Malware Analysis Report

2024-10-19 13:10

Sample ID 240618-sabr8aycmf
Target bc888e0a545113b7caffd6affa1e2469_JaffaCakes118
SHA256 f08c7ae8ab6150b3f98e27ee85b6565dc97f501692bb40351b4e52e7540b7425
Tags
banker discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f08c7ae8ab6150b3f98e27ee85b6565dc97f501692bb40351b4e52e7540b7425

Threat Level: Likely malicious

The file bc888e0a545113b7caffd6affa1e2469_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Checks known Qemu files.

Loads dropped Dex/Jar

Checks known Qemu pipes.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Queries the mobile country code (MCC)

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 14:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-18 14:54

Reported

2024-06-18 14:55

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-18 14:54

Reported

2024-06-18 14:55

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-18 14:54

Reported

2024-06-18 14:55

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 14:54

Reported

2024-06-18 14:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

177s

Command Line

com.ccmlmv.bt.qipa

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Checks known Qemu files.

evasion
Description Indicator Process Target
N/A /sys/qemu_trace N/A N/A
N/A /sys/qemu_trace N/A N/A

Checks known Qemu pipes.

evasion
Description Indicator Process Target
N/A /dev/socket/qemud N/A N/A
N/A /dev/socket/qemud N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /storage/emulated/0/Sonnenblume/res.apk N/A N/A
N/A /storage/emulated/0/Sonnenblume/res.apk N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.ccmlmv.bt.qipa

cat /sys/block/mmcblk0/device/cid

com.snowfish.a.a.bg

cat /sys/block/mmcblk0/device/cid

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

/system/bin/cat /proc/cpuinfo

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ha.huosdk.com udp
US 1.1.1.1:53 service.1sdk.cn udp
US 1.1.1.1:53 ccml-cdn.hunanwan.com udp
CN 39.108.76.150:80 service.1sdk.cn tcp
CN 39.108.77.112:8443 ha.huosdk.com tcp
US 1.1.1.1:53 log.tbs.qq.com udp
HK 129.226.106.211:80 log.tbs.qq.com tcp
US 1.1.1.1:53 hv.huosdk.com udp
CN 39.108.77.112:443 hv.huosdk.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
CN 39.108.77.112:8443 hv.huosdk.com tcp
US 1.1.1.1:53 s3a.abusi.net udp
US 1.1.1.1:53 s3a.gg51mm.com udp
CN 47.100.198.247:80 service.1sdk.cn tcp
CN 39.108.76.150:80 service.1sdk.cn tcp
CN 47.100.198.247:80 service.1sdk.cn tcp
CN 39.108.76.150:80 service.1sdk.cn tcp
CN 47.100.198.247:80 service.1sdk.cn tcp

Files

/storage/emulated/0/Android/data/com.ccmlmv.bt.qipa/files/tbslog/tbslog.txt

MD5 7d756bbb5eb5b96338abcadf591616eb
SHA1 1d7593e67a896841317c8137d56f529c54b3d344
SHA256 47520a48e1bcbcd6965cb9cd193f95795fa3eb70ada9911fa8f327bf2ea8fdf7
SHA512 6d1b8c9635896020e0e7fe7dd3a3d54f1a65730b4b21aa8c4c5b12b6d52f2d526d5afbf27c5ba3b72904c66bc36444ef43244225e0bca1b68a7b7dce92cf8cae

/data/data/com.ccmlmv.bt.qipa/app_tbs/core_private/debug.conf

MD5 60daed37806cd7d34713455dde11cd5e
SHA1 2ebef52009949c9581695f35caba7ef5fe7a0cd0
SHA256 cc41a8e74ae0c84aa80d681988e1e491a36d38f734722fbdde139f57215f9629
SHA512 ad6b5a56070fc000517bc3ba08677186e13b8b0a980c4c5935ed3ec32f674cda38437760d8c86937963c71f92e6ed60502d4e92ff6ad1afe2dc65febd06242e6

