Malware Analysis Report

2024-10-19 13:11

Sample ID 240618-nszjsawdpj
Target bbbcee06e7c07e0c045ec97bf53e3602_JaffaCakes118
SHA256 e7e7590cf0d0829520b1ba03f07f44ee5f77890a271596b6875fc7c4fcb78cc8
Tags
collection discovery evasion impact persistence credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e7e7590cf0d0829520b1ba03f07f44ee5f77890a271596b6875fc7c4fcb78cc8

Threat Level: Likely malicious

The file bbbcee06e7c07e0c045ec97bf53e3602_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence credential_access

Checks if the Android device is rooted.

Reads the content of SMS inbox messages.

Reads the content of the call log.

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Declares broadcast receivers with permission to handle system events

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Declares services with permission to bind to the system

Queries the mobile country code (MCC)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 11:40

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by wallpaper services to bind with the system. Allows apps to provide live wallpapers. android.permission.BIND_WALLPAPER N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x86-arm-20240611.1-en

Max time network

172s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-arm64-20240611.1-en

Max time network

165s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
BE 108.177.15.188:5228 tcp
GB 216.58.201.110:443 tcp
GB 216.58.213.2:443 tcp
GB 142.250.179.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.204.74:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.178.10:443 safebrowsing.googleapis.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

161s

Command Line

com.jiubang.goscreenlock.theme.rix

Signatures

N/A

Processes

com.jiubang.goscreenlock.theme.rix

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-20240611.1-en

Max time network

168s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.10:443 tcp
GB 172.217.169.14:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.10:443 mdh-pa.googleapis.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 172.217.169.10:443 safebrowsing.googleapis.com tcp
GB 216.58.201.106:443 mdh-pa.googleapis.com tcp
GB 172.217.169.42:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
US 1.1.1.1:53 lh3-dz.googleusercontent.com udp
GB 216.58.212.225:443 lh3-dz.googleusercontent.com tcp
GB 172.217.169.10:443 growth-pa.googleapis.com tcp
GB 172.217.169.78:443 tcp
GB 142.250.179.226:443 tcp
GB 216.58.212.234:443 growth-pa.googleapis.com tcp
GB 216.58.201.106:443 growth-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 172.217.169.10:443 g.tenor.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-20240611.1-en

Max time kernel

3s

Max time network

140s

Command Line

com.jiubang.goscreenlock.theme.rix

Signatures

N/A

Processes

com.jiubang.goscreenlock.theme.rix

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

135s

Command Line

com.jiubang.goscreenlock.theme.rix

Signatures

N/A

Processes

com.jiubang.goscreenlock.theme.rix

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

188s

Command Line

com.jiubang.goscreenlock:preview

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jiubang.goscreenlock:preview

android.process.acore

com.jiubang.goscreenlock:pushservice

com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadSer

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 goupdate.3g.cn udp
CN 139.9.188.168:80 goupdate.3g.cn tcp
US 1.1.1.1:53 imupdate.3g.cn udp
US 69.28.57.141:8888 imupdate.3g.cn tcp
US 1.1.1.1:53 getgolog.3g.cn udp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
US 1.1.1.1:53 goload.wecloud.io udp
US 1.1.1.1:53 themestorelocker.goforandroid.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
US 1.1.1.1:53 adviap.goforandroid.com udp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
US 1.1.1.1:53 newstoredata.goforandroid.com udp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
HK 218.213.248.178:80 tcp
US 69.28.57.140:8888 imupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
HK 218.213.248.178:80 tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 1.1.1.1:53 advoc.goforandroid.com udp
HK 47.242.129.119:80 advoc.goforandroid.com tcp
HK 47.242.129.119:80 advoc.goforandroid.com tcp
HK 47.242.129.119:80 advoc.goforandroid.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
US 1.1.1.1:53 goupdate.3g.cn udp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp

Files

/data/data/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 2dd73651057968ec2aef1e6c4d3a2485
SHA1 228f774e525f85c6dd3cd99abb84837101d8c73d
SHA256 f5aa19440427bb2389474d03cdd305aa6bab718621c843be405e4e1c6537f605
SHA512 9b9538dd2054ed57032218da4e831da040df5b1adaa256d048187bc04fb67bd2d2f80ad521c66f9038652f49df1c8b859aaf509d4e6cddfd5c762c841d0804db

/data/data/com.jiubang.goscreenlock/databases/weather.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.jiubang.goscreenlock/databases/weather.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.jiubang.goscreenlock/databases/weather.db-wal

MD5 1a3c35ccda66b62287b42d98f5b1f079
SHA1 959dcf66b8ea5d44f2cd3ca40dd72f33ced34adf
SHA256 0b6742de8db7bebea923074cf625d4378209fb75f77b48d2244d9d5c46473062
SHA512 ac1aa657015c1d13676119a499565aa9f5cc63253ba146b147d7c35aa039d898e85cd714b5e9564fe49da6536b8952c098889eaf9ce1e9dbdf098592e09cbcce

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 8c74acffebe82bfa3999f7a42e86e947
SHA1 b44dee827b5254c9cc77240abacade07c53d1d3d
SHA256 b7024e882d5f5bb42b8e4e5b852b0455c778cab672f0fdd637b0aa1ea805d1cd
SHA512 314c18d269f9824e83188bfe36ffa6894596d44b1cea31c242cdaa15001e8c2eaa4defaa4f54220db7f8c90de3273cc9a646d2295e17dd9ccf93008907b7bb4b

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db-shm

MD5 ec46d2bb4f13fd406e8a79a298635b2b
SHA1 490a645440b18d7933aad9190387d5a79868d1e8
SHA256 8e3737330ff5fde6562e2a224264ecbb111002bda22d1cb67b54418dcd0097a1
SHA512 133d76b6a9aeb32024504b9b1e639dc9bbe23e227071936ae57ba13d7eab8765746f3242ee6f532b806b5ad94fe440d1af64460c27e307243ad7e3b50f9bb009

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db-wal

MD5 aa9d42f97ea97828413e9f1e4f1475c4
SHA1 11cd341a9d6b9cdade5b693c3af67d7d4ddf5580
SHA256 0bc7a8ff85f82f552541ab019428ff89d89a067dcd962a5da9bcc489eb2de017
SHA512 4e3b087fdbced04aeaaa85755a2d1acb97f3bf3d81ca01c6cc549539a3bd1c8c1d277798a0afc0c79ffe7ab1a947c18e51b351a8d16fa592f7185567009e600d

