72b7a1774d0b8528b707a3a216268b4e64b82fc9936ed957fb11903

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 8784a7ed10228abddba9a6f46ef559d2
SHA1 c2b4bee8f650653f11976897031768925b0246b2
SHA256 6de31ad49a47cb62787ef0a7b424dcde932d222cc4c29d5344a7fdea72df60bd
SHA512 c66dbc3733b6b0c0887d1bab8731becc5efcdb98d460df9961186c8486a4ae36b4a96561d03c5fbcd6dc40e593a55b03a3c582c0baeb7720cd36accc26866a79

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 1dd00dc3149a0a6f5b29034796c8db2d
SHA1 9cbe0a13b42d7125f027394203048b5069305d33
SHA256 6cb9ef9e2ec429d46a5bb42d5d2ba8b61609e1021b317ce5ba243a5b52deb732
SHA512 c15c9e1795f72ef555ce61ed18781588b44fa0fbadd9a5fdf7bc7191b529b50010499fd64e891cca0ad8a135ec7af7694194bc5179135b96b13fe36bff83d4aa

/data/data/com.smapp.habit/files/umeng_it.cache

MD5 59f0b387f318363fdeb8ceff7826161d
SHA1 d52812686dfe9b62aa9bb8437b4fd6eb32855949
SHA256 5d6bc0e7b580135f085335f9b71c9cf7831e6c945d7e01e4b26c5a9f3dd31ecc
SHA512 25dbddaf86a23fb7757cbda29c909fd9024e9fdb5043ec4ec1d700c03439858b5644a4998e5f537bdf37d6be88cce689b177083ddd6333de4f3bb9384ad5fc0d

/data/data/com.smapp.habit/files/.umeng/exchangeIdentity.json

MD5 fb41769b18fb015fd51271f58315e685
SHA1 f92ab7ca03545d317ab8aadf458824d44facc274
SHA256 06f2cfbe7e31fa19271b13705c51d715b177eb059bf783faebcd5313b60babf0
SHA512 5f90bed560d32849ebbfe128355e00304e7b3236bf194d724e1d72c07a7ef742dfa2bf4918d92d177cbd4907a162bccd47f8aecd09c2697f2410261f6275279d

/data/data/com.smapp.habit/files/exid.dat

MD5 5938cbde4e676e4766d623c3ec3131d4
SHA1 11971a6f670e8636810c6ca7fdde699e2548f632
SHA256 4ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3
SHA512 3b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 68c4223193060f3162821671d56ab49a
SHA1 11401abfc7c00f9d00bba5d7d45715249ff3fa37
SHA256 a185e993040e6528d7198c917cd616fd2ad059cfe2ecb7c1f923fb82ffe52ab7
SHA512 7424f89739d97503f880f8a15fb2ed69a6f2fb7cad95f1fe8a8ca1d3c3ddd3ddce7e18b5b33e00aa316dc19ac2cff75edceee37adc34e752cf662c02fe66699e

/data/data/com.smapp.habit/databases/ua.db

MD5 38564ad4c73e5619bc2264b0c44997a5
SHA1 e55f6fe1b20347ad4cd58d77af0b0feb149f63d0
SHA256 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8
SHA512 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 5a217d8ff73717e790173bf41a51a9af
SHA1 3c9e2f54cd8378ad52a9f0683613f805d4d9b642
SHA256 6030d94ce0bd0019302dbfd3d1faa58f64217d83697451455d1c5457cefaec71
SHA512 800094c684c626df9784c7332cb86f585b2f5e3aa66a2a211700b4bbeab5bfa961e36930ea78cfdc00c41c08c6c3c18781e780d21e1973756037166f4049c5d1

/data/data/com.smapp.habit/databases/cc/cc.db

MD5 67c12933d1e0e63d9801a6aa43092ce7
SHA1 b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256 abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512 db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 ee8cf33b157ec51de492a489129a17e6
SHA1 9e665bc94967cebc7dd7c69de8b8246ee656d2c0
SHA256 ff6af4ea5d0bf667374587fd9090b209d1708bcc158b90330f89536b2fecf23d
SHA512 a9aae8af476279246d0aca5ddb6ecce3244dcd2e138c19d6e2d77d64e48238f753526daac394d71a794d484ba2b0c8b006c023a4dcc0ecd81aca41dd311e9bea