/data/data/com.ccmlmv.bt.qipa/databases/outdbName.db-journal

MD5 e64d61ec3ff5caf2a2c2358b96c44ad8
SHA1 23d3c39ee0244608bb1d185b7dea0e1e902d9d0d
SHA256 5696fd0d8a2e4a62517a73cf01c0fff032b3b252e3b63c5af5ac5d95b3513eac
SHA512 972440de8a5f7e552e0da656f6b267845594a3d92b8ab7d486c9f8761a3fe7167e70b433a28f7097233416d733e71a4417f0e15a92d72b27f2bab1b181664d37

/data/data/com.ccmlmv.bt.qipa/databases/outdbName.db

MD5 b8e19b846c946577684b831e6e441f6a
SHA1 bbd7c10a06170b10ae9c1b37a88329f79564c537
SHA256 5bececadeaa9df739ae6d1afaaee0dfe335c64322dc381356263cd21ab7e04c7
SHA512 4a70e5723dfefd701aebf9ac3b6f90f27636056001e393c2abea4c6c62c0d3689dadf570b681f026794ea6d7e0e647cb2721a4f6d770cd833aac6c9472c93b6d

/data/data/com.ccmlmv.bt.qipa/databases/outdbName.db-shm

MD5 eeec7d0f0662023408426c9fae4dbff5
SHA1 5b69a5824b3a30ee7a087514f4f980b662753eec
SHA256 43e2982f655d0dac1c3294e555cf79a5483df92c02cbe7d0f42af3e0b30626b4
SHA512 6c4728018b2a636cd8a44fc7b7f8a886d3342bce39d06317d2db5c54edda9c3f813d633de012cb11e7f6cdba3f81fce945b4b7aa0aa76944babbf43f75a7515d

/data/data/com.ccmlmv.bt.qipa/databases/outdbName.db-wal

MD5 3fbfc0708586554d74c339f74ca4becb
SHA1 4264d39e621eee0ce185b88263b458bdc2f07251
SHA256 5e4c2a455502e94ece8b35c41a3d579a030636398102e4e398cc260bc15a6a95
SHA512 7fb85042b41b8a66d7e43a2b3ffd6cc28d3943416ef09c29ef5fd8167e0a4b4a2e4e2c406f79bc9c75af48f2452d4ce47b3bc7051709aa027a7090364e8b03a1

/storage/emulated/0/system_hs/303/outdbName.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/storage/emulated/0/system_hs/303/outdbName.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/storage/emulated/0/system_hs/303/outdbName.db-wal

MD5 1b47fefa9064540f411a4033e76e1d1a
SHA1 d61c7546966ec08429b490ccb1d61a80b9f55a36
SHA256 7ed9e8478060724f1aad5ca40482375393e419691ccbb6bd4517e445e30fc365
SHA512 ce15ec590847b860a7f726dfce0e4afce7d26538b2ad45b9d72c695432fcf0faf614bbc92406012a5002470cf320d3e62675da159f1fb65443113bfda62901d4

/storage/emulated/0/system_hs/303/outdbName.db

MD5 f0435e4bc312d52a610c6676995f5c2b
SHA1 55865f134f41f2e70a238801da49304f678a85fb
SHA256 326c2b61791a76d81bd10fb51e43f2a7555a90a49c4806191d6a6a5faf001284
SHA512 a37bae40cb01bf2004d0f2b95e88fc28d731cffed62e8c8f4f98e89d550ce669b86b316882bc9121caee4bb16067d9e2edcf7b60a5fdb2dc8fea81ccf991b254

/storage/emulated/0/Sonnenblume/res.apk.u

MD5 dafb7d4b90ea8d376128c625183dd9ad
SHA1 883c9b0586e740e9fb976d27a437e84fc26e92fd
SHA256 07be7e035e50b372d700b7cc148515a26b0775b2b485e50895988753fe24b12b
SHA512 56deefb30f358f2d404c93725f331374f0878b8121d95412ab1b1299364b2eea2b7fe179e21bbe96f4076300556a09f55825118ff67b401504c2f3b82af6b13b

/storage/emulated/0/Sonnenblume/res.apk

MD5 2639a7fafd82266d6313f59ac1c927cd
SHA1 1a0d135ed060c236ec35aedf25ae2b481e0c226f
SHA256 e653eba8ee86ca07139b427c3366b10245abb9e694db6412a1811726381830f2
SHA512 e0578d5369a81710ee3ccb2b5dfe5633e830caba079f41761fff94480ff7b33fd965aaa75a17b839e377a640404a2aff2b4c503ebf06a8c78f428541ef60c00e

