Malware Analysis Report

2025-05-28 18:46

Sample ID 241103-f48mtsyphn
Target 89d6c2a127f7c9ddf6a6ec6da574f93f_JaffaCakes118
SHA256 5c7d3f0cd0b7678fc3f328f2be39d8418875e9d9e77515c67d310fa9a5c51e10
Tags
collection discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5c7d3f0cd0b7678fc3f328f2be39d8418875e9d9e77515c67d310fa9a5c51e10

Threat Level: Likely malicious

The file 89d6c2a127f7c9ddf6a6ec6da574f93f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Requests cell location

Queries information about the current nearby Wi-Fi networks

Checks Qemu related system properties.

Queries information about running processes on the device

Checks Android system properties for emulator presence.

Queries information about active data network

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Reads information about phone network operator.

Requests dangerous framework permissions

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 05:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-03 05:26

Reported

2024-11-03 05:29

Platform

android-x64-20240910-en

Max time kernel

1s

Max time network

150s

Command Line

com.libin.wealth

Signatures

N/A

Processes

com.libin.wealth

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.180.14:443 tcp
GB 216.58.212.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 05:26

Reported

2024-11-03 05:29

Platform

android-x86-arm-20240624-en

Max time kernel

148s

Max time network

153s

Command Line

com.libin.wealth

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.bootloader N/A N/A
Accessed system property key: ro.bootmode N/A N/A
Accessed system property key: ro.hardware N/A N/A
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.product.model N/A N/A
Accessed system property key: ro.product.name N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: init.svc.qemud N/A N/A
Accessed system property key: init.svc.qemu-props N/A N/A
Accessed system property key: qemu.hw.mainkeys N/A N/A
Accessed system property key: qemu.sf.fake_camera N/A N/A
Accessed system property key: ro.kernel.android.qemud N/A N/A
Accessed system property key: ro.kernel.qemu.gles N/A N/A
Accessed system property key: ro.kernel.qemu N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/com.libin.wealth/.jiagu/classes.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/classes.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/tmp.dex N/A N/A
N/A /data/data/com.libin.wealth/.jiagu/tmp.dex N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

Description Indicator Process Target
N/A s.appjiagu.com N/A N/A
N/A b.appjiagu.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.libin.wealth

chmod 755 /data/data/com.libin.wealth/.jiagu/libjiagu.so

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.libin.wealth/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.libin.wealth/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.libin.wealth:channel

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.libin.wealth/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

sh -c ps

ps

ps daemonsu

ps | grep su

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex --dex-file=/data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.libin.wealth/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sec.umeng.com udp
CN 203.119.169.238:443 sec.umeng.com tcp
US 1.1.1.1:53 log.umsns.com udp
CN 203.119.169.238:443 sec.umeng.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
US 1.1.1.1:53 umengacs.m.taobao.com udp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 amdc.m.taobao.com udp
HK 47.246.103.10:443 amdc.m.taobao.com tcp
US 1.1.1.1:53 ulogs.umeng.com udp
CN 223.109.148.178:443 ulogs.umeng.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 203.119.169.238:443 sec.umeng.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 59.82.29.162:80 log.umsns.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 s.appjiagu.com udp
US 104.192.110.60:80 s.appjiagu.com tcp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
US 1.1.1.1:53 umengjmacs.m.taobao.com udp
CN 123.183.232.17:80 umengjmacs.m.taobao.com tcp
HK 47.246.103.10:443 amdc.m.taobao.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
HK 47.246.103.10:443 amdc.m.taobao.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
US 1.1.1.1:53 plbslog.umeng.com udp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 223.109.148.141:443 ulogs.umeng.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 sec.umeng.com udp
CN 203.119.169.175:443 sec.umeng.com tcp
CN 203.119.169.175:443 sec.umeng.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 59.82.29.163:80 log.umsns.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
US 1.1.1.1:53 b.appjiagu.com udp
CN 180.163.249.208:80 b.appjiagu.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 106.63.25.33:80 b.appjiagu.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 36.156.202.78:443 plbslog.umeng.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 223.109.148.176:443 ulogs.umeng.com tcp
CN 110.253.189.208:443 umengacs.m.taobao.com tcp
CN 123.183.232.17:80 umengjmacs.m.taobao.com tcp
CN 59.82.29.248:80 log.umsns.com tcp
CN 203.119.169.175:443 sec.umeng.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 223.109.148.130:443 ulogs.umeng.com tcp
CN 59.82.29.249:80 log.umsns.com tcp
CN 123.183.232.17:80 umengjmacs.m.taobao.com tcp
CN 59.82.31.154:80 log.umsns.com tcp
CN 203.119.169.175:443 sec.umeng.com tcp
CN 223.109.148.179:443 ulogs.umeng.com tcp
CN 59.82.31.154:80 log.umsns.com tcp