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 4910fa362e469a50547ae6956f0bd41c
SHA1 1dc0532fbfab2c2fc630d1deb03c3353f6188e91
SHA256 32f50b6bc05b469e05b7993d9384b8d63f24c40e5a534c0d52201a07258e7327
SHA512 dde6c93bcaef61d8a21f85f2c8b41e83240d11b7bef28142f2fcdc639692d8bd7ebff60566fe32f4bfc05fcd33576e2854d651c57695ee98e2a210a8b7db3a51

/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 fe38f4029f1581e38ac154dadb2dc8c8
SHA1 0dc28b30e590b846bc234653bc91e0e555ed7dc0
SHA256 fcb30572d24435ca567bc91b20be7ead0de2d85d17f988ffdd65c8c7f5a0dc40
SHA512 e6f4fc97c7d6afa8cc670b375a258ab81edb8104871d7a802051e852ee642707fa8a70a3f453eb22e021ade826ecd44f76fdbffa5201210b24d27f78b5ddf638

/data/data/com.smapp.habit/databases/ThrowalbeLog.db

MD5 a852ebc3321d2bc807b23175a6a71edc
SHA1 645a7fd33cf75a23628d576e6c6fa5b454d16f13
SHA256 256fb4171fad95478a5a6615ef2bf8cdbb9948eb7f60ee6c909cf5480436128b
SHA512 145ecea475401cc23e175ae5410fe8bea6f2b2aa7f9dcd40ea048cc60f57f48395cf6aab3681c35a3d275d20e79a342de3e8e2302ea2ee234e53ec9f34b5a831

/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 ccd440fe7cefd71ed124140e8c51ea14
SHA1 debe379a9f5a699af45640f55db44ab727aed343
SHA256 e362a271e060c0f11d37c03b7b55af35cb10c4a098fe811688767ae4dc9482f1
SHA512 525987d768a3318c56cf824ce94aa1e25242c8c7b89f93b0448d8f12582ef05b4c2cb63f7d98492293c33c9a152bc9a5f0a4590700c462f50a75cd5484faaf1c

/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 3e6b204bb773719fe62d821357746163
SHA1 03873abeb7a3923cc63c0c08a4045720c58e0495
SHA256 01769dbe4033e3ce86fd98ec7a7d6ccbbc7c172ded1a98471ad6074483929298
SHA512 b0dbea21154603639e6ce894a992accf6e7b00900435e6b83a84e44f37dadd7c048bc2c0c0ba44211ec6efc3d3bdb7d686164ff0db80334d16e9b64cf3b1a9eb

/data/data/com.smapp.habit/files/.um/um_cache_1718357984123.env

MD5 8ea1a9df65c9ab8817035cc4b947996e
SHA1 6451b50b29ac6b3784d2a7329124598012fbac7c
SHA256 8e72814a03dac30d692433cbfc49313a4b03ec51a9aae38627f86ae494e0a086
SHA512 b32424d0be7f553dccac05350e5158f287287f3cd7abb390e46ccb58bd81a8d35d8a952a0f71e122f29abd23c4b4acd6e861bd8b8c8aa6a2c9d43684a7c36bc0

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 09:37

Reported

2024-06-14 09:40

Platform

android-x64-arm64-20240611.1-en

Max time kernel

87s

Max time network

171s

Command Line

com.smapp.habit

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smapp.habit

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.521app.com udp
CN 119.29.27.226:80 api.521app.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/user/0/com.smapp.habit/app_crashrecord/1004

MD5 e287e921ff6958cb0cb4eadf99c0ff24
SHA1 3e2578a472b101e5a97b62184da5186bb4086d84
SHA256 b18046c0a941742fb650ef5ba3707a7d2c795b09def72a3178ff2e7cf4568c40
SHA512 384aa14b699d428e16d850c3b11bd55e345a68413f8f666c07a34297a373c8249cd9c0f68729a1064be1d4538f92c44d2327a8991e33137ecc3f554207edca2d