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db

MD5 1c4274aa7a9a5cac8c6d1df71e4588c6
SHA1 abaecd685e01cc68801292e3dc7085654a22feba
SHA256 3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA512 1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db-shm

MD5 b96fbad7b8fd548dc8360393ab3cc9d2
SHA1 312c22b13487613f35278c64ae3420181fb9fce5
SHA256 924ccc068b91a62bfca78d5a90c552d45777909373910c85f54cd05d9315148e
SHA512 e45cdf736c6f3f85c787598b27bf1ab1ac9699e8909daf52c643ac31d7c5b5b7840e282d572f679fd4a432c3e42981e2eb5ea2c68486406da0328d16bf80ac0f

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db-wal

MD5 0d7377e5bdf14f8db5958e9e43ec56c0
SHA1 0b62e27b1023f3a84d2db8ff641b91b164281568
SHA256 5f397e8eeaca1f3351ab6331eb89e4d6eae2a68c9f401c8a858da4f7b80c9282
SHA512 ced5bdd0ebc1db68dfabb5359d56f8fd8fdafae5be49f8debb12f59a9c9ac9629622c8f4699942affbf06a11f4c0120ed8f094da64e0acf4797cb40e7a596776

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 2bf0d515a0fbbc3853459a6d2920d297
SHA1 d5f3a9a32b1497d10fd05d0405424a37cb3ca37f
SHA256 54dc65a7961c3b96341f30c94d0142f751665969992d2b5f718160c239948d33
SHA512 fdfd3830a63cf6857c2916e0ed8524432fbc74b223b06e2c4dfdc9a637234383a008f28269dfcb97c2d32ae904cc6e1e62f334ce456135d21e0e3e5b45145c7d

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db-shm

MD5 f691b6f4748b1499cd22a5bd6fd99db7
SHA1 484b25dcf5781e3cb020d5060e11527e9484b835
SHA256 cfd108a2621635ec45b0d53e392620d81c1d79c2b67be50ae03d29c065448797
SHA512 fcb4f5ec93c8c4eedaef63ccca48c03b17dbd6dff7181cd50e7d03ab8a58274430fe1766705adb3fde37859e4dbf6fad9dc94a2621238d463cca765babfae63f

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db-wal

MD5 d0d4a8556acfdffbb87b744c1f6abc90
SHA1 80125fa9daf117e2e3391caab069954c9a14438f
SHA256 1b993f620d876b7cec807285d9c5905394ded24e085c4726ace7f996d93ff6ef
SHA512 8591dc1d38709223bf09420714176623cf563cfa8c82aaffec82494740921091f9bdaea837de6063dcb3b007870440d1a93e2aca6b0d2e5a8b6567ba4a80c507

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 46d0ae39586905b885e0af4de6ca1ae6
SHA1 4f03287e95f7b217d691d7b41c20a23dc60acfcd
SHA256 78d11be45e09a4355f6e97c3e9ecc7ff72eaac742f142834a64f8787efe03b5f
SHA512 b767f0f425a275a319b7d1f8cdf2a40f9464dafc6b98a7660f390cfa5417b9b435757930dcd0fa6daa7779ff0d21c1508fc908ea9bc4ea4fe690f6ae4a174f40

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db

MD5 946da34991aa350508911e1dc2c09537
SHA1 d78b4d9820051e8c80cb966465c4e63eb878f416
SHA256 b5b4e9718e305372f25c2071b23a67ac55261928b0efcbb985f9518e25372552
SHA512 410c874072df93c0840d8392b0e404197b26252d7bd6de9c16ccf0571476642cf21fe5e87ac501e223ba89ba3d0e46aa0a8370e299b7f3eb468fb42f0896d6e0

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-wal

MD5 fe26335326e5a3caa7448cea3db8b2a1
SHA1 85aaa1b8cd6ad9184f9e96ab2cd5f2b55f702be4
SHA256 0a0a8d2821b8cefab00aa2f5d76323fbd59b4176ae1b10f1fb3dec461301f9f9
SHA512 0192d7c83b14abbf23b6b7d01e781c307f0400a76c0d314dbe6479271a5f21078ffdc855d002455c9e117d1dea70baf7020a8410325cb04680f5288c289861b5

/data/data/com.jiubang.goscreenlock/databases/google_analytics.db-wal

MD5 c1c8d58d7d8eedb08ac08e45db7a40db
SHA1 b4111bb6e8e3c7286030bb88c5666603aa6b30b4
SHA256 466d80b72ba6b59de0e24d15dc7aa268bd28dce195c1b67f6c5aee045ac55d2d
SHA512 85e67d737513ab4e59402baab503cbc467e4a573560bc293833f6edd19d8ffc43e022b27ae52e710fbb82f918f77d21ebe08062f666367449fb9d3411c0751db

/data/data/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 643759ac3fe7017158f80963c4c5496e
SHA1 76b3a0092519d9e52569c2860752b676dbaf7717
SHA256 f1493c077c354b471defd18092060ba39e589c1fecb616cdadf742e76b3dc3f9
SHA512 461585933f33fad5bc2ba5829d47c924f16aab713647571e7d0a8b9f0057862fe6d71dd625e1985ea4d535dae330310e73d4bc0fd7f9838b160fc9bd0b7f6091

/data/data/com.jiubang.goscreenlock/databases/NewSetting.db-wal

MD5 eb699adf69dba1e69b076ea8d8295d17
SHA1 8ce12e2f5e91735b99927ce418dda0f5477b0d93
SHA256 0459d518297a2adaa2b42858ad234b02d435de05c3acaffd2bd6b41829609aa4
SHA512 e5e5d1d50a6c5e434cae0698ad820169367f8dd3b1f6f1089babadb4de6dd90ad7d70d032616524441ad8fa1546f6fe65a4353146ebd426b796b9dac50dc9c06