/data/data/com.ccmlmv.bt.qipa/files/st_database.db-journal

MD5 3e64c04152410a75a65eeb4d3c27335f
SHA1 42c6319090cada2f543bf5fd6d7cb239d9def9a4
SHA256 e9b0a577ced015392becb661dd2b19b6495f2a3df373ded1c1e4c18850feed83
SHA512 39ec2c97c66e80ebf23a06f834b953f8c831c633c409795108e59c3b883beb522638225a92915ddabcf19a353edfc2c0ea98c09b7196ef8e2e38ebfe8402038b

/data/data/com.ccmlmv.bt.qipa/files/st_database.db

MD5 93784b7966cd3e0d8815ad13ea54637a
SHA1 2ce58a6d23b311290ca3e23123dc92cd0a1da879
SHA256 c38deb59c30d4452a8f9a77f1d12e91f3e7c4353e741c2f61dbb45d859a80757
SHA512 1679342a7c54cde5c56ed5e36173d35a87ce3d00aff888c504ab8c1c344ca26044a51ab270a1363effc84f2f0e272505ecb5449e34f25126ca929ce40e5878a4

/data/data/com.ccmlmv.bt.qipa/files/st_database.db-wal

MD5 cb0e4efd0c5c58dcc311037933007128
SHA1 0c29e9c18ff0c7a076aa826e456b4045be4af044
SHA256 8dedf9fba7a4e54b74ea7d98bd21ccb79ddb66d0f62c0b4633ac12f0b5d636b9
SHA512 84715e41002e0c9212007dc5e8478bbc6b2db383c4ee40479e102dd1f9275fc853befc216d785f63fdd6959299a05e531db22271326ece4406d848662483b6d0

/data/data/com.ccmlmv.bt.qipa/files/duration

MD5 acf2c679193d75f79b132c223220cb5d
SHA1 369da0b6124de16626e89990aad9c15eea1abfd8
SHA256 479d653f79dce2518263f1dcd77fa978c11ef8f5a13bc31340c1bfc405c45a04
SHA512 54baa073291a23ffa86abc7ed6888aec9516f54e31d0796aa39bbf3d071c209e2e23b600aff0d3a2b0021fe92034952d3bed5cfdeb528a4d162b1df71bfde3b6

/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66

MD5 b4b681f1107aee036969ff68bccaa306
SHA1 d2a955420ad20716b741d65ba4232e2a1f6bc9fb
SHA256 dd66b1556a0068a39aa530bb745c6d9c0155f3f4eddebdde2c2cbe93f52222e9
SHA512 18438d2f3533ad02e8ebb98e8736b3c84fc373346775594f3b7563f82916bfb7a9dfdaba8bc0a86689280e73944ccac615cd904a21656705ef33b5752f91659a

/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

MD5 f0bcbe1610292cdeb09264918489ba36
SHA1 0bf4c00873fc0f08653d74c0c3fcf7e3b4140613
SHA256 f8bad47db94ba19064810672257dba535de23ca8e041ed289a45e6bd6d5d0ea7
SHA512 e91b8bc1f20c1373fd48bbb1e62e2d9d9df0c60e142e287a23299b1d4cb9a948ea921d3ca24c7b634ab6884c8070502c5cdb077c1e45663577abadabd0aba829

/storage/emulated/0/Sonnenblume/kb_sn.ini

MD5 2d91d4402bf1f27d15a9e13db64c4350
SHA1 9e76d3102066b03c2317d8735b1de39b02f17dd4
SHA256 65b1bb2e677dcd0acbe9061e0051c63b38b2940058ec0a9c8281443ef7864bc2
SHA512 fe02b350a3cd9a1da3365b20e454352734222c68706457398d0b19a989173f0f266614f2b1eb6a9ed4f7cdf81b9a42ee2d3d066dd4c2434c02edaeadfcf2be60