/data/user/0/com.smapp.habit/databases/bugly_db_-journal

MD5 6cf0b830899443569c607b767f35ae91
SHA1 9582820f0ee95bd84a65c179b84275804b5c2c10
SHA256 16c3b56f7566a551d5feeb1a670600e20c7d69e1b8cf72adc6a931abbbd9afed
SHA512 a294b53ac0bff83435152a6e62a0073c986170e8d4ad1a2cfccf0ffd5b6af1fa5205e726d65bd825c2a3a5b180adf1e10847f60aac608e725528fb7030ef4660

/data/user/0/com.smapp.habit/databases/bugly_db_

MD5 fb5127b812ce2183401cb637e587bc78
SHA1 8ce6cf53bf821baffec575b09fd75579d6770ffc
SHA256 6725d9d263e413e14d4d8cb0ab131f907b0c2b6b0a6a94304f9096b04c13e0fc
SHA512 8b9cf192771e6b3df1b6974077af1f6f7b17324c5caf5fa59abdcd70c75c6ef2ef22c012ade607c4496753577980b74da79a0f3c49bbc9669c20eaaa79f1b13b

/data/user/0/com.smapp.habit/databases/bugly_db_-journal

MD5 e0e247907cf61d6b53364b09dccd3097
SHA1 7397f314aaf9d850daba631b47eadf51458427fb
SHA256 bc81fbe0adef0c12803d19c783a638986794e1f4da95c95ccc461b2951ee1594
SHA512 23d501f3ac269eaf2f0236a54616ca63871119eab1b865026db3e3a61af3e4ed21033b502a3dfd3ec7b256b2ab61763bc67d4d35480685c3abaf8193cff4e24e

/data/user/0/com.smapp.habit/databases/bugly_db_-journal

MD5 7c027f3021c1d8306f9e851932aba09a
SHA1 af1a669b62317eebd44a54a6e35282d1d5a6c34b
SHA256 3ed95aeb01a3324320fe3509a0df26f20e77ebdc81856c4302598fca44c4ef2b
SHA512 8e6d8959d6cbca861797d42375a09805f0fc537a4eb6727be75024d25c555f944499206643e4f71b19bbdbc8e9014e0a0201dd8837979738547b2daa76e00494

/data/user/0/com.smapp.habit/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/user/0/com.smapp.habit/databases/bugly_db_-journal

MD5 73b713a5a65ae8addaa4e82e6e870edc
SHA1 83045a4a229c521f6ba743feff996b9bb8e51329
SHA256 1d6fde4696fbeec3a01297871e8018e4539502c2bf1b4a9165db02e20c68e578
SHA512 735ee51ba26140d648b8ef466c894f7ddd8cc13a2ff8b0cce4e0f1bea08559d274dabac5a9014a4eebc42af80e5928f9e487ce7a85c87a1735e96704b88f3afb

/data/user/0/com.smapp.habit/databases/bugly_db_-journal

MD5 b412d9a17df635cef5401667032eb895
SHA1 11514135e388139ee32d38e27a9fdc509523edb7
SHA256 01ea576a3ecbbff6b449a212609c0adaa5697aed213db36ea2e4393915afae42
SHA512 0f7429ea381ee932e7ad1370f980e4ea0a9bb568103d486ea636a6eba607c23e4ed488e69080526a3d7c000c6e8af1109285cc6b3bb61e659320a230f82df579

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 614666c0dc96ad443693a48176e8f06f
SHA1 1fde240987584d899c330680fa8ea7c4fbbca609
SHA256 29a87b77051cb7d5b33bff7e81b69314bc2c532baeabe03d7dc8a9fcd9556f52
SHA512 690d857cfe0aa13764245d5e94b1e2e6b42b94219f38c1307bc2b169c989bd364f70dc314fa73612c7ede134819e3f4da0cd851a4546dedd04b8dbe1b73a80ef

/data/data/com.smapp.habit/databases/cc/cc.db

MD5 4cfe777c9f6e7859f5efe2197401d8e5
SHA1 bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a
SHA256 c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231
SHA512 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 c2f30b6f032d1756d20f4f1c4ff577c4
SHA1 47a15457f5126e610505bf5ec25607a6146c1b11
SHA256 6a1ce86e2484dcbe224f35d648b49520e6d35cf0da27160e19c7101808f3a844
SHA512 c0971ed6b8ca6e7cfe0bb9dfd93540663b962c3ceb309cf33034b3d09090ba17cb0610b3953765a7c57a866c9a507d628ac8e93d8f5b3810a261026716b730d3