/data/data/com.jiubang.goscreenlock/databases/dynamicload.db-journal

MD5 e8f4f55bcd2bbdb10aaae71df012738b
SHA1 790874db588e9d591bb728e084b5235c529a5306
SHA256 d40ad1ff0b0a6fb02cd8569dab6369613dffd9edab3693cbfe4d650f0886b1d7
SHA512 23aebb4c59120f65be9b447ec368d562c0669701168430bb4533b1eed8e9f5667cf4cc65813c66a3fb4b5013a76ec9079903f8b50a43edc39dcfe9fbb1302251

/data/data/com.jiubang.goscreenlock/databases/dynamicload.db-wal

MD5 52f0886c81f638ee9f59586f771c6e89
SHA1 0aae3e96898dd66e657ccaa4c1d51d80fcb0e622
SHA256 5958292848b16fab0ac585a43de154594fc5e1efc7f237bbee7ea8685e034262
SHA512 0f896ff4c7c80191a0ff11a668a2ccc50e815997304edcb69778f7a89ddc98c5d598e3e31b64211095ce109cc94d471999e46d8ff057f063fefc67eae4972c5b

/data/data/com.jiubang.goscreenlock/databases/ad_sdk.db-wal

MD5 169743695456023ce5ef9ab2c5893b01
SHA1 3249ea74b22288d5960408ec12a0592e98d24338
SHA256 717118660ba966efffd526b839cf0b5d3dc67fe685145871e417cb6c3c365206
SHA512 ef57089b1be58733021b53f3dced31c4f26d11f045ee5e38064b15fb8c0106b27e3a204a5ef15fed5562d890228f2c340d8157a236db31d9f5ca3a6592dec6f9

/data/data/com.jiubang.goscreenlock/app_zip_themes/com.jiubang.goscreenlock.theme.rix.zip

MD5 1de5746cab2f87e4e8a3eee7bb614dac
SHA1 bb615bb0f761e38b536c7454c5e6a8d3616ef8c1
SHA256 07b72473f39a4a369c46223b25016f1b32ff0b483552db08c536cc2653e15df5
SHA512 55e3b27bbf714adae8349687c64344200e05aaf1f172ea60a926b0a72a717e8af5f27fd9a19abc7adceb0ee17b7e8c300d69681aaf53875af5facf428515e17f

/storage/emulated/0/commerce/statistics/deviceId.txt

MD5 1adffadcbac23d2e33a0127c20957aba
SHA1 f692283f127b78bba795d99cbe5177dd6b9c1488
SHA256 a86fb2bf316a1b4c3e6cf1a8cf0a45b25d651f876ed74415b9ece33b67985c9d
SHA512 c298b78cec506a88c6c5f6a528aca8f268559819b9df884917694f654e97ba4ffe34594c5074f35a66e53a0608385dea96f8bc75892d0186f670696853247803

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-20240611.1-en

Max time kernel

179s

Max time network

193s

Command Line

com.jiubang.goscreenlock:preview

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jiubang.goscreenlock:preview

android.process.acore

com.jiubang.goscreenlock:pushservice

com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 goupdate.3g.cn udp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 imupdate.3g.cn udp
US 69.28.57.141:8888 imupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 getgolog.3g.cn udp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 1.1.1.1:53 goload.wecloud.io udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 themestorelocker.goforandroid.com udp
US 1.1.1.1:53 adviap.goforandroid.com udp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
US 1.1.1.1:53 newstoredata.goforandroid.com udp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
HK 8.210.59.142:80 adviap.goforandroid.com tcp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
US 47.88.94.175:80 newstoredata.goforandroid.com tcp
HK 218.213.248.178:80 tcp
US 69.28.57.140:8888 imupdate.3g.cn tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
GB 216.58.204.78:443 tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
HK 218.213.248.178:80 tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
US 1.1.1.1:53 advoc.goforandroid.com udp
HK 47.242.62.57:80 advoc.goforandroid.com tcp
HK 47.242.62.57:80 advoc.goforandroid.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
HK 47.242.62.57:80 advoc.goforandroid.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp

Files

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 f5e61d6e8ed1ba92bd5f8506f243f5a0
SHA1 1a1d8eb5cdcc4d6e8f748ac8e5324241dc65a205
SHA256 ef9a6dcf353dce8434608b0a45572535b23c5ff5e73a245a44372a0941b774c7
SHA512 f8c558974aae4e47ddd8bff75d60b3cac9e55ebd00822d01a424b2d0886e6ecbe4ad5574be4517c287954175a14a630acbc623542cabd4999da5c739921147dd

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db

MD5 7ff0635b42986173e7c4e3dd59709c3d
SHA1 4c63e3f08c6bd111fe55ab833943301f14be7ace
SHA256 dbbf6e6fbc75e726396a9779278ae79449a5314128ec3ed7279c3ecd87adc609
SHA512 1026d15528de6238e26908e506fbd540899f713c55f07ef84d7907b686fe6af16a5b02f0b7724e51580a23efbd9b73b7f6d7661019be5df5737749c9b068b880

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 d18dc76f1719b837200b5c7d48587acd
SHA1 403c1063a3edaf7797951be8e8f43b3697651cc7
SHA256 ae653ec224b151c1adb84e792ffa8c339fddffcc1ceb070fd4e61e6539364407
SHA512 b1ce5de8b477c1885d3ce3936e51974b28f534d806e04cfd7d23d00524c3efe3c0d65757f92342cd4e21c5eacb0fade48219b5997d6d1486bf97daf7f3a64b81

/data/data/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 2a78ee2d999a913df23076b71488e100
SHA1 c37767b55daa5cec684d60ec45e45a5a287908e0
SHA256 0bd848ff5c49b395763df491902778e6c1c5478376676ae240c12f90dd3e7298
SHA512 da09d1c868fb45e333d351e95c8c47608b9ab0a7104dd0ffdbe3a4f356a109daad3a8bfa727b4b2743b42b188d52c2698f6cbb1dbb824eb63a77a93855ee46b0

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db-journal

MD5 6f4a9028e0b647203b0008d64e4340cf
SHA1 5eba4851edbca957f2ff5d5ec031ef73da1a5969
SHA256 ca7ea4a446f967c3c04310f856050888e7ac80ef9b013a880b407c959ac5fe34
SHA512 48f51f5db35e89a67b76c52b4ebf21c7875d7703dfc9221bd4067ba1c1502746276fb4f09dfd605cb2c5a41bce94f965d8020a75d75bd074d57bc8b2311c3696

