Malware Analysis Report

2024-09-09 16:00

Sample ID 240615-b2vwqsvbqf
Target ac70508a33c3357a5c0c5d8c6d902183_JaffaCakes118
SHA256 1e623b372a357895cb2318773a53a0e133d1a0b5ff154dfde90c99d4412c4de2
Tags
discovery persistence collection credential_access impact evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1e623b372a357895cb2318773a53a0e133d1a0b5ff154dfde90c99d4412c4de2

Threat Level: Likely malicious

The file ac70508a33c3357a5c0c5d8c6d902183_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence collection credential_access impact evasion

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 01:39

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

133s

Command Line

com.cmb.plugin.signin

Signatures

N/A

Processes

com.cmb.plugin.signin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

137s

Command Line

com.cmb.plugin.transaction

Signatures

N/A

Processes

com.cmb.plugin.transaction

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-x64-20240611.1-en

Max time network

148s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

12s

Max time network

134s

Command Line

com.cmbchina.gold

Signatures

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.cmbchina.gold

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
GB 172.217.169.68:443 udp
N/A 224.0.0.251:5353 udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.180.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.180.3:443 udp
GB 172.217.169.68:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.212.227:443 tcp

Files

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 c07e9b0bf3d46e66a28661069bfbdcc6
SHA1 89eaf839161861704a9148778db875434370c38d
SHA256 684d2081bbd24a1074e23c776bebf6323369272ef5d41cfac6f3bb0cf3332f3a
SHA512 ed499cb8d1eed9072ae29c78b5bc6b3db47495d2f8f1f543568690df31801bf96b3a0f5757a0afd972881f1c3b9ccd671bb3590fd05fb318f9afc6172061e3a0

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu

MD5 951e4b58bb0fa0a8bf35f0d6678cd755
SHA1 059d0e242561c95d6853fdf52998f48eb4bceb50
SHA256 0cf78053ac61baa8d3912b9e4b3f9f4ad9268e9c934fd520d7159f0210d8b20f
SHA512 5cfbe6922ad4920fff57786f79c03e557d6f2fca99941443313c2209de5893c32d85365c5d255ffdacaf420361f145a5a100eff1061a854390f563568848d0b8

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 3bbad5df0f6afb301205cb4cf1c10bda
SHA1 c853e1f61d02eadf4bf001a52703c00cdb80d564
SHA256 f5ac11ca81f37f62415224678a38ddced6ec5660ea0159845fe6d41e55f446d8
SHA512 0585ea81ca898e477162e4f8008878bcf869a1ccfe86725f667234cf05c28f1c1b1e704e6afd256a723bce6ddb181511755e34d4f0c784927ff3c00c9aa555cf

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 36da620ad6817246b773ba615e0c62c3
SHA1 4b7aed70faefde73092ac7f09d5564962ceaf8a8
SHA256 1576f912bea0c713266f902d500023a082db52114924a8471effc0598063722b
SHA512 093edbe8261b340bc37db08013a6c3f5b47a1612958f269a09e8d59f3742306007b84ee2a491736a9bf8d381fe5395b44b6a0cff5f8ab25048ff9a34065da8b1

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 bc3378244f36c6e40c48d206f0f30d68
SHA1 ca41a7782ba99729341276159f5da9a2f8f805f8
SHA256 7ddf854b942fec5f6eb49939a4a179463f25335d04b27e7e84a358eccf342070
SHA512 8245c66e8e5e26568c6a77a476158396d18cc39092a902d8f8994f3a8723dda365c93e632c05ea085398dd4efe5194659c5f4e7620e62bb5a9ecefc0cc819808

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 6c9c426ddc63e6a9419dd53d89af0079
SHA1 dc77ab266345d146731cc95f4fcf12d8e9bf59d1
SHA256 576a612e6d4f93a910754694d3305804d39243d0c4b696e7a8d1ec55d3d0eb39
SHA512 9942507738a19c5cfcdc2a7787704f8e1304ecbb4da24c5e0330da30e5314e66a9e6eb2fa6a4c6140581c43be48e607eefac5187c93de1039b4aa2ba6bd66696

/data/user/0/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 56ee18f54fbdc65d1b8ba914acf8964a
SHA1 5f154e972dbd1979025a44c453134bb68fc9c0df
SHA256 0d28b3a958e0b78ac48cf56bc318d6cdbb7c9b254e5617bd85104c4e696db1ae
SHA512 207fca7117b42872ad11168cb673180105425b45f866f2df4fb7cd2ec5fdbf3def57418641d956f582522b617a2a13923733673a0e0b22af6a5f548340c50e80

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-x64-arm64-20240611.1-en

Max time kernel

19s

Max time network

134s

Command Line

com.cmb.plugin.information

Signatures

N/A

Processes

com.cmb.plugin.information

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cmbgold-api-gateway.paas.cmbchina.com udp
CN 120.234.86.44:443 cmbgold-api-gateway.paas.cmbchina.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