Files

/data/data/com.libin.wealth/.jiagu/libjiagu.so

MD5 e5a53000766ebc433b27d6a66ec4f555
SHA1 2c8f53f1c03aec2005bcad67d731f07261dabde0
SHA256 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

/data/data/com.libin.wealth/.jiagu/classes.dex

MD5 1844b080ea9012c2fe191ee9e6fc8999
SHA1 41d76d71bd077c52a595324318d2f5ea88d7077c
SHA256 ee6eb4571e750887efbf0a5d0941dae8dfc05c8480be2599c68af94d15b28065
SHA512 7f113112fdbce66d58a8035adbf58d04290bfbc3b5389539b703daf29598c60c43dca43c0da5931fee26cc7bddacad1e59b8ef935d40f543a2ea31b1f49cf345

/data/data/com.libin.wealth/.jiagu/classes.dex

MD5 da20e18e47e6be0df376f94858bc09e3
SHA1 9a79cf7d62b7931989c02b5964daa121444764e1
SHA256 d706e8e1b139b7f3c315d18741aaac09e7cd93e2afc5066bfba014339a624803
SHA512 1fe24ec55a94f3ece3711bdbe6aebc599640a341fc52bd0688da5992fe6f351f694f880e472b4c125afbb162747d787244bcb891565fcd5a381688df64c55f9d

/data/data/com.libin.wealth/.jiagu/classes.dex!classes2.dex

MD5 e3a154f700d14b0e2ffa9545d9e85e1b
SHA1 0e8543fbb086468e6342dff4979f8fc0f45aebd8
SHA256 470e4dc2dc74405e86d14ccfb547301dfb17eb8572709db9bf9ec6af0ed3fb0c
SHA512 e77a14a79c25fd9c2c7ece695906320c407d23abbb42ad22f77b874336a96e886fbcb8700d8bb177976d10bdf318bd3fa0ac8000a3f605a50472b3c01d02a2bd

/data/data/com.libin.wealth/.jiagu/tmp.dex

MD5 f1771b68f5f9b168b79ff59ae2daabe4
SHA1 0df6a835559f5c99670214a12700e7d8c28e5a42
SHA256 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512 dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

/data/data/com.libin.wealth/files/.jglogs/.jg.ri

MD5 acbf2728f2cd2b1c30f0b6c0722ea701
SHA1 18aa099ecdc1962931055b7d152611b873e6d970
SHA256 3411ee8ca2bb4374ee38b2037e1d7f5e4464d3540d3f27c46a015a6029b9db03
SHA512 5d8b7cb1664e554bf58c380546c1ba646049ffabd69b69680a584c20c39d998dfde57b5eaadfe1739a0aacf6c91b295c14f28dea880c8e9069dd80dfd5dee5e4

/data/data/com.libin.wealth/files/.jiagu.lock

MD5 0dabf926bb9007448d68e011420a6676
SHA1 cd99a9db1222555c21f87cf1bcbd462b38dce129
SHA256 75e6ed82ecb9d5ec0aa6fa9a4314ab9dca5cd3e7773955d1abc6228a8231790c
SHA512 77cae6fc3ef6f230c29e7e3840157b80351870538b719cc693f2fb2cd90e31fc6c461f376057518f55e923bbf81dbc6ff0ed6c407b0bffb156d7b3076a8e4ac7

/data/data/com.libin.wealth/files/.jglogs/.jg.ac

MD5 a871e9ae9c77a674a33fbf254cf4cef9
SHA1 8084795e0474ba518adbdc488d53c4fc754b502f
SHA256 5d0ac44be7b5f99d33f6cb4f60401b09941f9d5efa61e14896736fc1dfd89869
SHA512 27daa792430d468f4cb0c3e567724610cc7a692d8c6f239be62cf356c0fe33a112cc50127c74dc89968f7822d63d50d4d42c3a806be42b4f26158c92676c2152