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 0272290d428657920af1b3bff9689358
SHA1 5bb49393609b53f377698d4a320e966a901af641
SHA256 1bf2a2dd4e0d06beec3c23a33116b993115e95b6ff258ddfbf96aca067e206e8
SHA512 aa8b808c7c5de264ab1b0529dba66f65a34462a77529901c19188411d24ff8e0d1062086863ca0b4d1b809ac7d1c727955d1d08fc3c203ed20b18de2643f9865

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 939a199a8641aa4e560444ed8422b31f
SHA1 733f78904d368e687103690e15ce0bd8fb7a4e35
SHA256 98e7c254153a451603b8c6bf930d6fb15ce744c7089a61368060ea3742710ad4
SHA512 0817c6b8c31a7198f68956403a259bd1213bbb475a0534d42edc85cdcdbac3bdfc164eec31c0153e47a7b1f9915bdec4706701a188e005e72005a65684b29be0

/data/data/com.smapp.habit/databases/ua.db

MD5 7bf7ab1da9d209b4b12f27c31be31d32
SHA1 10c719fb8105c79bc789561cba80a5617e2414ce
SHA256 cce58820e31cf3a3915dce7232b87d97332193cbbd694b71d3d1bec2c5270fb7
SHA512 c95e5ad939bdff9387f6dc512dfdf8c18201528b23f459c9fc2b47f608ae23066206c1a28cb87a2bb36f9eb9552b0117dd3965e7756bf5658055cd1bcd91b507

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 c9abb7350a67641172f99178cfdca9a5
SHA1 3a27b3218eef6d82630e21a17415cb2483660184
SHA256 79524a138ef55d16410191b5109638a2fe96e2211de99368471cd79f5d7ef655
SHA512 d944b6796ca2b8708665df17153b88885b3b82b855e5c596cc978eb2eec322c6e2c5b26ec0b8f89381e65a4a2c3cdd7a5340910221fc65dd26635e0d1e1d72df

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 a194eabd392faf98b15249c52b6c5e5a
SHA1 8e389dc5a364cd33839b693d99743f05b7d4a9af
SHA256 a1f6b465d8fbb41f59315559ad8c871ac25dc01fd0cf5299bcfa89c800af4537
SHA512 be410a1a1d74e73eae436c23c2afbcf47cd99fe5d6f688c1c861b4ec3e73c4921f4b1635a4e09b1154e4214dfd2ac6226ad55faba9cab8c4a073e4283222f883

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 360c9d662f5f0f17c77294679120bab6
SHA1 ce9717d704c480bc66903f95a7b169b5b1b00487
SHA256 98070f791040a958466c0de860fdd25a9edce201da0dd8b051e4bf1f1b2cbd72
SHA512 109603e63660b430e856655a6e0dbe59144c38c2975efc7320d14c81f2c88e75fcf27e9c177c1a233b05c2b5d095a0d429a14696c2a814f9a47deabe3aa66f22

/data/user/0/com.smapp.habit/files/umeng_it.cache

MD5 1041e2c315edae3a3a2f0aaa24766ad5
SHA1 a9668bf831e209a25cb2c24aad4df8760345eeb0
SHA256 507f0a65719de1116a3ecd18e77ec14365ebb838386cb3aed24f165d18961855
SHA512 41f879b4cefca14b4675e45904bf235b23f0ecbc4228a8e1ee00474586bc3853b512371319e6976b8ed6f6969ef2de085480edaac54efc3220c565ec99a8ab77

/data/user/0/com.smapp.habit/files/.umeng/exchangeIdentity.json

MD5 ed5a138f2ae6a17032c5572a4a6bddfa
SHA1 5c8996625d5cec48c79f4dad8276c2cdd6f91c5c
SHA256 756c4eeea4988ab93a34db1a467063cdb49998cc382360f2e05ad5f16672962d
SHA512 fdc05636313f9e67636d03bbaa59ef770a7b8d25cea0c53c6f52cc7142b8c4580a809feeff0edd3881ac95b8bc5e73dc2a770ad7279a21ff6ee6028f856dc15e