/data/user/0/com.cmb.plugin.information/databases/cache_information.db-journal

MD5 a200df042fbde254c2737e54b47b7efe
SHA1 e6334e28502eb3ce432ee1badccaf0e8739d50fc
SHA256 4712bc70e7d2e351463bbbb5c6575074c2698355675dec4bb93b668a4a513248
SHA512 9c342ac2af18a0327006f9f821f09954960475444f60cbca5931c26f288a8b1e0168e4ae18aa5381f6dc0241120560960581b170baa51d4c77b8f660d6e54d1c

/data/user/0/com.cmb.plugin.information/databases/cache_information.db

MD5 f549fcb4fe2462599067d09eebb1f175
SHA1 ee6c523ae362225ab67e0c1e8e56c6b187c6507b
SHA256 353fb2d0483ba5c29e86144aca2eeb1a2b0c71e93c6babca307d94de17934845
SHA512 1e935d2b3fee8b8c0aa2925c0fb9fedc082e23bf4eb7272da38ba5ea1729e0a61c3876712d0ec4bc6484f59e408c7609dae77fb8e481c7916f7127bf4dcc7f4e

/data/user/0/com.cmb.plugin.information/databases/cache_information.db-journal

MD5 4c68ba5445ff5751b70b13c7cfab32ce
SHA1 814e408241191943dedb086b24dc88b88bc3989a
SHA256 963acc6c752e868cbe23a9b327946c0c42152155b1caa48183a3cd6ee3980cee
SHA512 1c5cb8d5777c1d4b22170ab5a8cf37b187dcbd789d90456a7be91c573a650a9612ee82ee10152be4023e992ac299c048f6dd94d3731114077a0f54cae66a455c

/data/user/0/com.cmb.plugin.information/databases/cache_information.db-journal

MD5 f00621f4a06e35459b648bc36770b213
SHA1 19db1119bb8c0a8a517752b89c8aa1c3286b7660
SHA256 9c4ad14d2e3ef44acf583c7fd766e18786f523e57a04523b4b5f98df42ce0027
SHA512 e25bb36ee64d85bc5341f2ad40152e5992465ac47df5b7824b7d1a14c8d8b428329f0daffab92fee8dd2e0d74f211dd2e9a0ed20816cabe452e69d76cb3a168b

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:43

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

131s

Command Line

com.cmb.plugin.transaction

Signatures

N/A

Processes

com.cmb.plugin.transaction

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:44

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

160s

Command Line

com.erayt.android.cmb

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.erayt.android.cmb

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sensdata.paas.cmbchina.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.erayt.android.cmb/files/www/assets/base.min.js

MD5 459bb4de777c03c978577bb4cca340ab
SHA1 f3610adc9b84d0a3d4c396e826fbe9c345868a98
SHA256 b5050a3e1c7190b6c3611c01ce0e5fd3f34216279ecde6a9d3da8621fff3b675
SHA512 5b65dcb01982523af35c215c67f75b138cb5db73145b62f78abb7a6291319713d8dd66aa955bbdc9bbf3f2e2315369fd05b5e48a633c24287f97608cd07ea357

/data/data/com.erayt.android.cmb/files/www/assets/dbf684af.app.min.css

MD5 54e2869074c7d06e8510353330cba093
SHA1 620cd7328cbb516a8c4a84378b32bde56ac623dc
SHA256 facb233c3ddf389c45c12552fc84190ee3d2aa2612c97e98db56adfdb897c587
SHA512 8f55aff5551cb94de1f62fce9f47e484428adcfdf49abef64af06fadf1286fbd22bc0b591ca1267351aa109006ecb9c72165a37e2ff74bd09acf7c2579a382b6

/data/data/com.erayt.android.cmb/files/www/assets/dbf684af.app.min.js

MD5 d0ba7cd052a7ea6169bc6a6f6b524960
SHA1 14112f8e9eef5cfce6610cc461e1b4d2f8f6cbb2
SHA256 33a52ebcbdc81140836ffeacb3755ef4c8096d9ae600a2bce6c258cff0e6c20d
SHA512 51b6af03e17c0f9a9af7c51d7118b158d632e99db962346a67bb33f5e6770757388bd9f302d7f3fd6515d18f359e51061a684b4e85aabbb0b5b196e83ec40e76

/data/data/com.erayt.android.cmb/files/www/assets/heatmap.js

MD5 886938639e8b45fe8ce5217db26de506
SHA1 a994872636e60c7162cf733461272d6b987957d2
SHA256 e2b76ab22a9d8c14e1b624bce1d0632d2cac693e0f47030f10129937fda73fe7
SHA512 1a49da08515cf6913a34686f24eb902eba9715a984776a4d51ff263ba190851cb52c9b4f48b0c3ba24b0cc62406bb79bbe963b7a3c3669a7a68c804c7d0f6cc2

/data/data/com.erayt.android.cmb/files/www/assets/iconfont.eot

MD5 b5e3703382dcc892160236e22dc3fb2d
SHA1 b5e3cc9f403c5ea79c59fdb0f4b8eec32ff03569
SHA256 e26c5ae8aa00b4a7b6b7384d91973afe936e69eceff277376942594e2940bd21
SHA512 3267d7b93f4b6b2748bc076187606d3e8c6e139e03f517ed748f507369bc439ebdb590a247c15cf00ef844b5831aa14f50898c887e0412ecf16ce6e1a593cc3f

