Malware Analysis Report

2024-10-19 12:58

Sample ID 240819-1xtwbayaph
Target 482e7b4b89d80928533147b899800902a7ced13c40b88c2ff61eb998fa12f831.bin
SHA256 482e7b4b89d80928533147b899800902a7ced13c40b88c2ff61eb998fa12f831
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

482e7b4b89d80928533147b899800902a7ced13c40b88c2ff61eb998fa12f831

Threat Level: Known bad

The file 482e7b4b89d80928533147b899800902a7ced13c40b88c2ff61eb998fa12f831.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo payload

Octo

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

Makes use of the framework's foreground persistence service

Reads information about phone network operator.

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Requests accessing notifications (often used to intercept notifications before users become aware).

Performs UI accessibility actions on behalf of the user

Declares services with permission to bind to the system

Attempts to obfuscate APK file format

Queries the mobile country code (MCC)

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests modifying system settings.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-19 22:02

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Required to be able to advertise and connect to nearby devices via Wi-Fi. android.permission.NEARBY_WIFI_DEVICES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Required to be able to advertise to nearby Bluetooth devices. android.permission.BLUETOOTH_ADVERTISE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to access any geographic locations persisted in the user's shared collection. android.permission.ACCESS_MEDIA_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-19 22:02

Reported

2024-08-19 22:16

Platform

android-x86-arm-20240624-en

Max time kernel

70s

Max time network

160s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.nameown12/app_walk/pjDJWA.json N/A N/A
N/A /data/user/0/com.nameown12/app_walk/pjDJWA.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.nameown12/app_walk/pjDJWA.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.nameown12/app_walk/oat/x86/pjDJWA.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 tnisvsorupssazussxehome.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 tisavoraktsstumahozexe.xyz udp
US 208.95.112.1:80 www.ip-api.com tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 1.1.1.1:53 jtsekirvsorsaapumssssahaxe.xyz udp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp

Files

/data/data/com.nameown12/app_walk/pjDJWA.json

MD5 5a44b70792981de017e9aeb54a6fad1e
SHA1 9aac5710bb289059ee2b1eaf0ac620c017285a2e
SHA256 23e9b1c571397c045cf66badac462b1062662fe2ffaed9ec14db8dc303f1611e
SHA512 b6e113a3a2431530d442d2679662e7824f3eb747645f3b7a606d3b0593e5991a1ab15e5be362253a63b52e737fdb005f457c49e4990eb571ef1e3baf715b3fd6

/data/data/com.nameown12/app_walk/pjDJWA.json

MD5 fb5c5470d3d9bcd94d641c8d8593f180
SHA1 9f201ace3846ace157cba2853adfabf7d539c729
SHA256 e66c48ecff259a1afd351b3af27b2a999efc82ed45e46f62dba0b0e737aa2b26
SHA512 495dc465058dbadfb11849e812d7698924e2def3a552ef55278708bd5681ef54ba7a1a6e9297a140b259a1d6233a2f764eace613366ce4f903b96b555e9e0f50

/data/user/0/com.nameown12/app_walk/pjDJWA.json

MD5 e291163350f96f70af3023c14c198dd4
SHA1 8f685825eac76c884ca0881ce0672b8030fa67eb
SHA256 8653a4b8a094b80d424ca9c04ea6cb6f79e0a64fbcb6e26bd94a1d349cd31fff
SHA512 2bfc3aa09adb70859527b11cd73b8898b8d625d770bef80bf4a4188a24825d16dbe1eb0ee6ee52445c131f8c191c2b5f7ad4032dbe30aa59694596e2ecb70ec9

/data/user/0/com.nameown12/app_walk/pjDJWA.json

MD5 76bc155a2988f9b8b404123314f36632
SHA1 ef61a2f2333083e58baf5110864ef44fead3ce94
SHA256 7f3ef59142fa2e0bfe506cc19dd6e802cff13a94c7c529aa543f9fef49552899
SHA512 a89fa2016b33e8fd896c1840a83b0750addfc5b408da5dc64fbc38fb936a73417b2d7d641a1bee5a9b4f8844684002920962d1f707569cf2ff341ba151bc65cf