/data/user/0/com.smapp.habit/files/exid.dat

MD5 5938cbde4e676e4766d623c3ec3131d4
SHA1 11971a6f670e8636810c6ca7fdde699e2548f632
SHA256 4ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3
SHA512 3b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 713e3bfc82c089babfd716e785cf8267
SHA1 8511ff4beb821fc0ad7c1c6d4c37e5a233267338
SHA256 74e486b636a0ee358f9cd8c22f0a05444023da83f048109b528925f00eb378b7
SHA512 80a856c96a6652d9c324fb68343e6efc8d0c49a2ff08f495aa98bbdfdf7394b306c64661fc1742983d5d2e6ce8e28f1069227659282439c3ff2fe73a4b84a298

/data/data/com.smapp.habit/databases/ua.db

MD5 4cac7d31fb94d5c9581893537f64c5ed
SHA1 96bef3288546196ac3058b5eeddbe9da1d999fe5
SHA256 d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5
SHA512 0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 df921711a4463075605d031367a7066a
SHA1 3c3d1c14ef6f69f0b941cdde295a1afae87d2999
SHA256 4287aca35463ddb09839c3be085335c76a534d4618cd7f780d17facfdef5ade8
SHA512 57bd5314bed39cbacbe7676490bf2a0ff2f374bdaa94039e24805d19eafa45eea4efdcd5904f506f5bbad62822e54e38df0e1d58074e01df534085d1606f514c

/data/data/com.smapp.habit/databases/cc/cc.db

MD5 86752a4be6564d8370f2f0e403995003
SHA1 29f7d50675f6e59f3b808eb6dcc8619384412115
SHA256 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c
SHA512 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 76ce81d91c49af34fb951412a0f05cc5
SHA1 f7b68f8842b89f97b3fae10e335dda1f74881e89
SHA256 e0b39f8e61305e1865fda8450ff5b2f9bd70a55164a9e009173c9821c5058f12
SHA512 27eaae4a3ebfcb95ee0165fb107ff0c700a7021dc7e6337ea7a916437357487ab3ae18e64ff35b9ae10cfd73611d6f38c92cfd9cefbd4ea071bd7e7acae825da

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 bd4202043f7b9292424024d6ec362879
SHA1 182151ecaa7f3ce63180221e4403946de8e4ea01
SHA256 49e87db49a43475e0253a1c3898a60112138ab926fde5d236efefb3c03534a6b
SHA512 9be51987d3162d9a3dd8c1c19fa190f77cf669163778f30679cd91699403cf8c4a0911427d46a9d9e238df6e8dbd18d3210908e6d2f108a9ca1c5bbbd12c0893

/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 fb0641132a7a4c5c8f4d3281cb748d64
SHA1 cda86c8f5523a4e3c24a8685eaa88e916b784f72
SHA256 74b6050527b9144782b75afd4c5b81b1fde525eb3f3ce373d3400054e4d46397
SHA512 5566de6451f3283a298f07776ca516bc6cc511d63f2a8013b3a38171a0533986e987db4a20cb2c76ade2bef62b083ea7f8687022386e1a8bc3cb2e0c64e7e3fd

/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db

MD5 61c6e06afed0ed244319a8b366ccac7f
SHA1 e22ae75378d506a7b13191e12b48341f5d518091
SHA256 2d8d6058ca911211fed5562ac88fc34a45718dbfd2e6b8aa26b52f121a48aa9d
SHA512 806f9ad0077c1f3b8a71eebc3a327eb7037717dc9c33b71219c54d7ccf955fa5c60fbab06dbfae8d022cf0acd0d8eb6bee231d74afcb926a923b9f32f39785fb

/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 0e734ceae6961c887b62e8b8243f7074
SHA1 ed10416020d233cc0d637298e4e4f9494fffa95c
SHA256 1cb87058398b3ad5ab74d05ad2b9958c30421d083fa4168e74f3b94750477047
SHA512 221546b194a7493adedbb10c1ac6636294e77ef67487a6a71af26a8482636e1ccb9c24d82670f809abdbace78974890405c737172a2f24a8baee2f01189769ef