/data/data/com.erayt.android.cmb/files/www/assets/iconfont.svg

MD5 581f25c627a1fab9c3efc85d445e0935
SHA1 1dc243dc6feeacb12c241dc596d19328598d312b
SHA256 9116d5ba3fd58d0ab071ed20b149ac741ce190727cd80efb11ff458b41e0a89b
SHA512 ae4f1801961443cf824631b9ad322c0eb5af1bcbd8c3143d34d730ba224a2b3f1e383a7d0b6bfe073db47d538a30a0d3753980d0bb2e877fbf313f77dcfb0709

/data/data/com.erayt.android.cmb/files/www/assets/iconfont.ttf

MD5 85238d721885dbeb41553daae1534606
SHA1 2e0e8f4af9848951e22d45ad17e41e96dc31e365
SHA256 695e3f28a7e2fffd2933e245206d8ef165ee2077cf915e3509ea08fe119a7844
SHA512 5d4e5bd18c3deedc06a0c2396242481a2627fda8f5d9eb78dce83223463eb29474b58c95af7968e168bb97731454319a1013185c42707a973afbbfb850af0e5a

/data/data/com.erayt.android.cmb/files/www/assets/sensorsdata.js

MD5 d55bb8d470f95bf4fd0c0aeaf7fee1dd
SHA1 1c27265481df8ed80fc9756d111c12c3eb886f0e
SHA256 9be672ae664e58ac073d5d95cc35a6531a954d180852a11af3135130a6e8ad8e
SHA512 6e80ce6e078839f21897a60b244899b395feb2c3607a3fdba4e55cec654c8669490ecfb10d10d6759f8738e376304ea0a01c9fa43ff619df8397862cc68287a0

/data/data/com.erayt.android.cmb/files/www/index.html

MD5 9cac08473eafb83a357996809971c2f6
SHA1 8acc929a5c458495fe74182b5afd2b6a1da83fb3
SHA256 4213d59b3ff7bcabb7457cb8efbe9a0c2c1ea44a80eeedae1e2fa132060a8eb1
SHA512 c5b9a672acf04449991ed90cd1eb667508cd6f680d6c13a67b3e296abbb36ba3bf6775d4c466b34614d83298753f14f4805f51a897b8faf68c154f0230ad17c7

/data/data/com.erayt.android.cmb/files/www/manifest.json

MD5 ae398c6fa538aafa646881e772cbe24d
SHA1 4c1588299be31317f3dcfa3f7791f1e97d5f75ec
SHA256 18c738fb7c53df5c29f0b3885ea042ddbe07f54161276d846fd3d62b8f46bd38
SHA512 372a1163790c2d91da3ad61b7c7064a19a734114e446ca1701cf042d808e4aaf8067923cef663864d7ade8aaead29c7a9b89cb879bca63fd2ee81c7552564393

/data/data/com.erayt.android.cmb/files/www/zlist.txt

MD5 0ea3620418338de2d9a93ee4b59d97b2
SHA1 6621f513c009b4ae2ea9bca20da645f1c263b706
SHA256 b94b339b7c8c161d628cefe629c0e25f553eaf67e5263e0f9eead21360207215
SHA512 692cfa16d3ecdb4ca33e071c4d564c9dedac314450efa82413c19201fc9fc208b62e9488f2bf748ff9c3fe666603dca1629807deb03b78f4561a2b0a139cd97a

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

18s

Max time network

131s

Command Line

com.cmb.plugin.information

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.cmb.plugin.information

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cmbgold-api-gateway.paas.cmbchina.com udp
CN 120.234.86.44:443 cmbgold-api-gateway.paas.cmbchina.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.cmb.plugin.information/databases/cache_information.db-journal

MD5 905fed7622870c8e70dfeafcc327af9c
SHA1 3d7a97d397911dfd502d9962318d6c73f6b5de06
SHA256 ba48cb9396200135644466811dc17771449635a60fe9db69155b3615185c7771
SHA512 bde9d0cbe7b33236f5b048614c806ab75bebf5568ef9e4b11accf6144ddd5ac71ad9ba899e7ae4bc4eb17121b3345c8fcd96c3556dc6b096665d5e8984c275fe

/data/data/com.cmb.plugin.information/databases/cache_information.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cmb.plugin.information/databases/cache_information.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cmb.plugin.information/databases/cache_information.db-wal

MD5 b94494b5238d27b83e40f16ddd35af4a
SHA1 266a66964ac4e2c161b5481ff4c8c6c8ec9570b2
SHA256 9931f68ab9d0deb5be62f73681e2153436ffef5a9a88d708cdb1b18c6c452dd0
SHA512 1823ca652f9b0028c80b2bb5b07f74de8d631f8663c069e92fd9a7cc7d606f57a11b54b23ccf78d993099a0fc82e6b51ead8723932fce520c1c0efac00eefa09