/data/data/com.nameown12/kl.txt

MD5 848de50dfacf1603997e101539f817b9
SHA1 1997118791cfcae9701e7e5a61d440607f3cc1ac
SHA256 3cb5e22c43eb5f65f1a78c49d57c932df636e05516f8d61f47eb7ff722afa424
SHA512 8a7d8197d1c79b46a4fc0b52294f0013ac126ddc48bf9ef344e820a679770d15196c8a1d13fe2b27e6131b1b2c9def9a8d88b3d615c27a99ff28ba34deeded2c

/data/data/com.nameown12/kl.txt

MD5 bbe1cd5e5b0099c0b9100136969058b8
SHA1 475ac13e033b2c736056b64bcb63b0e686be6b9b
SHA256 7828c010b0e2922e2f5e3ec8be3b2a2c043c709c11b23678bbf127da2b41b779
SHA512 bc809eed66dd0bb691cdf8493e39c5a93e2581afea470acce0e0463b8d888527cc52aeeed23440c5dc545adbd3fcc97ee1b54511bdeb78f91a392581b3a2ef05

/data/data/com.nameown12/kl.txt

MD5 3408d1bd66e5ec5360b12cfff948d8db
SHA1 090e263d4643b566a20499a734b80af3d4a1f1b2
SHA256 4f38df56066e3e2f69c0e9fdf64d8478613bbe154326e7ae32515dadb245d47d
SHA512 4f79abe33be697a29d652935c4cef08374db5e65ce2827f85b133f47584c201a0d77416866266c1d66452e15a0c2bc1a49e513d681f7cda618a7168688a3e844

/data/data/com.nameown12/kl.txt

MD5 58c87ec42000e53db53856afd2bc430d
SHA1 ef76a1c4c936b1d2577b022a89f35ebba4922802
SHA256 c40bfc3a0aa624d925177226c0917fd667bd4a910198d22bad34e6afef0c7880
SHA512 b7fae6263effd7749aaf3c2b27ef86835139d4762f0942169833fee0e2b55f5d4dac3885e08373caf8d8e1d2d41da120b2a814e30eeb8befdf6231b5425d1bd2

/data/data/com.nameown12/kl.txt

MD5 b6e6f5da4d8c32848e7f1eb4a82ade40
SHA1 3ed4dfca79ac223e0cdbfcd88240e0f7905ebce8
SHA256 60d4627f4a90cd197155902d162ad8105797945e7f582fdb8cdcb842f1203cc9
SHA512 b3ef819d00f88e1614b117748ddd145c3eef48ee8b5f2b9e94144b03b449cc22c6f5db22fd883cedf173221b7a32779f8656edc25560ee2dc583e772642f8fc2

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-19 22:02

Reported

2024-08-19 22:16

Platform

android-x64-20240624-en

Max time kernel

178s

Max time network

160s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.nameown12/app_walk/pjDJWA.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 rasoasoraktssaaadsadazexe.xyz udp
US 1.1.1.1:53 zekurapssoymaivssuheno.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 lssaeweamnanass.xyz udp
US 1.1.1.1:53 tnisvsorupssazussxehome.xyz udp
US 1.1.1.1:53 tisavoraktsstumahozexe.xyz udp
US 1.1.1.1:53 jtsekirvsorsaapumssssahaxe.xyz udp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp
GB 216.58.212.206:443 tcp
GB 142.250.200.2:443 tcp
US 154.216.20.240:443 tisavoraktsstumahozexe.xyz tcp

Files

/data/data/com.nameown12/app_walk/pjDJWA.json

MD5 5a44b70792981de017e9aeb54a6fad1e
SHA1 9aac5710bb289059ee2b1eaf0ac620c017285a2e
SHA256 23e9b1c571397c045cf66badac462b1062662fe2ffaed9ec14db8dc303f1611e
SHA512 b6e113a3a2431530d442d2679662e7824f3eb747645f3b7a606d3b0593e5991a1ab15e5be362253a63b52e737fdb005f457c49e4990eb571ef1e3baf715b3fd6