/data/user/0/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 06871f210dd4906f2fdbeb8030219b2e
SHA1 df93bf77900afa89797d44bd702a34276458c15a
SHA256 37a5046c0c37fe9e7c8b02ec9fa9b6912ec12c4d33bc1c6c3ba4cbfbd3c49b30
SHA512 e1404a92f5f9a3af38df1c66f3af6d2f8095c307a92dd280b5e1bc6e928543b5be0eacf66293c8622b80fbd2e25c1c267e713fca5a3d8307a08318cf9573d973

/data/user/0/com.smapp.habit/files/.imprint

MD5 d1f06a10c5285fbd0a14de90b101a7dd
SHA1 d421475ee50631f0dfb4b2ab81c4453403459c30
SHA256 dd7beaf504cd613d393f359cdea1fea53920bc71256bb4efe69fe8605b6f6b4c
SHA512 1c1a5aa58591ed3f59aa14f677c46b51ba87a2f39b8aaba27b4082727e0cc777c9782e7937f06d04ab8317bb00bda3e3899db1e4dac2cd7145324209df4e7641

/data/user/0/com.smapp.habit/files/umeng_it.cache

MD5 9f5fc05ff8ea19d5eef81d32e814e52f
SHA1 0ad9b155e3a3f9dc088b5d5076294f4e06d2c222
SHA256 26c44b3cd2ac49ac6c979348059f6e511e23a2f5870acd75dca50979a5a94edd
SHA512 0ab8cc4af4db732fa9ce3d6957c87bf00ef90748b298537128d50c7141d3f432f20395c23e5b812ab573737dd1c58d8cea3757953b1e46dc99dfe29971b9eced

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 09:37

Reported

2024-06-14 09:40

Platform

android-x86-arm-20240611.1-en

Max time kernel

159s

Max time network

182s

Command Line

com.smapp.habit

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A alog.umeng.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.smapp.habit

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.exc.mob.com udp
CN 180.188.25.46:80 api.exc.mob.com tcp
US 1.1.1.1:53 api.521app.com udp
CN 119.29.27.226:80 api.521app.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.179:80 alog.umeng.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umengcloud.com udp
CN 223.109.148.179:80 alog.umengcloud.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.176:80 alog.umengcloud.com tcp
CN 223.109.148.177:80 alog.umengcloud.com tcp
CN 223.109.148.141:80 alog.umengcloud.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
CN 223.109.148.178:80 alog.umengcloud.com tcp
CN 223.109.148.130:80 alog.umengcloud.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp
US 1.1.1.1:53 m.data.mob.com udp
CN 180.188.25.47:80 m.data.mob.com tcp

Files

/data/data/com.smapp.habit/app_crashrecord/1004

MD5 ea642e94f50604ad9aab30b7f1f4dbe0
SHA1 7ce37ca91b1845eb5bda6050ec658e32892d105b
SHA256 d0040b36991c61f9136cb00b2dbc01e1f41d8a07f53c46dd542c8da76653ae6c
SHA512 8ac4468cecfa69a383251576993ef7d65d36d3b35dd2ccb6cab8a62d4529f1fd44bcbe477038c7b66d19b982b8bb5d6d81967dcb91eee42f0b5b3b237b4f5112

/data/data/com.smapp.habit/databases/bugly_db_-journal

MD5 9d51160902e0d64b8d1c1f15a72f5e31
SHA1 bc71e17ca59e5b5d861378527027a071b8d377a2
SHA256 311d6608f427a16bdf1325c8ae64ae826c6a38b33f2d35310454f203271f5a0c
SHA512 f2df76fda58e9eebd71377c63c0bdfb2de92524bc22699e024359c1814b075662c3075a985c69f19849a15e758a30f5c79646589bcdab297243c2a739c946c6f

/data/data/com.smapp.habit/databases/bugly_db_

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.smapp.habit/databases/bugly_db_-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.smapp.habit/databases/bugly_db_-wal

MD5 14d3e7e143ac92719ae0c1f16ac4ecd3
SHA1 b8420a6ee99e4091978edf99d4b4c8a7cef6f3c3
SHA256 a0dcbfb1de5d5d086294fbc761e2c9405d0ab37867682ac6051d254d852d8b49
SHA512 7ce024212b4322d609017774ea527d2047b0a0e0983ca089fc98a2de0bb10351e316424353e2f4e30c156674bc90ee5600aa9dce0fa296f608b0324bcc9473da