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

154s

Command Line

com.cmb.plugin.signin

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.cmb.plugin.signin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
GB 142.250.187.194:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

179s

Max time network

133s

Command Line

com.erayt.android.cmb

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.erayt.android.cmb

Network

Country Destination Domain Proto
GB 172.217.16.228:443 udp
GB 172.217.16.228:443 udp
BE 173.194.76.188:5228 tcp
GB 216.58.212.196:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sensdata.paas.cmbchina.com udp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
GB 216.58.212.227:443 tcp
GB 216.58.212.227:443 tcp
US 162.159.61.3:443 udp
GB 216.58.212.227:443 udp
GB 172.217.16.228:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.erayt.android.cmb/files/www/assets/base.min.js

MD5 459bb4de777c03c978577bb4cca340ab
SHA1 f3610adc9b84d0a3d4c396e826fbe9c345868a98
SHA256 b5050a3e1c7190b6c3611c01ce0e5fd3f34216279ecde6a9d3da8621fff3b675
SHA512 5b65dcb01982523af35c215c67f75b138cb5db73145b62f78abb7a6291319713d8dd66aa955bbdc9bbf3f2e2315369fd05b5e48a633c24287f97608cd07ea357

/data/user/0/com.erayt.android.cmb/files/www/assets/dbf684af.app.min.css

MD5 54e2869074c7d06e8510353330cba093
SHA1 620cd7328cbb516a8c4a84378b32bde56ac623dc
SHA256 facb233c3ddf389c45c12552fc84190ee3d2aa2612c97e98db56adfdb897c587
SHA512 8f55aff5551cb94de1f62fce9f47e484428adcfdf49abef64af06fadf1286fbd22bc0b591ca1267351aa109006ecb9c72165a37e2ff74bd09acf7c2579a382b6

/data/user/0/com.erayt.android.cmb/files/www/assets/dbf684af.app.min.js

MD5 d0ba7cd052a7ea6169bc6a6f6b524960
SHA1 14112f8e9eef5cfce6610cc461e1b4d2f8f6cbb2
SHA256 33a52ebcbdc81140836ffeacb3755ef4c8096d9ae600a2bce6c258cff0e6c20d
SHA512 51b6af03e17c0f9a9af7c51d7118b158d632e99db962346a67bb33f5e6770757388bd9f302d7f3fd6515d18f359e51061a684b4e85aabbb0b5b196e83ec40e76

/data/user/0/com.erayt.android.cmb/files/www/assets/heatmap.js

MD5 886938639e8b45fe8ce5217db26de506
SHA1 a994872636e60c7162cf733461272d6b987957d2
SHA256 e2b76ab22a9d8c14e1b624bce1d0632d2cac693e0f47030f10129937fda73fe7
SHA512 1a49da08515cf6913a34686f24eb902eba9715a984776a4d51ff263ba190851cb52c9b4f48b0c3ba24b0cc62406bb79bbe963b7a3c3669a7a68c804c7d0f6cc2

/data/user/0/com.erayt.android.cmb/files/www/assets/iconfont.eot

MD5 b5e3703382dcc892160236e22dc3fb2d
SHA1 b5e3cc9f403c5ea79c59fdb0f4b8eec32ff03569
SHA256 e26c5ae8aa00b4a7b6b7384d91973afe936e69eceff277376942594e2940bd21
SHA512 3267d7b93f4b6b2748bc076187606d3e8c6e139e03f517ed748f507369bc439ebdb590a247c15cf00ef844b5831aa14f50898c887e0412ecf16ce6e1a593cc3f

/data/user/0/com.erayt.android.cmb/files/www/assets/iconfont.svg

MD5 581f25c627a1fab9c3efc85d445e0935
SHA1 1dc243dc6feeacb12c241dc596d19328598d312b
SHA256 9116d5ba3fd58d0ab071ed20b149ac741ce190727cd80efb11ff458b41e0a89b
SHA512 ae4f1801961443cf824631b9ad322c0eb5af1bcbd8c3143d34d730ba224a2b3f1e383a7d0b6bfe073db47d538a30a0d3753980d0bb2e877fbf313f77dcfb0709

/data/user/0/com.erayt.android.cmb/files/www/assets/iconfont.ttf

MD5 85238d721885dbeb41553daae1534606
SHA1 2e0e8f4af9848951e22d45ad17e41e96dc31e365
SHA256 695e3f28a7e2fffd2933e245206d8ef165ee2077cf915e3509ea08fe119a7844
SHA512 5d4e5bd18c3deedc06a0c2396242481a2627fda8f5d9eb78dce83223463eb29474b58c95af7968e168bb97731454319a1013185c42707a973afbbfb850af0e5a

/data/user/0/com.erayt.android.cmb/files/www/assets/sensorsdata.js

MD5 d55bb8d470f95bf4fd0c0aeaf7fee1dd
SHA1 1c27265481df8ed80fc9756d111c12c3eb886f0e
SHA256 9be672ae664e58ac073d5d95cc35a6531a954d180852a11af3135130a6e8ad8e
SHA512 6e80ce6e078839f21897a60b244899b395feb2c3607a3fdba4e55cec654c8669490ecfb10d10d6759f8738e376304ea0a01c9fa43ff619df8397862cc68287a0