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db

MD5 75719be14d30c91b73e3bc0ff09c87a8
SHA1 9c56e7d046814ee76835d3cdafee06b4c225053e
SHA256 35dc12f0bc0811af34adc4d2ca851a5d649d9aebf234bb761cf6f0d0186fa567
SHA512 b07c47fca3d60c499c31063b1a0637f9ac6c093963ccb2b5a5d29cc1f9fbf16314e13a223c5888de7595b487e7b369c6b5bf40a89797b1a24d3d67c19f40409b

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db-journal

MD5 4a95f54809903c7f8e6c3cbb7524d8df
SHA1 1aeb6695be76adbf90331c42a1952d60d89aef3e
SHA256 8c931ca2132e9c3359c8a3e5967f89d2a57fdfdf4b65feeea4a587f33b35c22a
SHA512 59e86bda574ea9b809afded5aba969a6b77c80075bb44353ec702146ead28cd3c10152f25cf7c0e5d070e5e02f0c081e87049eec274555245c6724a987773a22

/data/data/com.jiubang.goscreenlock/databases/notify_calendar.db-journal

MD5 eb4177879aceea54afbaded78d3d6247
SHA1 4e702d45a680d499eedd129eecc2434969ed0e0d
SHA256 08a553741660a7ffa424ae98bc5696216d30e393717d8836d91cb9320d575760
SHA512 98464cde6fb4d15bc1f2ec6b04d72365dd384cfe36fece6466b19a6ae125bf3a6bd015e2d07bb9264242079b39606bbc6ebf315985eca93eaf760c376e749873

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 fea16faea94c02d6211784446be5b3a9
SHA1 444651c8a652792670150e6f239ee0e04059ece7
SHA256 d29d5939c8806b40545809d41bbe22f6b95ef61361ae56d9f04b462726e6ef08
SHA512 7391e0524282cc7c6153679c206f2c70556853f667ece637f281ad0c3a1a8ddab4f1e33b73abae83946f67157021ca014887a94a998c7dd64e5f1e697eeca45e

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db

MD5 25af6a059ff70428a975a943717689be
SHA1 64fffd0cb833e515e18a0804167bafdf66728a27
SHA256 9a3c374cd09bdd169c722c4ea4637aedcf20dae2e6259396bb2392b5d79f061d
SHA512 8451b81e1d55a1d14f95b872edeb27b69c635fed940460f8f3830552a6db20ba28b4fbb916a2770d84596f24b0f2bc5d419142ea270b55f3ffa01223f25ed910

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 38a1c6a5a1471e93d0d03215f89ee4a2
SHA1 b722f7dd7c8b751bf35aa0eb53134170dc90f26e
SHA256 d429756873261395d018f4113a884d15e971423583984427fabe5a93fe104a6f
SHA512 9344a35dff8fb9f091c9fbd88d60648947ecb03f7fc2d6f0c44004e59b984ebe45ae42880b4beb139e5eccfccee31487ea50fc6b8531784e91970905a3437325

/data/data/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 e289b1d75a4a7a9fe651cb227dc9c081
SHA1 6049b67e199116320731fb411881c51727bd2911
SHA256 7d842abb5353845fe16cc2e3a6695a34e92d8f2ad649d4d907529a2b293a3f2a
SHA512 273af97d04d62fe95d24fe90ba18d4db385327668b18169fa088fc9fb0a7c556d4f55e458a21b1be7d21f4593d8318bf50b3f78fa700d4fc2d95f39ce101fd55

/data/data/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 13da341d8ad3c916d7095a9156855722
SHA1 bd3abfe1c940c658ff630b263fcac3ce3cfa3b45
SHA256 12e5fac77e270b6454f31c98eba2234e449d4b3cc2dd35ca7d19c8942aed0ee1
SHA512 8e314b5cc17858ab5eaf76569acb8683a22b2c319aacd11395886f39e93e039908ce30c739c9aac0a935813c3d254460c4bd2b24433bcec959c6cb87c70875c4

/data/data/com.jiubang.goscreenlock/databases/weather.db

MD5 e3c640da43721acd27e1aaaa1fa4054d
SHA1 d56cc0bd8d2eeea3c36fba97923577a2ab7973e4
SHA256 6c42fc780f932dc65b184e353f531b8f3cb7f4e2e4b0c76598e25b8d6f7d8911
SHA512 e437d176bc3e0974edcac3491a1908c1b1f1cb791a90e0bcb8a721f4313ed89831ec901caa91b7768cf7f1c5e080afa956f4db7e58d9f1a61bf81973ffb204a6

/data/data/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 c46922265eb0813ae82407281e8c9c73
SHA1 7df9bf880fe2220480db7f552c2244b3a593249c
SHA256 8d66f27bce59886146e1957dfd07c74d55425a846eedfcb019ca48fe195954ff
SHA512 6b26915c8c4fb48435bbb1d5806bcfa0a91699db1d9e7e95438cb904b181d58a4bdd95f2e1b1135d7ccfc43503fa97536e6936f7a97a47da41aeef4678cb93b5

/data/data/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 64f84f1b5a4e9604e76af5d6adceac1f
SHA1 56e48c1b0f3679855d1dbbd2d2d803c0c174401a
SHA256 829c72450f96cb5b629b36050d7b08174367ccc870a4643f36d6ca38c57175c1
SHA512 fd9b9e5bb238a6dfeecc84b6410487a32b3630cef3c1952ca7a1679a1fff93b99fbd0a44ed3b212c06a85d71aa61ba6d47cdff45b0cdac7ddc226b8986952b05

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 4a6fe923da8a878938be154b1fdcc834
SHA1 1116ebb53212cba081079748409a687112906e55
SHA256 5760a9bef25db88a4749a43df6bd2ec3aa42418a2382460d23f15dd7724eef7b
SHA512 ee3a0aca196d5f3f1509a97e0866f9e7705a25b8c2e11d6d8cbb09cc5faf8d5fdc322a1478ed5206a8f6bc56546ffc38b8fa7557f0ede39860293751193706e1