/data/data/com.smapp.habit/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.smapp.habit/databases/cc/cc.db-journal

MD5 6d6dc2171c6c2517ded7ee759d5cf42e
SHA1 e0bb6cb98b9581a156377742f790289c588fa921
SHA256 487b571e3884f6795e24a0a613e76c3cead03aaf62f9271094112676fa14d690
SHA512 453aaa6f942f82a0bd66b1726b59dee3a28f9d9c0ed0c72d36498f0d7c5072bbd254c73f526ce043c09ba48577fc3248f68a5e0ef58c97b8f50e5215c5032e6d

/data/data/com.smapp.habit/databases/cc/cc.db

MD5 5d7ea1a23af19b4340cc8d90f28297d5
SHA1 4cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA512 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

/data/data/com.smapp.habit/databases/cc/cc.db-wal

MD5 5149677fa3240c5288b99ab701296cee
SHA1 8ea8aedd2c14a86d6d2e9b56e7e6f297b47f9503
SHA256 318d9e959c3dd0525bdffcbffdb6900bbd940031a651b82a74d3bdb67fb2ba33
SHA512 4a7fe3802cca579d853c549d9268d7a55d7f9f46e30df44260a706080d4d255c1b9951df2edfbfbe6f6e583ca2c0ac7cb22fa83d93a4fe4c431675084309d14f

/data/data/com.smapp.habit/databases/ua.db-journal

MD5 4d4329408aa9aaa37630eecfba11d0a7
SHA1 c1d26940ad919b549bc11cc1db003b2252c1069b
SHA256 021d7f86cf0cac87a0388e951e267974a8c2de63bd37ec17e59e7ffaef14fb79
SHA512 b8ff8e4089f567f674e1d9a4c2d18bf539b49e971544a0ab57c5a1b01c146a40f453143193fd47ecea5ae799decf6daeee784363eb11abb597fd247c114fea16

/data/data/com.smapp.habit/databases/ua.db

MD5 6fba823c325c83038e873e8d004aee4f
SHA1 7a89bc2c9b804a7bddf8ea381e168015a9018a01
SHA256 1bd6df19ace7b22140bbdaed0b36c97b48b1a48dfe85c028030884bee6f285ac
SHA512 764d80791342345cecebbc4719f5f1688025a5b81ca69c72566697498fcf5a07c259ea851e4a0ab51f299cf4d315fb37fa759a454af190c1c6fa6a8105de6a7f

/data/data/com.smapp.habit/databases/ua.db-wal

MD5 555f8a2a5673c8a677e47a1e8eb08588
SHA1 15fcfa3cd393592cddeabb246231377bc6f4f684
SHA256 a2e620b3cbb9fd6c1da9a767177077cb953d043e5b831fce0bf5372c804d4c51
SHA512 e95ba06e39bf6d26b6242891a5279e9ca0d95433216d6ef20c607da464a4639ccefed534364f4aa9b269fcf36dda85892266d26dab9e8f29c6ee0312ae43eaa5

/storage/emulated/0/Mob/comm/dbs/.duid

MD5 fafe258d036588a59290ed19e603e749
SHA1 8381e96291a9c71c7491803b32b9cfdb6d4b4256
SHA256 e40adc9b3348205f33ef8b9476537c4412fd618a5179ab7cb87d68887cc68071
SHA512 2a049d60df4fb04a326bcedd7ae631fa52b7abee86fd38322c5b8b9e1693a0c283ca2f08dcb503ee4bc69ab0a75afbe3dc33762ed248402ce87fa214162a694c

/data/data/com.smapp.habit/files/umeng_it.cache

MD5 778b189701306e61be07b01ea22a55fe
SHA1 9e15aebf4e05d2ddf2d2fc1f88fbb431131c85e9
SHA256 e3ac7dea0ea4c6b384b49f28285d77e656a5db9262190ea64a7451a4f6bc4388
SHA512 2ab2075460ce47056557a691917a0a2b52c9f671a9e16f5a6e3b379642075f526f463c9fb52d111f6ffe47a7cd5545a5771d2eceee486ed9d054489ed1c1c73c