/data/data/com.libin.wealth/files/.jglogs/.jg.ic

MD5 9f163e36cd5e0106857b9ddb1282cb92
SHA1 f39c2c8a114a57998108bca2c3e189fe3b91757d
SHA256 a5ca9dc8a5ffe57d283aa128b9386e05e68d88750f4e6df7ea6e0b5f5d3ae1e1
SHA512 88cd97f1cff10964ec877816469a89f431e823db2032f3a92c401fce7409dc2d97fc9884beaece982f76883b9cd840eee865f2be27b2ceb3af5b5b5428cbcb5c

/data/data/com.libin.wealth/files/.jglogs/.jg.di

MD5 97312726f7a5c912b7edcf1c2bb9600f
SHA1 7c132fa0c8162c7080dfeda76b2381caab3ed547
SHA256 687403a874ae8d19897ec628f569d945f090437381ea469f892da8a3060e1ded
SHA512 d964ede826ba943982ff200b1b65f0c28d643dde6a56e9547a803d010c8e8934978c25d36e08412cd07913bfb71bc878b86403c915802220add7f5d52e154ed6

/storage/emulated/0/360/.iddata

MD5 486e2bac2b3e9e1cb411d2838a4854bd
SHA1 81dd0a7537f4af319b830ae834908986be85da8b
SHA256 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512 c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

/storage/emulated/0/360/.deviceId

MD5 5f3482ce029f39afd31d10c5ae9172eb
SHA1 5da99b586f09827b9828675c6f46cb482b6372c9
SHA256 aa04a29f4f745988799524faaa6668f6d9be9432b91ebab06b34fcd35a2a31c9
SHA512 974d92eb64f6f82315a82db96e2657f18c7375544b512f3a9b224a1248cd75193efe5a15ac88f8dbf3634bdd92361c0c27dee64bd21e07cd499576b90df06f33

/data/data/com.libin.wealth/databases/MessageStore.db-journal

MD5 ca3446a2d922c1368d5d9581886289c0
SHA1 b319b3453433c71689df68cbdff66ba395a10e72
SHA256 5b1caa63cca647e73af8a4f3ee0eb678b6543258ee59758a4229cb2ed155d34c
SHA512 cce63874f80c37574579be9908e716abfe802aeabdc5d351f7de10e11d71b3fb42b8673f9397ae7c2f1cef03ad46aed5431dba084b0d278511560af8b41bf9d4

/data/data/com.libin.wealth/databases/MessageStore.db

MD5 5336f69e3ef00ec21a1b62ab89f3d4db
SHA1 a338a36f8eec54c41410dad524993ef369c8b0f8
SHA256 158c61f8e47697a94c244d1c1e43d0a1d1ef3f3b767ad2f29db193390e54fa23
SHA512 bea4461759923da95f99510e59529e1e1af40cbf103b8e58ffd2acf0bdd84956acea798c1e65959dd5fe33efdfaf361d072857c10cecb431566219b649120606

/data/data/com.libin.wealth/databases/MessageStore.db-shm

MD5 4b492295253351e159fabef29271146a
SHA1 6c24f3e577a459b1f094f55a67186a291ed0fcf3
SHA256 cc8fdeca38c9f0979abca03d1b7d5ace7ca975c717a3f5d36af95aa3a8f3ca61
SHA512 baca97b5580f0f7d379af04df71098d1f8b8b2d22a308fc23fcc0705684c25ffe68c0cfc8e6d8f2b70d4b92f7194f00d8a939a37d903c9ecdb11bc3583f829a8

/data/data/com.libin.wealth/databases/MessageStore.db-wal

MD5 267d34a4a33c3c5320b9ec340f272ed8
SHA1 243c469e979489af4ef34322824c608f23ad6ad9
SHA256 aa62df5c2b92ebde033ad609edbf912bd84552ae0d01d8c7553d847ca5d37c43
SHA512 1bd4056299c7a2deb0d192e9822eb2d9a18fb880a364b845f08706332596c87aabeb9b1b9c8fc9df0bf81603eff2dcfbd66eeb631261de161a27ea4ea623bdac