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db

MD5 45aa171387ba19718f53f4904c2006d1
SHA1 0be4d0a4a919b934a499eedbc72757e450fd573c
SHA256 fc4e1a2fdf244bcd9698eb6a834db9a12668c897f55833c64f1948a27791291d
SHA512 e2b3442be5ad00a74e16b2d15aa68b0f429f15c5b376befd9160f8f157e8a96acafeb50ef0022690ee93a477b1ab5878e5f1d0b3f34ba588ee9b3ca38d6536f9

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 d68baedd8e5a85595afbec30f3ee5aba
SHA1 227f1fdc0cb39e4009c8973f5346816facc67e23
SHA256 b8d759185189f92e2d4ba8328d358b0cc317a5b65765a69c68d60bd8bd48e659
SHA512 58301519ed7d0fdef909995088e1d06c35732b5c6ff77323530b868b33a0cb4579e25a6bbaae04d1aa273d805f9a3f5803e7861a41c71182e350c2189535fc6f

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 230d65f3ca2b410e7226af4f85b49502
SHA1 e46957b71da629c4b31562bb0747da8285888347
SHA256 2ffe2298d39f865199ae1877cfe846273057ced243ad5e5dac0e88c969373ff6
SHA512 5802f576e88993a97a32377d82f22bfb586d6c815fd31abf77d2b2f777c2043e5d7d3f14416c9b1babe9778c2ced59a22a3496de3744a4218fa5d71b0cf8b949

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 8fe4d4f1f48d533468776dd910ef87b0
SHA1 46ed7899a17d7720c2038bd525f0c758e8ea3640
SHA256 e68b1fd0908c6581380f47e5ea8e4b0e300d0c8f77e974fac268222d6fefe894
SHA512 b4434db33b1553e9b389bb8ef219e1ecc99febf996469cdf949c9cc14b816aad854466c5139bb2d36563a63dcea83c9192fa65bbd1ca85e94ad7b4996eab24f6

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db

MD5 1de5746cab2f87e4e8a3eee7bb614dac
SHA1 bb615bb0f761e38b536c7454c5e6a8d3616ef8c1
SHA256 07b72473f39a4a369c46223b25016f1b32ff0b483552db08c536cc2653e15df5
SHA512 55e3b27bbf714adae8349687c64344200e05aaf1f172ea60a926b0a72a717e8af5f27fd9a19abc7adceb0ee17b7e8c300d69681aaf53875af5facf428515e17f

/data/data/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 e6771ae88765f23e1c5f6c79c37a0b84
SHA1 51998ee56d0f1910b16476824f0ea2d494ef4742
SHA256 54a2192848baf7a6d7ec5970d3e0bf37d29649d2a8c4dffb0188d7c96cec5656
SHA512 142f00cb7908ea4d1024f4b9a63b9981ab454ead0a5b6299371c8e431a98547ed4c27553a52faa1ad014fd5d0a60519ca27966e3fd59aae596f2ce1f2623ae10

/data/data/com.jiubang.goscreenlock/databases/NewSetting.db

MD5 86b33386a9fa90ed4c78f28dbf4303fa
SHA1 56688a4462571ebea9d6b25f84e83981391cadea
SHA256 0840b9401ccc29847e515de3f2334d93fbffb73c290cea103af8325e9a886df6
SHA512 539065dac8e5f679fc54ced7c2ed8e96f3f9d6bbe533e360c73ebb1d983950df3cd51b53ba1c99841b2b5b8abd3575d6cd8d42eae7b55d561fde1dc8cbd020e7

/data/data/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 3c12ac168bf1f068c4cd06d70335c700
SHA1 b15efb980cd22fdfcf57c45d581135b24f0dca7d
SHA256 1a413f0aea25147c1bbba545d7255105174922cce5c07a67075feb4c90815ef5
SHA512 4a1cfbd5666e96e3d43941dbc48dce3366058e36d1f703be09c8aad7bbb319c4f33e783126961ab9b07a5d87c070364b5cb712d3ca4dfb0649a4f425926876b8

/data/data/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 0877a93bb05bdafa75ad4a5be34da849
SHA1 257c1e7d6d24f165fed105fc3115609d77cfe76d
SHA256 a7c7a52b55c943c3cfa8bb8c04b1338decbdc061aa98345e8a47c23490f379ed
SHA512 3bde6089a09d8d85ab7f2c4733c648887f6415bd6e8a27856414345adeb1809a34f1fda7f25aa3f0d2d4a004772412facd26a307efc74827a57400e0fe2e1ee6

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 b4195dc5bdc8229c1cb4152d6fff5ffa
SHA1 e0a9906c10a03180cbfd3f3a49ca3b4c2241a5b4
SHA256 b6b5c7f2e217c7f1523c11f615f3581addf0d0af6e15e98695411f464cb8cfb5
SHA512 2ad6dac6aaefe1b5954935448cce3a45e4025831db92f599177fa12c4a1857b615650af18d7502f2920b70f49099f237608770f106d1ba99011d33b0fa40167c

/data/data/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 f10ffc40515cb8e52d1ef066fcfe2f01
SHA1 ac87588d0767bdc185265b5dfbf2f4aa35512098
SHA256 c465983adf0b660b42a078a857e97466a079692be28d5be3c3381e5980554def
SHA512 b91d1c3eb2feee2c99aba783d0ff4790c3437f22810557606c28734f43843636e981a2e2fd06696476316a1f7d553cb5adf98fcf0621bf611bde700d863b6a1a

/data/data/com.jiubang.goscreenlock/databases/ad_sdk.db-journal

MD5 eff38813665d3bf3e468cc4dd2eaccfb
SHA1 41cc0a4e13aac966b6762095df18e3e380522df1
SHA256 4ee7120aa5fdbb1ca48dfcd425f2d3c6c16ab4a386852f9af9f0334d6082f23a
SHA512 ce62933ac6061b3f5ec214739fb640ad0e2dc96ba9d2e25588df722e1367875c53175bae64c4bd40977594a6027fdde5b371d8bf8852c53a43f6c51ed208b602

/data/data/com.jiubang.goscreenlock/databases/ad_sdk.db

MD5 556b53fe0a07fbf1f43171f688acb4f6
SHA1 d622362900064de386be48e078ceff35933341d7
SHA256 134db696b5803492990cb3da413e0e0736e0e2612ebd39a60858ffa99d3ed23e
SHA512 e3b8b27ebf7b49a285bf8dfcf5b246680c64ca658de172387841e038f78a2bfb214ba2be6c829a6c102cd3932df38b70abf9ab45a41f81bf97f14d772be065fb