/data/user/0/com.erayt.android.cmb/files/www/index.html

MD5 9cac08473eafb83a357996809971c2f6
SHA1 8acc929a5c458495fe74182b5afd2b6a1da83fb3
SHA256 4213d59b3ff7bcabb7457cb8efbe9a0c2c1ea44a80eeedae1e2fa132060a8eb1
SHA512 c5b9a672acf04449991ed90cd1eb667508cd6f680d6c13a67b3e296abbb36ba3bf6775d4c466b34614d83298753f14f4805f51a897b8faf68c154f0230ad17c7

/data/user/0/com.erayt.android.cmb/files/www/manifest.json

MD5 ae398c6fa538aafa646881e772cbe24d
SHA1 4c1588299be31317f3dcfa3f7791f1e97d5f75ec
SHA256 18c738fb7c53df5c29f0b3885ea042ddbe07f54161276d846fd3d62b8f46bd38
SHA512 372a1163790c2d91da3ad61b7c7064a19a734114e446ca1701cf042d808e4aaf8067923cef663864d7ade8aaead29c7a9b89cb879bca63fd2ee81c7552564393

/data/user/0/com.erayt.android.cmb/files/www/zlist.txt

MD5 0ea3620418338de2d9a93ee4b59d97b2
SHA1 6621f513c009b4ae2ea9bca20da645f1c263b706
SHA256 b94b339b7c8c161d628cefe629c0e25f553eaf67e5263e0f9eead21360207215
SHA512 692cfa16d3ecdb4ca33e071c4d564c9dedac314450efa82413c19201fc9fc208b62e9488f2bf748ff9c3fe666603dca1629807deb03b78f4561a2b0a139cd97a

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:42

Platform

android-x86-arm-20240611.1-en

Max time kernel

168s

Max time network

151s

Command Line

com.cmb.plugin.signin

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.cmb.plugin.signin

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 01:38

Reported

2024-06-15 01:44

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

183s

Command Line

com.cmbchina.gold

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.cmbchina.gold/mix.dex N/A N/A
N/A /data/data/com.cmbchina.gold/mix.dex N/A N/A
N/A /data/data/com.cmbchina.gold/mix.dex N/A N/A
N/A /data/data/com.cmbchina.gold/mix.dex N/A N/A
N/A /data/data/com.cmbchina.gold/mix.dex N/A N/A
N/A /data/data/com.cmbchina.gold/mix.dex N/A N/A
N/A /data/user/0/com.cmbchina.gold/app_bundle_jar/73EB9C406F1DB0E82C118DABEB5C96CB.jar N/A N/A
N/A /data/user/0/com.cmbchina.gold/app_bundle_jar/0E850F417517A0F04410254236C51747.jar N/A N/A
N/A /data/user/0/com.cmbchina.gold/app_bundle_jar/8F0A0454D0D6C5CBCE9CEE4EED8135E2.jar N/A N/A
N/A /data/user/0/com.cmbchina.gold/app_bundle_jar/94A10A26B6740FAF883F3AE3ECE1441F.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.cmbchina.gold

sh -c getprop ro.yunos.version

getprop ro.yunos.version

com.cmbchina.gold:guard

sh -c getprop ro.yunos.version

com.cmbchina.gold:pushservice

getprop ro.yunos.version

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

/system/bin/sh -c type su

/system/bin/sh -c getprop ro.build.version.emui

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.lenovo.series

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.miui.ui.version.name

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.miui.ui.version.name

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.build.version.emui

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.build.version.emui

/system/bin/sh -c getprop ro.build.nubia.rom.name

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.lenovo.series

getprop ro.build.nubia.rom.name

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.lenovo.series

/system/bin/sh -c getprop ro.meizu.product.model

getprop ro.build.version.opporom

getprop ro.meizu.product.model

/system/bin/sh -c getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.build.version.opporom

getprop ro.vivo.os.build.display.id

getprop ro.build.version.opporom

/system/bin/sh -c getprop ro.vivo.os.build.display.id

getprop ro.vivo.os.build.display.id

/system/bin/sh -c getprop ro.aa.romver

/system/bin/sh -c getprop ro.aa.romver

getprop ro.aa.romver

getprop ro.aa.romver

/system/bin/sh -c getprop ro.lewa.version

/system/bin/sh -c getprop ro.lewa.version

getprop ro.lewa.version

getprop ro.lewa.version

/system/bin/sh -c getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

getprop ro.gn.gnromvernumber

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

getprop ro.build.tyd.kbstyle_version

/system/bin/sh -c getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.fingerprint

getprop ro.build.fingerprint

getprop ro.build.fingerprint

/system/bin/sh -c getprop ro.build.rom.id

/system/bin/sh -c getprop ro.build.rom.id

getprop ro.build.rom.id

getprop ro.build.rom.id

/system/bin/sh -c type su

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 register.xmpush.xiaomi.com udp
NL 20.47.97.231:443 register.xmpush.xiaomi.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
US 1.1.1.1:53 sensdata.paas.cmbchina.com udp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
CN 14.22.7.199:80 android.bugly.qq.com tcp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 119.147.179.152:80 android.bugly.qq.com tcp
US 1.1.1.1:53 android.bugly.qq.com udp
CN 14.22.7.140:80 android.bugly.qq.com tcp
CN 14.22.7.140:80 android.bugly.qq.com tcp