/data/data/com.libin.wealth/databases/MsgLogStore.db-journal

MD5 7e053b9ff60cae27ae8ad21d21632932
SHA1 674652aeea091ccc87e35cbe782b4c597c5e305f
SHA256 9573c317dab83c2c53eb65fe9b054b7888c116aa35f487ab26746e3ec383c9b3
SHA512 75dafacaf80780cb0140f5320234af957ed75a3af837069b52b1dbc44e67bb2e08f14dfafe1c3ca276e75b228c47b39f62a5d482fbdfb943d99f7e22ce5f4c8e

/data/data/com.libin.wealth/databases/MsgLogStore.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.libin.wealth/databases/MsgLogStore.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.libin.wealth/databases/MsgLogStore.db-wal

MD5 5891e61027243ffaaf3748943889fd8e
SHA1 663ac8e95bbed03941d3d837082a96fdd8aae5e2
SHA256 abe025397319046c78156c5ae22c037db8dec3adae3c533bff93003565cfb27a
SHA512 361453fa0805ae9ee509d692880cafbe537c10b70f915a54bfca905e43b9af00fd750b1f5102f191403c1eea94079d956934889920ae7c714e3a1fb2ffd051d1

/data/data/com.libin.wealth/lib-main/dso_state

MD5 93b885adfe0da089cdf634904fd59f71
SHA1 5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512 b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

/data/data/com.libin.wealth/lib-main/dso_deps

MD5 0d72aca83fab2508a416cdbeafa1af5f
SHA1 e24f2b1a720aa97cfb62e1102261b695b53150a6
SHA256 a45a836711a0165ff51955b58471b0119f23ead5365c319af46c41fbc2531121
SHA512 0785c25832c26ee7f55b2f87ba4607a48e470aa8636e26099a048a5f15a628c9bbd2293b5412343f4aafb1d51fc71bd937629cb1d04a95d3b3565ed9bbb9f792

/data/data/com.libin.wealth/lib-main/dso_manifest

MD5 c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1 c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256 957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA512 29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

/data/data/com.libin.wealth/lib-main/dso_state

MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA512 7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

/data/data/com.libin.wealth/databases/accs.db-journal

MD5 32eb5c18551ff9cadc162c1357c95340
SHA1 ef77d8361009c0d97e0520f6afb099d17c36b944
SHA256 ee782a44bcb7b2591b683fe0fccdcc5cdc7f8d3a54a3b5bc05eeb0c8692650cc
SHA512 a48cc51af82001787b198b0660331d22492bad9f096ab061cfa54cba9fc8884ce09543df815e51780df2e84332e833a47e213b9c57f8af6e8edf2e4c55f21ecf

/data/data/com.libin.wealth/databases/accs.db-wal

MD5 71bc7ae2d00b5541faa07ead60e29ebf
SHA1 74034f67128bf221b6696a249b1dd67369016390
SHA256 d6f8e649bc1b5f6865b9055d4d45f9319776900ae530abeb244cfe6b2ea9fe97
SHA512 c5600666a7f18e1607fcf77f6e421e3ff700dfe962d7d525e3ee988c4b408b5d29b0e2c853487a1850b0fbc52a8326829e26635c6880502743143a043aa5f245

/data/data/com.libin.wealth/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b

MD5 2581ededa4c4cac1428f7c5d0f44c846
SHA1 f4f8f27bc9e746a060f34a20c1a4e9fe70544c43
SHA256 2e33363c8f9b3d09fe7057ab73b3f859dcaf63488bf570845b9afc597b66876f
SHA512 ccbd80bb7b3cbd1a77c82162f9cd6846b004d4b62128d8002df759b8b373d3530a90b5af9ee0ce3e891fe41abf7b2b9c022794bf31ac3bbbca0ecf8a589dec8f

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 9781ca003f10f8d0c9c1945b63fdca7f
SHA1 4156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA256 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA512 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

MD5 ddc57b9b63dd98e892390e75697fa1f4
SHA1 7d1253be84403b13c2b9c5b27e9dd48377ad3127
SHA256 8072e4bb3352e9668dd305f468ad6b784cdb32553e7ac870b3d63c9699f1114f
SHA512 c1d5a77178289a91a3f5c285dceb59188070099da2a705b88497e4be0d19a7476ca38eb846af6fae2d3e983084d0e6425ad848829792c38f9cabe0e0e243bbfd