/data/data/com.jiubang.goscreenlock/app_zip_themes/com.jiubang.goscreenlock.theme.marx.zip

MD5 fe26335326e5a3caa7448cea3db8b2a1
SHA1 85aaa1b8cd6ad9184f9e96ab2cd5f2b55f702be4
SHA256 0a0a8d2821b8cefab00aa2f5d76323fbd59b4176ae1b10f1fb3dec461301f9f9
SHA512 0192d7c83b14abbf23b6b7d01e781c307f0400a76c0d314dbe6479271a5f21078ffdc855d002455c9e117d1dea70baf7020a8410325cb04680f5288c289861b5

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 11:40

Reported

2024-06-18 11:43

Platform

android-x64-arm64-20240611.1-en

Max time kernel

158s

Max time network

191s

Command Line

com.jiubang.goscreenlock:preview

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/bin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Reads the content of SMS inbox messages.

collection
Description Indicator Process Target
URI accessed for read content://sms/inbox N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.jiubang.goscreenlock:preview

android.process.acore

com.jiubang.goscreenlock:pushservice

com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 goupdate.3g.cn udp
CN 139.9.105.102:80 goupdate.3g.cn tcp
US 1.1.1.1:53 imupdate.3g.cn udp
US 69.28.57.141:8888 imupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 goload.wecloud.io udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 getgolog.3g.cn udp
CN 139.9.105.102:80 goupdate.3g.cn tcp
US 1.1.1.1:53 themestorelocker.goforandroid.com udp
US 1.1.1.1:53 adviap.goforandroid.com udp
HK 47.242.62.57:80 adviap.goforandroid.com tcp
HK 47.242.62.57:80 adviap.goforandroid.com tcp
HK 47.242.62.57:80 adviap.goforandroid.com tcp
US 1.1.1.1:53 newstoredata.goforandroid.com udp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
HK 47.242.62.57:80 adviap.goforandroid.com tcp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
CN 139.9.105.102:80 goupdate.3g.cn tcp
US 47.88.91.115:80 newstoredata.goforandroid.com tcp
HK 218.213.248.178:80 tcp
US 69.28.57.140:8888 imupdate.3g.cn tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
HK 218.213.248.178:80 tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
US 1.1.1.1:53 advoc.goforandroid.com udp
CN 139.9.188.168:80 goupdate.3g.cn tcp
HK 47.242.62.57:80 advoc.goforandroid.com tcp
HK 47.242.62.57:80 advoc.goforandroid.com tcp
HK 47.242.62.57:80 advoc.goforandroid.com tcp
CN 139.9.188.168:80 goupdate.3g.cn tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 142.250.179.238:443 tcp
GB 172.217.169.66:443 tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
CN 121.37.22.146:80 goupdate.3g.cn tcp
GB 216.58.201.100:443 www.google.com tcp
CN 139.9.193.166:80 goupdate.3g.cn tcp
HK 218.213.248.137:80 tcp
US 1.1.1.1:53 goupdate.3g.cn udp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp
CN 121.37.4.24:80 goupdate.3g.cn tcp

Files

/data/user/0/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 26d30de49324a1acfd2bfaa84e021243
SHA1 a4a88b108c637aa75545c444cef8252075e0d1c0
SHA256 5c650a57bc682a9d5d4072ab882618f6f10afae340376a0f722e1e00166e5df2
SHA512 1e74443fb3491ee664b51f4fbdef3cf8408ae4a753ea41bb389d034ffdbc1c3667d742e36a4d4eb01218f05595ef425059eb968a9a3b6ae42e86c9c6cb582cfa

/data/user/0/com.jiubang.goscreenlock/databases/golock_message_center_db

MD5 2ee73ab702f103dc797dafbfc9ded4b8
SHA1 8d47d332819df3437e25dc495ba81617d7cededb
SHA256 e9ccc2f18e70824836ad4e4176136257627036cc0c64695ba765d3915c9ebfbc
SHA512 fb2df010cfc74fef4562e48296345c7d7e1f113b370380efc6910b84750121c9d4e8628d3c6ae04ab9a5442deda41f674b13c27a6e82644c0ccdf65a2af782b0

/data/user/0/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 64bb0a50a02cd7a327413965841d274e
SHA1 204b100844953a1ad38f6aab5ea3031cb8c32b25
SHA256 0daab1460e6961c25c1e5a26502698acb20f0fb37e9cc96b94130dfea209c98b
SHA512 64e3e8fd36be153473627264785118b017d170cffab20919fe2fa4d1e7c006df7e72f9f05c1250405a6015c7f7092aae9350f8fc2e612490a141efd4258557a3

/data/user/0/com.jiubang.goscreenlock/databases/golock_message_center_db-journal

MD5 b06235d8dac3cab9cdc58bb1a9acca30
SHA1 c29f17147cedcef2568ba9c0a0321bc56387ce74
SHA256 8cfb2a5e8d92dffe1305f9f469672a9773d6f819b800de12ba0af25f23fb2496
SHA512 d13888cde7f25b1ccf8d781f70c2790e70939d55ddcb22e5578f9e42ebce37887a6ccea546ec11feba57c746a6fd7eae28d337ef4da7f1a2e0cda8de8c6c79d5

/data/user/0/com.jiubang.goscreenlock/databases/notify_calendar.db-journal

MD5 0d721f2b47515005e799f73eef369a25
SHA1 ab88e26b2dcfdc5f35872f74a01d84e6c0a5309e
SHA256 f72474c98771c2f7e5c4066cdef9e820de233157edad7f7d2c1177633ef74b3a
SHA512 fb96ade32e1c41318b01b2b12e0e28786c9f5d6fe9ab6af071ea8bd7a04f8b23f10046fdd2ed339dfe7b615bed935fd29475577a91296ecac9fdab596dfaa5dc

/data/user/0/com.jiubang.goscreenlock/databases/notify_calendar.db

MD5 3df75b0b38333175c41530da7fd9e50f
SHA1 deabf85d46f3e370cee5d18ed3c41e38bdcae473
SHA256 455ccc77445f90c819578bace2f863da6fb605a60d2200ca95e3de8afe947828
SHA512 66f2746b9a1ee25cfe2205a8b73104ce56323991796256311ea75cd03d4c28373d1b5852759629ca3df8f7cfa5408d9a09f5a406667ce88d088e887218e332ff