Files

/data/data/com.cmbchina.gold/databases/bugly_db_legu-journal

MD5 96b41f95fca97378f09b43c59a77e7aa
SHA1 9a5b03b33a85d66e60c19680374b46aea635b1c1
SHA256 70290ec20b3824390931771f52069a2656a7299e31b94d338b3f559cb79d2f1c
SHA512 08831879a98cc55f59b7d3f983552577621535886ce89393382a4d04abdd7fb1a82bec72a2c027a56cc143804be8971b5310671fdbe07baea076e03f02e864ac

/data/data/com.cmbchina.gold/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.cmbchina.gold/databases/bugly_db_legu-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.cmbchina.gold/databases/bugly_db_legu-wal

MD5 e7c92a9654fa88559d2d03ecde9b688a
SHA1 01310c2d0c9562ac0cd1d66792181ec18b76edbc
SHA256 740c5cd7a9f081cbad58ee1f3054aea13c6ab9c01663b42423daa03fe61f8373
SHA512 24c63c8f55502b54e43ef9c6d8a5bcfcb0c3a5604d96561f99402743a502da2d5fe9abac972d898c0171848f479a02e6bf99eda351ccd6bf1c59e2bd8f92c503

/data/data/com.cmbchina.gold/mix.dex

MD5 63f77f99bd2c2b772a479923bde11974
SHA1 c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA256 4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA512 3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

/data/data/com.cmbchina.gold/databases/bugly_db_-journal

MD5 4ff9feea07afa1dc503b081c2412bc67
SHA1 545d7b874500416cc7e7e705bbdb0881efc4780d
SHA256 62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c
SHA512 ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

/data/data/com.cmbchina.gold/app_crashrecord/1004

MD5 d2b0688a188e918e6c7ad82b7de93b08
SHA1 408e352da7482f85016951fc0ecd40c67d530b80
SHA256 931d2b2ca34fe047b7f5702d069651d58263c47baa3cd2cb4a2610d0fb7c7146
SHA512 2dd46b8ab9cb0ee864b7e53f0d4db0d0b811f995b2cfa8bffff474abbaacc98f9d5129dc6fa2c93b9984346177b3ea149563a5f5163d1844c7ac51b91d498140

/data/data/com.cmbchina.gold/databases/bugly_db_-shm

MD5 7f38fd6416412f5560e1483b3121d3e3
SHA1 d622f83e679ae7f5ed0ffa1919a9841d0716c404
SHA256 6d0df4b0b892f4342a7b61075c479ecaf4f2e2aa9bd1323e31b145e132d90b32
SHA512 8c0ba9c5c1c828aa0d86946765cb60fda7198cefe50d9f75f915b6c0b59fd58c5b3b50530e1a29e10631421355c19d6f5f0dedf21bf0a3fcf26b0d5563157097

/data/data/com.cmbchina.gold/databases/bugly_db_-wal

MD5 046182a96ab7f8ccce5be3e5518c85ba
SHA1 aed04d764957479ca8ab98eda9762929f40e4adb
SHA256 fd80e97d58688b2d1ace17394f58cae862c5826bd3070bcb79060a62dfe2d2a8
SHA512 544b56517305ffde4b59f64e5e214714aecdaefa7450b375d9651b02d2576d92882f1bc0cfa677d4e1e8a7019e3a6a14fdf49f51683de1ade50a369b21bf12bd

/data/data/com.cmbchina.gold/app_crashrecord/1004

MD5 0ba654c257060f5ef9a8d5b86fafd48b
SHA1 144da3b9eb02d9f796d2aee9926432488e9fa8da
SHA256 2db438c2a0b0ee79f66df07d301b8e0871a6b708713c4899439d16ba2cbcd85e
SHA512 004dd9960b834d8ee4b83631c9b1cf5c688956f9c2aa4d8d5bbccd9d0b2c485540732fbd20de66576c04f8f9b3b540067ffd8a1e90e726fb4708f2bac8ad3987

/data/data/com.cmbchina.gold/files/mipush_region

MD5 7dc2aca4a154786e47c4e1e3cc6b0ffe
SHA1 cd0fe8b361fd60424c1a5e990cc8250e97f99bd4
SHA256 46566051920e444dd08fed65b97eed97337a11386c1eb8437f6db2bc6eca59e1
SHA512 5ed0c31f546f6eb608d00d0d7833da653e1226afa0abd41340498b04291907bfa93905036d76bcd0a43af65489fc1640499ec9f7745248df05bd888ec1d03b93