/data/data/com.nameown12/app_walk/pjDJWA.json

MD5 fb5c5470d3d9bcd94d641c8d8593f180
SHA1 9f201ace3846ace157cba2853adfabf7d539c729
SHA256 e66c48ecff259a1afd351b3af27b2a999efc82ed45e46f62dba0b0e737aa2b26
SHA512 495dc465058dbadfb11849e812d7698924e2def3a552ef55278708bd5681ef54ba7a1a6e9297a140b259a1d6233a2f764eace613366ce4f903b96b555e9e0f50

/data/user/0/com.nameown12/app_walk/pjDJWA.json

MD5 e291163350f96f70af3023c14c198dd4
SHA1 8f685825eac76c884ca0881ce0672b8030fa67eb
SHA256 8653a4b8a094b80d424ca9c04ea6cb6f79e0a64fbcb6e26bd94a1d349cd31fff
SHA512 2bfc3aa09adb70859527b11cd73b8898b8d625d770bef80bf4a4188a24825d16dbe1eb0ee6ee52445c131f8c191c2b5f7ad4032dbe30aa59694596e2ecb70ec9

/data/data/com.nameown12/kl.txt

MD5 d8dc6c451ed2ca763ef102111dd7f48d
SHA1 6723bd09f04a27a57ea7bd496e4e6f117facdaf9
SHA256 f22fb9f8cf6783c0352abd2e540cec526e2a40a72dd90c322781612348c1e571
SHA512 ca007520b0f03de731e016bc92f393d0071fe3a2961caade950638fc6eea5bb09e764b6946331e998720ed9ea426d27f1180c4d230f7d6ad44457558fbe513c5

/data/data/com.nameown12/kl.txt

MD5 c6bb37907151e9f2e87aa17db6fafe75
SHA1 b6ebb6071407a751735946db8c02afccb93d34b3
SHA256 5f3301d43a7c08bb57617192c9bec6ab8bb3b3fccc88c109d1253148a12520f5
SHA512 395d2acfe8e0b989497274d83428a34a5dd92a4835b333db4dfbd1377e390865ad13a43c1e63db974f1c4ea266e177d8382e4738c8edd80581a8323d73c3747b

/data/data/com.nameown12/kl.txt

MD5 59c43034bbad901a2f7cb2711e730ba3
SHA1 6d9d484e3ef690582061a8c0535903631ae124c8
SHA256 e63f3dd286994dba9f62ce3a266fef61f43a9c3cdeab99fa7cd0eb6991aac4ed
SHA512 9a53d0aa787d46e8255c7c8bf0fed9cd5698276d7ef7d0c3a45c2f5fcf9a31a461c1acc6d7e6692956182f08b34e9500159c7bd1c9b03e19799c4ea6a3df1b7a

/data/data/com.nameown12/kl.txt

MD5 ae808d75c90cd9371996f9d4c05787d9
SHA1 607180a489a930d5cc5747afd148f2204af73ab4
SHA256 c3c6fae5001b464cd1bd6560d7f2845f9bb61de869d8298253fec0bbe392e3af
SHA512 9285728a44275d4fa3111b904737e40a4af8e748a67c257a274b416b16dd82a2bb2d15f19fe63923ff9e514208769c864b0c35c0a9c8639dda88a16235820ad9

/data/data/com.nameown12/kl.txt

MD5 60689e246aff3209cee92432c811fbf7
SHA1 61de385da2852416714c1a29aa8e72f495d0670a
SHA256 62a67c37004b8b0d6320c5b0fa15697eec64b5893d5921f72d8adaee5bd0f20e
SHA512 a5bbf9fa14eaf3d9e0f05c046afd7bf2bd864fc84cc46560a6a7913e6cb03e8d44f8cd10b435f00a6535ecf22fc9220724a7cbe7039c53d9348cc984af0fa45e

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c