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 bec2fd69727290629c40a0a939bd2abe
SHA1 5236104865cd73af001cceb48c48cdb3216b9524
SHA256 6ec93da0f97d7d0eebcff1d805cddc1a23f8978d2f83089ed5e1fae359bff1b3
SHA512 a985cca670baf4165a8f52df2ae84e3bf507b7a6974260aac8bd598290e0c0ceef8e77238c31ca73cf258ada18ec62fb6a29b22bb0efa3bcc4e95c2cb6a64849

/storage/emulated/0/.DataStorage/ContextData.xml

MD5 7579f1c4f0fb389a6e3c0077ed76c3e0
SHA1 a78f60ed31d3be1bc65a27516b1fce947afa0e3b
SHA256 b5b20df8de4d41ce34e25f3f36feff82c1cee09184865e5c8c142e3031530077
SHA512 0203a6faf9323414ccecf30de711dbc3f1db4dffdefc272b47f393ca74024d76df7b4ace87e163f498d99cd08cdaeac4e7a54812a898245473bf555872ed94a5

/data/data/com.libin.wealth/databases/ua.db-journal

MD5 6ab4120ae96154001233cd360af23acc
SHA1 e93d01680b7cdc5a8ddd141e60e24dce30e1109e
SHA256 cb8bbd00ff9ddcd10465e7a58351321b42a18346bc19e15ea2c4cc2f9301ce2c
SHA512 35cb38d1ade4c133167f758e1207b26f6e3c3ab1d5f13695a28b818b3241e7c80c89ab3efa837c4bd5857b990235d289b6afba5ad29f3569589da51594607dc5

/data/data/com.libin.wealth/databases/ua.db

MD5 0adda9c85a5e4808f5b1b74c0a8591a5
SHA1 5048107883ab1e345af9cf2e6849ce46e0e612bf
SHA256 1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512 646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

/data/data/com.libin.wealth/databases/ua.db-wal

MD5 e192fc5b20b21cfcbd47efd9dc0a28d3
SHA1 0f046f50b8aa77c4a4fe18a62a05f5f664598634
SHA256 21225a3fd34ee2ac3eaf5eb28842c1ee84e459c30a0fd1d3ea2592a3be171ee7
SHA512 b4548e6cbeb8080ee4987be97208bcf35badc712bc334cf6fe88f50c810c73e0d79dabc67ca2d01a3a48a5f2e75d67b410b73cc712550498bdf226418f22c0fe

/storage/emulated/0/Android/data/com.libin.wealth/files/tnetlogs/inapp_20241103.log

MD5 7d417cc489b7ac2505ffaf218424bcf1
SHA1 678f1e6a9c8252da4f640694f70a551e8d33a18a
SHA256 be6049355cf51df3a2a0564c1085e68b8c5fc70b27a053fad81fbc0d266b156b
SHA512 61a82cc04a57f6d5ac4abcd4e9f3f58e9a34fe7c08de8e1afb73d28b241eaba715602f96a5ade66064914e5134c0a71bb1cba51692a205e063d3820d935dcda7

/data/data/com.libin.wealth/databases/ua.db-wal

MD5 c7250fe08335d2a3923be4655a6a2386
SHA1 1823454e252d8b131dfb65ad209068e8dae116c3
SHA256 d3b2b6bcce94a09535662cf595d86d77832aa933b42473e28f6ad1e179543890
SHA512 03fa48f810fa2bf5541d455c0c5e3368ce3a39fa02749ec8781067bca5a8dd1670439bd4018f437ecb192eb817e598b7892a0bf191922105d7b00daca3390cfe

/data/data/com.libin.wealth/databases/ua.db

MD5 1f3f50d977dd32865f07b816a3c53644
SHA1 c741a0deb7c11ead19e5aa385305d4455daa4489
SHA256 82c5576e4ccaa74408acaa410b17543e011be51beaee1ca22dc0eaa88fae7efe
SHA512 2b31d07f66b3fce344822cd880f5b0bee295ee0f00dd97a8d84627d1452a7eaafc146c469231bce5c5fcb0704cf279d4828424cfa0ed048bf10f5bcd15292e37

/storage/emulated/0/Android/data/com.libin.wealth/cache/9cb50bf92ac044d882ae0fa6d8158211

MD5 79aeabdb8c5a444cf36f9f759d358bb0
SHA1 fd79795fc305cdfd112af9072dc27aeda82b99d1
SHA256 ecfc53ea43bb4a0a68290291ef740278532fda97aaf3b140d37c6faa968aa223
SHA512 b56f5dc4218fc39391ba889402f233bfca748f5147c102baf1b335ee67ed41166cf65e9f0dc2ac8e8261e045b8f4320cd37c578c7425c2b920d53fe975f808a4