/data/user/0/com.jiubang.goscreenlock/databases/notify_calendar.db-journal

MD5 30f49b07478f3c89572114d5d0c64977
SHA1 1615173c68d5b1c4604d2cedb48995fb655c3bbd
SHA256 14f13452738f5a5271471be8d26f1b1cf86f8b13a6a4b73232c608090bdfdcb1
SHA512 3ed5c436de3e13e43b49be8f66b9f4e7fe206eec824bd863be87effd5ae9ce53803395b746acb594bed9efe3456f6e3093193f00fd70ce18a261149b12487ce2

/data/user/0/com.jiubang.goscreenlock/databases/notify_calendar.db-journal

MD5 a8f45e97e0c5db6b91a7b3cfb79067fd
SHA1 03a91fa2b9766ed16795fc2e1c33834f874375a8
SHA256 c974c2150a7be23d16bd88e9449692e9f5a24de4e75d694840494973612c174f
SHA512 31b6a82c7b1ab3d9a2436b7e297d192bb9885a98f4e300b7211f90f4ca50944e777669540be0dbf60b80b6a77c8990fee48f63b0036273a264314df9d1199b55

/data/user/0/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 21337aa475325bfc39b54b7db76c4e7d
SHA1 24fc072181a630becc430adf7527a884d817b1bd
SHA256 699bb7f79403c4b8cafa73b8ba60db8e024f43cd7c186929944c2ccd9c5a20d3
SHA512 4397c7fca476a515da4c78217d9f5bc176204d067470634f1de027b3b5ef2d558d9de65fe4ba1eec7aeabaf1e8103435eed66e82dc9e50e8b8a1a6267324952c

/data/user/0/com.jiubang.goscreenlock/databases/go_notifier.db

MD5 c6bdfd2b17db8796274e2ca1bb6f0e03
SHA1 f58c5420756dbfb47ebeae751d972dc4fc564669
SHA256 973e82508a04d3f42897a8d6acff84e47c91ec1b8b9b89fa44344cbb41aac8d4
SHA512 c64adb907efe9f6edfff679425dac124f364b2bb8cd0632a23efe65dde2f6cb270661d33d090f199d02fa413c4582a8b642afade441b823d30bb6ea62821191c

/data/user/0/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 b16a2ea07661c4be8b3d6deb02d08b99
SHA1 ed942de6f22322cfbd423537b59fba8a7d1d9494
SHA256 3220fdb213d94327b8cbc8f5751f141192ac827658c3610e6256061b42cc42fc
SHA512 d75c5ad5a981a1fdb67a784baf74284c545bd1a41bebfe06d842036a0998f3adf5eafbab7c87be5479fe8bbe1902c3be35f6a33f7c95aac3a32c5a4aacdc3b42

/data/user/0/com.jiubang.goscreenlock/databases/go_notifier.db-journal

MD5 9cfe1e66c221d2c9f759cb330831061f
SHA1 36f36b6b6b5cb04096f4b57ba0fd929e3e9cbcab
SHA256 432d84afe782157b2f02cd6fc441e2310356900bb8519e97d86449fce7cebaa9
SHA512 8b3c490f7f40f49c559a6e33bb1e1cfe351efaf20cf4af8eeaa36808b06cf2cbfc5ec35619aa08d50b904648826d63ad4549355b0c5bc6bc7fd1cd5a1c9ed47c

/data/user/0/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 c4d04e63385b02b5aa8a10dab3d3522f
SHA1 72da7fbd6892ba2bac0d7450b0353a274eb5b425
SHA256 a0065ffb8d376b1c27f6a1576d7214e80037fb1772413aaf9ce80a8eb7a941f3
SHA512 9103513c36361e2c6f837c5b8aa3a16ebe0adbc15ead6cc31c4cadb3f5a5bdaef12296c6c4221abe9cb76130ec5939cf443da928fb835552f6a518d380898dc6

/data/user/0/com.jiubang.goscreenlock/databases/weather.db

MD5 1c0b52a1259a15e3797558c57b7edc2a
SHA1 d396922ffab0f4f67d9a958515feeb1e16a54b3c
SHA256 d63114c96e80db07b1fa1efcbded9611449012bd7a1375d8095856a1e8121a4b
SHA512 68573b6f8129134da98e45f0bd80fad240a596f8870e4c888fa0ff86637f5f5b52a04073b6783c0e7f5be4108ee341715e130d1d5b32e60f005ebb53cec5b902

/data/user/0/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 695225bdbcd6abda644c14ccf460f315
SHA1 7e48d834c6664d1db183706c8e3084ace90c5265
SHA256 3997c36508105aba5c8384e38731335fdffbf5ecf2aecbc804dd7df10bda3894
SHA512 605652dff6ab6f8f44ebc7571ef74f129f7d339968dce3dda65640646c03fd0f2a1816387cb8ed83ab769c616a947b2ee78f3aef05a6180714439487015eed65

/data/user/0/com.jiubang.goscreenlock/databases/weather.db-journal

MD5 a77b2ac407f70e6e84da592836304edf
SHA1 ca3df1f57897f473124cbcfbceafd8041d542472
SHA256 21095e77003db2a8c9565fdd1c05d4c857ae9a01374250c9acf51a4734dae318
SHA512 5ffbea6cc9e7d66042fa24da0f3bf16110dd6790164d6e655627ba401fbc68384364bb56877be90fd517e9c34068337106df58aa51b7405518b8820bed6c3cd2

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 f599e6184355933295df92e2cee86ae6
SHA1 aed195f6d0ee9566d7623a5841e1a2bf4f8bbe7b
SHA256 2280bc252416ff982d40d937784ba880f2d74ffe65b0b71f5b4d9d27f2991771
SHA512 deadbf6f542a6f745c3a13f6391ae5e68d05118c5e0b0edf6c5a4fa335518b071831635a581bb3f78a609be89a56bbae729bbd03920bb0658a96af678aacd7e5