/data/data/com.cmbchina.gold/files/tiny_data.data

MD5 ff57ebd914261f98efd6f80ff363f894
SHA1 4e949f012ef98f7f3a9ddfbee5160fb3c6257f0c
SHA256 6f58776fab996c5675bb733e64bdaf1597c44b6523407e3f2913970e3a93b744
SHA512 ccada35abbb3bde983803fdce34b198981e575aa3e41a4ce32036f457b8d3e62069009e04ba39ea10af375b44f648ffcac9ad739b0ecfd70200ea871af970049

/data/data/com.cmbchina.gold/files/tiny_data.data

MD5 975be3b768bbdf29517e432f3fb7b430
SHA1 ee6b9f0258f68abdc6367c3cb23ac827271b0fac
SHA256 f56128804a43c187bb0d880ca0c744bca6056a097c8efc8719a622eaf5eeb43c
SHA512 39e6a20d51eeafba6a9abe631f2608debdc1c5b016fee4f1fcd4145b9c11b90a9f0ba752ac8e5be6b88974ee49bbc83166ae684f2f43bca642d6680bd8fd67c1

/data/data/com.cmbchina.gold/databases/sensorsdata-journal

MD5 9e402632b468417437938728dd4f4aac
SHA1 b610145390eab95220e4d87ed701edf79464ec52
SHA256 ab6b5b9af788f068cf483f8cb286410e5435f4f0bb6412861e3ae0123c426d58
SHA512 16ee21d80292ffc407c94e7d15cb8667d55d3c671d5467ab3a01e084959330a385ed4336df5284e032fb77fd86544c81b9fcfd6bda5d841a256191f5c95656aa

/data/data/com.cmbchina.gold/databases/sensorsdata

MD5 10a09b40e44a9133da2290cf96c441b6
SHA1 7a92aec50d7c49f649247441aad628ba714855e8
SHA256 a018cafd6a2fb9d4f0755475950ccfdb79927af61efc63e0a361d7b9a5899bca
SHA512 054a4dde3898eceebaa839636fecd58d2851aa28c4f0b35454e74a2ed6e93d576654763972303e209520207eaac51ce1029addc00544e0120ddff9db1fd5a8d7

/data/data/com.cmbchina.gold/databases/sensorsdata-wal

MD5 3fbf20accc4da4d557a790dd29ee02d0
SHA1 06409685a7420edeccc8f1f55907c74792d1852e
SHA256 a39f26c3f5cfe8d78ee226e036053438d291ad353b349aea2a06e05cc2ba0af8
SHA512 f97d497a97dc02e9fc0ef2b6f80ca1891b41932793551aada0b28be738d8942a8684566bb874d6e35e32624be815cb4378c3874896cf26618c55e7311f6f4dc6

/data/data/com.cmbchina.gold/app_crashrecord/1004

MD5 0d210bfb2a0e1f1b4c082a6a0f79de07
SHA1 bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

/data/data/com.cmbchina.gold/app_crashrecord/1004

MD5 9f861af2384412818bf62a38f9d10ae9
SHA1 4f30fb1cdbec1a5eecc0b7757b66df63506ca002
SHA256 ee0a2de18b5d08f44a94d3a59e45c23b6a7be9dd7abe204ef3f2547bb40f7e4b
SHA512 53b300ac7d60fcab69129878f44ad9f0608a8c4ec826c11da230bb252ad7e437eb4cf5b5bb0242ca4afa2a1a89cf359119277d6bdbb2408975bef8b6b910ebd6

/data/data/com.cmbchina.gold/databases/PluginDatabase.db-shm

MD5 7b91f512d5c2866160915e70fab7ccda
SHA1 c536f9f18a2a929594df79eb751221b490c68643
SHA256 c1247f1be091b50a1a8f15ecaab5e47964c3fb00a81e3066ec7cad05a628ce02
SHA512 11a8cee5ab9d90064c0d6c6432ebeaf4171420a2c186a1b4496dfa0fe9d3ec7921ec4f3e0704e306cb8b012672b69b6aa0a7115cc74708ae344203c552c1f81c

/data/data/com.cmbchina.gold/app_bundle_jar/73EB9C406F1DB0E82C118DABEB5C96CB.jar

MD5 39bc078ba626068768f52050f23717c7
SHA1 c77df0a2531bd3fdeb1c2e1e43d44bd330c3f471
SHA256 c88bd8ea73b4523da855df6f7a6babb5443149b9bcd2da4dfbc65bce8ffd0f24
SHA512 ffe547c5f0e8326524eff711d0a49b8e86cc035e80698553e330783237c83dcdf6efa27373e7536e43366a2658887416e722f514861fda50ad44f6d1787ee713

/data/data/com.cmbchina.gold/cache/tomb.zip

MD5 94c887b470286a2d49a8907a2db6e274
SHA1 0c450536e26aa060f2172e7b332c5813a514653e
SHA256 fd6d9f94ccb40d852665286f34a1e98db6daf79e68fa4387baa67886ed65e162
SHA512 080169bf84a4f74441b63a3f3f1a8867a2edc438d24954bb3c7f3463f6101ece2c3f42213fccf3f0d309410d7cc35879a296c9df0a5990dacd75aa2bc6bd92c1