/storage/emulated/0/Android/data/com.libin.wealth/cache/373550dd99ea412cac48e757569381a8

MD5 4013f922d6e2b5127df7532c533abfa3
SHA1 d2c113e1b1527a8525d50ac571499d2cfb04eb1e
SHA256 8592bbbcb58d5d04cd7358acbda5fe0488fcb60a101ca6a36e9f7f0f2f0ec00e
SHA512 99103ad0ed45dceae56810e570ffc612d69a7713fbd85208301fdd0cca77dcb12e4d61699b9431836e6cc239375eb22d5499fcd16802e60d2ac0c49c168709d4

/data/data/com.libin.wealth/files/umeng_it.cache

MD5 918cba12e1a21298740d4b41a2458518
SHA1 1058d0e682df3943b90fa02e861266caa2f20fab
SHA256 5331de0f34327a9b0ffcbae652a13152d229ed8b0c31b5d3f2d78a9763c6807a
SHA512 f8f2c5e3f3b424a870c6461afb5941a1163601325906b066fa58f4997e2d7ed3027aa6082891341ccc228e69bbdecc1b45382e3fc965748f10663985f7782f88

/data/data/com.libin.wealth/files/.umeng/exchangeIdentity.json

MD5 4ecd7d98ce9512fd307bca03d6633867
SHA1 d561116ee2c2e98a2e9aab40584f02c0883a14b4
SHA256 5e1850218a094926844859bbb08690a714c3e383c1a51f9ff43b140ff29570b9
SHA512 689f5283c276f6ccdf014c61d67224e868bd4fe2ab13005a2cdd2d9dce940cd55c5a1c80ae94ad4c700d10ec98ce3e26a56b484077864c0e126b5445a5f03245

/data/data/com.libin.wealth/files/exid.dat

MD5 abf5f23e3c9ac7aa191c656a77f7df46
SHA1 18f0441acc49ea329e69e121ac951e78a4eb96b7
SHA256 6ee980e67f131dc38e3b0ceee59a6fa905844156b25dc14badddf3b6d97263ed
SHA512 c6c7123c1b271046348a57a535e56ff3a7adaedfe40f1c2bc79e78cc47df25e48f274f85352f29f02882ef7228c5c0d43ba31876d98aa81f85940ec85b5ee967

/data/data/com.libin.wealth/files/.envelope/a==7.5.3&&3.2.2_1730611629139_envelope.log

MD5 98b7184e3428575b7b68559b5391de1a
SHA1 d105c769a1e4eb5f2c62165dd0658758f09efa74
SHA256 134edf5b5370563eefb37ef2faa543fef355b81eee2b66f9b2d758ecffd440b3
SHA512 e76213c7391832669c91cd3e6c0aa3afceafa96f4b2cff50160ff1953957a784d06500a066193778261387f9fa643a488c7e15cb48b7cbd37fe67d2b0d710753

/data/data/com.libin.wealth/databases/ua.db-wal

MD5 2fe9fc4c2d40d2f4eff571fbfeac27d5
SHA1 09f888f4efc7c82178698d1a55acd6b836c965e2
SHA256 053d28431f1c01a31b35a0d753c8b51f416fd53411a11328de0b5cb0fb24f478
SHA512 0945612f3113c70cd751fefe86701a572c963ba5991b88e2b5c9fe1e5c9efa96cff57e02d158a646091a6843fdf48d56bb28f60e08f9b448f3502affe9838f90

/data/data/com.libin.wealth/databases/ua.db

MD5 8dbab6d779ff78ba834f4c765c711202
SHA1 867fd7bfa0506d58061102209e7aa7c0c572f20c
SHA256 5a33bf3023be4aa2254806c58998ea6f60a0f4e3d9a4861c2c5dcc2b7e6eb34f
SHA512 8cd51e67e5d7f73244e36b879b06e2e4f3e17c70c6c60fec6087359f60e2b53e12af7f5ceab19c25951203e3bcb4e643b196e454e29074737cd1f2e5ca7b7f25