/data/data/com.smapp.habit/files/.umeng/exchangeIdentity.json

MD5 9937e9d52ea7a10b260750a334c8b021
SHA1 1ae45a4cf9a3bcca018d169d83a5818df0970fdc
SHA256 d1fa59c1864ecc488599b698fdab39bb4e884ddfb3fb4e0bd3c65156cc78724a
SHA512 7ce8f5092ab81716ecda83df2a46492f3b783296d49317e5d94e9ccd86077fea82f485ffd10353179d4e828b7661a5f25e700b2f10fa4b71958ae4af5b17e971

/data/data/com.smapp.habit/files/exid.dat

MD5 5938cbde4e676e4766d623c3ec3131d4
SHA1 11971a6f670e8636810c6ca7fdde699e2548f632
SHA256 4ac5e5bb56a900abb5932831680140e9b016f8a8171c80175e8ed646645e3bb3
SHA512 3b22210fa0891dc17c6c1fd53ba89df91a0406aba0325d96b9473e1c0db7c7db22ced050765cc68ed1aa008f027d03be215fa316b62d10f430c31be3e154430b

/data/data/com.smapp.habit/databases/ua.db-wal

MD5 3ddcd9b7e4b68ff490a8654e99a35281
SHA1 da77cd7b5be5ebbbb0e56e471357d1ec5b9f6235
SHA256 a266f4189492cf81c837e65fcb84b2645964aaefa8a7a9619616b5d2358e7287
SHA512 0e0fff7ee5953412bdcb5f55eb8acf857daa69deb5bf6b3d8ccbbddf813017ffd9c7ddb45c12784b634f89b8cafcc43cf5e51d2e90735cbfee99dc941818a998

/data/data/com.smapp.habit/databases/ua.db

MD5 d604a3bf1f8d992cc320ea5b1f7609bd
SHA1 247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA512 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

/data/data/com.smapp.habit/databases/cc/cc.db-wal

MD5 672959d141a7cc353946b5b271a2eda0
SHA1 68b5720f238723c3be747ab996ebe2cf57ba0883
SHA256 1a5f5b806858573389f889705da2877cf0461ba51fd6bdcecd4b2da98349fcc6
SHA512 db262f880fb4f492febd6e3cf27ce5909cadb157f25a8a851f6d1d12baafcea6a65a762a41b5669c737dc2c9748627d46208e205c287665047a93794b903605c

/data/data/com.smapp.habit/databases/cc/cc.db

MD5 ce6135aa1b1fe4f2c2db2a546d2a5558
SHA1 79b59582154017aadab783dc266fcb158c252940
SHA256 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA512 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

/data/data/com.smapp.habit/databases/ThrowalbeLog.db-journal

MD5 f020e4c12ef25bea28de65ef4fddc1be
SHA1 8329a5b3e3677ceafc56f48c5fe90dceb1e27949
SHA256 0be728d5e2ae48c3039798bfd67190062f2bc3ba1b98674f7a5790cf6dc25c19
SHA512 da978a3b217132d0cf8f7a2f1aedb59ec479cbd1b0019b3d35cab1ab3ca30fbf2f66828c55ba76349401a9dc657490224fffe1756137c6a0b69d9834b59ccfca

/data/data/com.smapp.habit/databases/ThrowalbeLog.db-wal

MD5 80efb2909d0df683980f39051d9ea631
SHA1 e3388e8896ab80bd3231bb0bc2678e68ca8992d1
SHA256 537642f47f87ff7025d7261232ec108cfab6a96f0e3d62dbe80464edc52e896b
SHA512 cacc89291814b70196a31c993bac272a823afc9d46d6dc8bc1ebb7f1d273411f4dae13301b45977f366ef1d19b8d4324cb04db21ce36e0f9e356aabe9e1ef897

/data/data/com.smapp.habit/files/.um/um_cache_1718357980185.env

MD5 c5dc1100749c4ce5e1f14e70ddcf6308
SHA1 b54a17e49b5ad442a3d52f424b728b8c53321dde
SHA256 8f214bddb795472a7b6b70ec2d1f600ad763264018fb877b9654bce3e0850632
SHA512 ec589ddc6b002740fc1cde248b9ac096560e813561a15b97c0e607505d1474b2a88ce6dca463356e3e8e55a7eefb2c5666a02f1d275b78cc8649e5792a6e49cb