/data/user/0/com.cmbchina.gold/app_bundle_jar/73EB9C406F1DB0E82C118DABEB5C96CB.jar

MD5 9c6ee7449b5c32476a7ef1e1551ada7d
SHA1 a99bb744a0b69eda2370b585837c7d8571ffa593
SHA256 6b59033d02472c87daba6d28dbd553f6a21626fdb82e76491f761d8e875b6e93
SHA512 aee74f513b130e7b5b51f9d9a90ca69f3dfa4ff8ab3e6af15bf40255e485875b94162dae24f1ea25cf420724814e2720b31ef8667227e8b2577613a3f2f9dcb0

/data/user/0/com.cmbchina.gold/app_bundle_jar/0E850F417517A0F04410254236C51747.jar

MD5 f0bf1139d87ebb9ce0d3514659b26d25
SHA1 7c04220d8ac8b80891915cb249398c98b564106d
SHA256 27a484b67e741652c9cbd3daf3dd8a509225c228e0fee375758154c2d811e199
SHA512 816aeae85e23df798ede0f59eac580adc3d994a91b87ff1977d01fa16fbc6852f4aa41be2f21591f6df69ed166874598b90894d22c4c32b8d843b6cee95dbea9

/data/user/0/com.cmbchina.gold/app_bundle_jar/8F0A0454D0D6C5CBCE9CEE4EED8135E2.jar

MD5 cd045a0fbd1ec5e71dd69e28aef77015
SHA1 0a18e7d6127c7797edfa57ac07ca612160a8f7cc
SHA256 0d88bbffbe619910d0c29767e130fbe72e1a111c41605b379433ce761ecefe9a
SHA512 e1784edbec0f838d0494efdf58f27d07d1c0813b400c6efa16ec87796e79453307c9fcff48457df102284e9b74aafa7066490fa1d398c4de53261a2bc8f91eed

/data/user/0/com.cmbchina.gold/app_bundle_jar/94A10A26B6740FAF883F3AE3ECE1441F.jar

MD5 e0125defdbbb586df8b3bd55860787e4
SHA1 856de293ffd4d13c0a2073b1449f13a5a5f5cc63
SHA256 7c13c53dccdb20b21141a89f21a93d7106423cce2c0e75fbc03063a8f2c042a1
SHA512 ec0909139c846317ce43473ca2f870ccb556e0e51dd2a1af17124a9c27b3f39d88bcf45e13aee5f2cb9ae97dbf5ad9c324fecba93eb0a8a4d44beabd254e59e7

/data/data/com.cmbchina.gold/app_bundle_jar/oat/0E850F417517A0F04410254236C51747.jar.cur.prof

MD5 56a2d5b4099909c491200d10b9296055
SHA1 bef88ef008ec3c6b07ca958c67bf371e7fe7ff07
SHA256 6d8efd57b15e7798b7fc91fdb172c5d71b5921802567c87f3158dc4aed77a267
SHA512 b31811e8a769e5d2e8f64d1a36636bd8015b78f576751e2719562db96d38e0af6994e6a38928a80eae6dbe18b536efa245a5e258400437f5b561f1b97e05744b

/data/data/com.cmbchina.gold/app_bundle_jar/oat/73EB9C406F1DB0E82C118DABEB5C96CB.jar.cur.prof

MD5 99845c4342516154db3b37bd6fb40cb4
SHA1 957591652844be26e9b08067b31df99f280641e7
SHA256 601c07304ad30a10c75497d3a760470e9a0b5d4991fc8e4a088285e541b86e3a
SHA512 3a49df1a71fe67c0b5c58a9f1db788c24ebef3ca0ebb521bf3be95d6cc8b0facd4782bdb3654942e41da70a9f03b000f0497aaae0ebb94219b58052ff33aaee7

/data/data/com.cmbchina.gold/app_bundle_jar/oat/8F0A0454D0D6C5CBCE9CEE4EED8135E2.jar.cur.prof

MD5 e236388166b599ce051132fea4f74f21
SHA1 d0a7c792741e2c9680c754ce1eea034dc9c14b30
SHA256 6f28787a96bdcd5e1217c44a4783ae2a830e653b8e330dd158ce23fe91d8e889
SHA512 1f4112241279bdd01226989aa9feb28ee1ce445531e637d15d3b7f5bb6cdfcd97a0ccfe1bd2e319f8b98f2a3e2b9c5c63c6bccc0411cf5702ecd725a99f43df3

/data/data/com.cmbchina.gold/app_bundle_jar/oat/94A10A26B6740FAF883F3AE3ECE1441F.jar.cur.prof

MD5 b6db828129da69d0d542ad704babc550
SHA1 1993cc012dca368dc38a3117e15413a80fc78bf0
SHA256 a09428ee8cdab7ac7f19de95dca3301b0e2c18bdb8e5e7b458db5617fcb9fb99
SHA512 498404b683c80a910eacdcdb49d5d08abde25600aeea731cbf605e85bf349e8bbdd8a1d3b56725ddeff207d1f775cad9f95b59d87022281f03356cea45f231bc