/data/data/com.libin.wealth/databases/ua.db-wal

MD5 16981040aba86837d38328f12c624ef2
SHA1 e194cf9863078dfba28d8136a1d9ce77fa049bef
SHA256 79c69642d46c0ab41714db57e63cfe5d84223dd805fbe0e1e7610a85d26e8e51
SHA512 d184471852f091ea8f59fbe2cbeda7c17227808b050ccc237c4ccfc3a8d9d99a5fc6c15b03427f717a1549c8df91a3d63f1379f9c008b227e8781567770bde3d

/data/data/com.libin.wealth/databases/ua.db

MD5 bd2f87b4a31ca52903420f10a0c89950
SHA1 24c80606913237d7a686f880d45f517803b9f591
SHA256 3416dcad7c83896d2f83c5f5a0f96f3cb698cf7081fb767967ff7f97bb31d525
SHA512 3e55130e89e37ab262ebf83288369241fad3ecd2ab7ed600e030aa285b78cf8dc7e73ca05695d3e43e7c06ced1d5d0996b212bb5cd78a642c3f24f1a4c4b0e6f

/data/data/com.libin.wealth/.jiagu/.jgck

MD5 d8f407cfb82e67b17212ec79cbffcc9f
SHA1 28127db66dddf2ec2ba2ee0773d3a970a0d8f32c
SHA256 a9ec0186cb6f435e973962642c9789d9028be283ad9b9f607386765b03222f8f
SHA512 455aa8da60cb4692eee86f4d47589f1d45a1c03ff2ef819665c98e568e3a2be091d741f3f7c135b6b195ccfea87aab121a30bcb8c81e16623917199526ad3615

/data/data/com.libin.wealth/files/.jglogs/.jg.di

MD5 bff46f92471f100918f4703ddd14c329
SHA1 0dda74d026f1225f6fb19411bd0c83d2a0be06a6
SHA256 433935f8a45bb1d2f481386d1f05d4b7694f26b960af30ade54fdef3640df424
SHA512 3d9ba101b474fb468892019ed60251b865aa395075ea224f96cdd06fa3f9a6e1daefd7f8ab0178dc0cb35aea1a4017b6fd0bc2e578a2cbcd7f5a8bdcd20310f0

/data/data/com.libin.wealth/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzMwNjExNjU0NzI2

MD5 2dc92cdaf7bb2bee8286b7173bd83583
SHA1 a5b200dab264f651f3dc5727a9f34e1fd393d2c2
SHA256 28bfe85829b883e2156afbcd68bc81bb7aebf88b77668c7597ac6bac65dfcbdd
SHA512 ca269411afeeaac7fe038e328d0fc8e1b7f22601eb48f30e9ddbeca945980fe5e51333992550b8ec9b6551bea15cd39a2867ac56c0121343ee0367c4e3e63419

/data/data/com.libin.wealth/files/.envelope/i==1.2.0&&3.2.2_1730611655849_envelope.log

MD5 db8ccb13707c0097ac9f780f75292f5b
SHA1 4785e986612b514cb605cdc6c1e583a12ca4c5e9
SHA256 e1bff0cf770a97d801dbba6941adb97fa94e42fdf6346fddc572e4f983d83b74
SHA512 12413a5171fe9f19452ca9cd69ae761e343dc39e016f8b03f19f77f9ffe3534d14f7616bcfe2f0e478e87ef4f57f7d873a012bb3eb945d26730a826cefee85a2

/data/data/com.libin.wealth/files/.jglogs/.jg.ac

MD5 9698ddc962b2f11c875161e6ba974a9f
SHA1 fb7d596788d38fd1e348c165c750ad448484d224
SHA256 a57f2c6a5987e4b37334761ef24dbc18a3df9f374f244e39f61054cd2e74ebd3
SHA512 281d7544d1e3e376ea6d1760ef8e3055985c11b0d4c64e554df63554db7521791d4b1744be5db28f0603100bc77880f12125fbc22aab350d98cd62d11959e235

/data/data/com.libin.wealth/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzMwNjExNjg1MjQ1

MD5 0168395df7cfa11d766b54cf50637919
SHA1 0b9bfa199a89a375f2b263e517d592888dd65507
SHA256 3366618825dcbc67b5e8e43f746a268c7735bfa20e40b43530cf0ae8d6961ab2
SHA512 77b1aebbf845322ac6fe40be48eeafcdc1f56ba242f097c92d0a703009278dfb0dcb1a92b7ce07c00bb06e50cf867dd536243bde7c042325a79d7d7e5616fb26