/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

MD5 43eb7377588643635787e469d42bb5d0
SHA1 7bb3f867d92d15d925e8f79e60dba775091d0538
SHA256 b714d96842e9bb811c0ac96f4964a769bc3693980e2c3184fa9b4b4edfd5c29d
SHA512 6016c86f557779c333acb9c91553072524cba734e187c990d8872d2122d27fc63a16945112001f246a0ba8ec56ed663d74ac3197cb77b33d4d1cefe2c5c0099c

/data/data/com.ccmlmv.bt.qipa/files/duration

MD5 4f7b676071a679ee0eab019fb80a0423
SHA1 7d98d7ab5592bd481234dbad95a6a3f28a172303
SHA256 fea87e9f21676e9e96e5ae9610e5a55e8f9bf651d59188eb02de5a86aec672b6
SHA512 5540a8b011b85cc630371efbfff14c258cad2d0025ce6f34489900c098c2dd27217b753a0e46317db1c50119b028d195714c6936a83d45cff8bb463c893b1f75

/data/data/com.ccmlmv.bt.qipa/files/duration

MD5 e2a30270d0eee3ffd5b06dcc319c3792
SHA1 ab8cbd49e5a17b1ad76af30d202e1209b2f7558b
SHA256 8675d81387b6d3692c0f8bb6a7d8248027a002dfd1d449b1fb5d80ff40163794
SHA512 ba93b0235f16025015b36f1087848a3d36e7c9a4033ff8a0f9a18ed473c1c3486a530f77201daa2f2c752df5df816a2b97fb98b228f0ac83a1673f3da1362887

/data/data/com.ccmlmv.bt.qipa/files/duration

MD5 e081e28b8b2e89cb2178f0fc36845dd1
SHA1 ed36542b955431169481411305aaa86b4265533e
SHA256 406748a630ba86629c35f27b64d54e40edc130824548cba4953b8e47253523b2
SHA512 22bab77c5b49f016995a3933cf13cf50e92503845941389ba898e3c9b7388d9b0e9b3aa5910561e0c125f38fb21822c3124b199dfbd73ff2df923e3bbc179940

/data/data/com.ccmlmv.bt.qipa/files/duration

MD5 703eb48af8ae15dda0456d61d52cdf07
SHA1 4e0d7381f7496245a1b23da349778d4bd1d607ad
SHA256 80e523518738e8d106923f8d52686222a6d5e1a6e1ea8057af9db49b12402cbd
SHA512 c17e4bb19dc3f1fef689c8d05e9eb593e7561564e7038a87a3a70ea7e872eba96a59c96653fd99893e1b01eca5ea4a9b3bb97d3f23b2a3b1146868eccefc4191

/data/data/com.ccmlmv.bt.qipa/files/duration

MD5 e2b2a07b29c63d0881c7ae291a44a291
SHA1 536d60471a97960efa3ac083cf2aeb068cf04c32
SHA256 75ea772044c1f4430395f0cc70d6df1c0b87e242d5d4b764232c8afe5bbc129c
SHA512 ef014828da6e2fe468974592669a10077d6aa431440fe844c15c99a105769352aab9f29f3c819b13ebe0a45912545d0768a4bf88f00668dc5c6cfaa3a4998a66

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 14:54

Reported

2024-06-18 14:58

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

133s

Command Line

com.ccmlmv.bt.qipa

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.ccmlmv.bt.qipa

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.200.3:443 tcp
US 172.64.41.3:443 udp
GB 142.250.200.3:443 udp
GB 172.217.169.68:443 udp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.179.234:443 remoteprovisioning.googleapis.com tcp

Files

/storage/emulated/0/Android/data/com.ccmlmv.bt.qipa/files/tbslog/tbslog.txt (deleted)

MD5 aca65512d569ca12c1b925ad488c2f34
SHA1 abd729c6c9de0980acc7f8d56fa2406ed75c9fc3
SHA256 a2ae14f5152803f029295f0d53eac431a0e2a0f72b022774174fd3c3c3037a5b
SHA512 3c3c7305cac5b73bdb9e2d03e2d4775368af2e89786554003c0f97eb128a5a4c74091b01ce2e7be8fe23c0d8148e6ab06e0a3571605260616bc7b5963cfe035f