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db

MD5 dc64e08d286f52d394eea00fce5b2d3d
SHA1 2e326709b34915408c94783ccfdbba5cb53e895b
SHA256 ab4cb4e81d33564acad24818562619d1d0b9dd9abb961f6615b17855ca210cb1
SHA512 d78ff5c607215d309cade6a73eb5441b692cf69ae68828a7f22333209eadf3b5f71f37922a60520ccae85076d26fa2e6d3062ba09876dd557eb015ce46fc7474

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 7498ac2dca4aabc41a713774699a2bad
SHA1 410550953a9ffa14cb72657599143ebe75e28ec7
SHA256 71f752f362509bc49eea8f241903ed8c8b1caf9a0289c9de4741b197ca4bb349
SHA512 0eafa32cb0badb364d5c0420ca134f97f620864b9ccaa004d11202ff019b44ab4c511abc62b25c7d1a47ec55ce024d942c9271069cadf52237c857f3865c8d89

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 2eda4a753adc41c51495303c116a2239
SHA1 23456b80d8dd10a3a2f426c21fbcf671df8d36bc
SHA256 3871b10b7ae74eb3d57bffa61e997b0a5e191b232a48c3819726426dbce50998
SHA512 aa8a3cedb730defe99d21bdbc292a84134679e83d383dcd75cf11d8bff997958bbbbbc676275430166dcbc137a36adf25fef16e16e85cd27636fb69783ba7ccd

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 00fb36661b96d352251cf54ce783e216
SHA1 5e0e7ef455b81adae86d8969d07e9940548b9932
SHA256 e3f326b9507a353d484216763b8e4e2a025336a22044f778757f3acf6aec2e91
SHA512 4cd008b2e0c016b8ebe6356da9a790a9ccede6a27e27aae8d083a8b181cb705ca992a9fa4194c6641c2b1694ba3b0f9e386757ae28865e100b9651e93f64b442

/data/user/0/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 4a9c5fc8213fcce21ed3997356cbcc5e
SHA1 98d2a0c61ffea8324a656657ec8334e2ef186c0b
SHA256 dadde5167606f9ce6b2521604c5f8bc1fafee10fd74f39249bea0cfbf88ee721
SHA512 a6c3bfc1f818ec93f5352c48032c283429782585e26a8a1abc31c22671df4ab73ae5a0f888cb937a16721ba964d92a1ca9322a15953f7bdb439e179e64ba7c38

/data/user/0/com.jiubang.goscreenlock/databases/NewSetting.db

MD5 1de5746cab2f87e4e8a3eee7bb614dac
SHA1 bb615bb0f761e38b536c7454c5e6a8d3616ef8c1
SHA256 07b72473f39a4a369c46223b25016f1b32ff0b483552db08c536cc2653e15df5
SHA512 55e3b27bbf714adae8349687c64344200e05aaf1f172ea60a926b0a72a717e8af5f27fd9a19abc7adceb0ee17b7e8c300d69681aaf53875af5facf428515e17f

/data/user/0/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 97bd01f16eff57da7fb033382c1fb695
SHA1 55b610ddea9742004d55426bf568c4029420f8b1
SHA256 b4d32bc6f3fab2ed74453ad0ccd9afd3b9b17980e9de36ea5ba2c206719a1ab3
SHA512 2c3cadc6c7937b5d0af344baf87dd3b811a49ef999da4f8c3f4dff8b1411ca573a252743d88574f398d1eaf9f92fc89988bc6b7af711894090d391a2395e9b40

/data/user/0/com.jiubang.goscreenlock/databases/NewSetting.db-journal

MD5 41c148f5fca6dd9ccf2781707e56ba18
SHA1 f9526ffc3a66c2e00b7a5f9e272e352db8c6d29d
SHA256 a60304d851ee9545fda52b991fd9aeb718dd7ed779e2ff4715e81a281dbac5b3
SHA512 c093f19df33a02a766ef64dee91af38ce01ea6caea704b07fb56bf008a41d51ebaf0177cd7806e2323114a413241a8e59a2f1d5335ee1bb91c5ed4e7dd449738

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 38a07355f67074b5bde68be0244043d1
SHA1 10d8de346b0692c6c861ce64a3d905b0dcee0aa7
SHA256 52d814097d88373ddf1636827dcecf6e90b9fc02e08a33a25a7113f1e62aa5d4
SHA512 a1286ee6496c552ec1067240a6c5ba8bc3cdeed41a79f3ed5428958f45c24567d76b1390b5166251b8b152084d3b3d56a1e03ccbf739bfe94221448f1a2ac414

/data/user/0/com.jiubang.goscreenlock/databases/gostatistics_sdk.db-journal

MD5 d7cabe55727619267da5dcb4a519baf4
SHA1 812736ce9d909a46d6c285b1063be758d98d4042
SHA256 f643d00e5527ee3570fe6662d8bb12db7ea48ea315d903b401022553b583143c
SHA512 93dd89c727c6de0c966ac5567f7f66ea29c13645a8591fcc253cac94252129fa5a7e84a22ae038d41e02574026a6338b342f82bff1ad2f8b8fab5208455daeb8

/data/user/0/com.jiubang.goscreenlock/app_zip_themes/com.jiubang.goscreenlock.theme.marx.zip

MD5 fe26335326e5a3caa7448cea3db8b2a1
SHA1 85aaa1b8cd6ad9184f9e96ab2cd5f2b55f702be4
SHA256 0a0a8d2821b8cefab00aa2f5d76323fbd59b4176ae1b10f1fb3dec461301f9f9
SHA512 0192d7c83b14abbf23b6b7d01e781c307f0400a76c0d314dbe6479271a5f21078ffdc855d002455c9e117d1dea70baf7020a8410325cb04680f5288c289861b5

/storage/emulated/0/commerce/statistics/deviceId.txt

MD5 3ce08b9ffd0b5dc9ef46bb1bd99bf104
SHA1 e93376a0c03727f7a4da59d9f5a92d7ea07e3829
SHA256 988b4de9a903b2bf01acd7f4b43403d6b01d6f56dfbdbe59b14da95be2932d42
SHA512 916304d5216f2e68607891048db97b14e8671346565cad7c96ede8bbe80f4f271fa5f011e5325fa462c3e6399602bcb66b84e15d27889b9b3d81d061b32babb9