Malware Analysis Report

2024-11-13 17:37

Sample ID 241109-1zt9vstcke
Target 39ee97775644bc77df0eeec108c912c8cc47ed1e87597754e9690988b0e2c52f.bin
SHA256 39ee97775644bc77df0eeec108c912c8cc47ed1e87597754e9690988b0e2c52f
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

39ee97775644bc77df0eeec108c912c8cc47ed1e87597754e9690988b0e2c52f

Threat Level: Known bad

The file 39ee97775644bc77df0eeec108c912c8cc47ed1e87597754e9690988b0e2c52f.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Octo payload

Octo family

Removes its main activity from the application launcher

Queries the phone number (MSISDN for GSM devices)

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Queries the mobile country code (MCC)

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Performs UI accessibility actions on behalf of the user

Attempts to obfuscate APK file format

Makes use of the framework's foreground persistence service

Requests dangerous framework permissions

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests accessing notifications (often used to intercept notifications before users become aware).

Requests modifying system settings.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:05

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:05

Reported

2024-11-09 22:08

Platform

android-x86-arm-20240624-en

Max time kernel

144s

Max time network

143s

Command Line

com.lamp.sense

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lamp.sense/app_balance/caMcI.json N/A N/A
N/A /data/user/0/com.lamp.sense/app_balance/caMcI.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.lamp.sense

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lamp.sense/app_balance/caMcI.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lamp.sense/app_balance/oat/x86/caMcI.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 cizgifilmtasarimvesanatyonetimi.xyz udp
US 1.1.1.1:53 cizgifilmlervekarakterhikayeleri.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 eglencevedostcancizgifilmler.xyz udp
US 1.1.1.1:53 kulturvecizgihikayegirisimi.xyz udp
US 1.1.1.1:53 cizgifilmklassikleriyenidonem.xyz udp
US 1.1.1.1:53 renklianimasyonvesanateserleri.xyz udp
US 1.1.1.1:53 yeniyetisimlerveanimasyoncalismasi.xyz udp
US 1.1.1.1:53 cizgianimasyonvedijitalhikayeler.xyz udp
US 1.1.1.1:53 eglencelihikayelervecizgidunyasi.xyz udp
US 1.1.1.1:53 kahramanvetuhafcanlilarhikayesi.xyz udp
US 1.1.1.1:53 sevimlikarakterlervesahneefektleri.xyz udp
US 1.1.1.1:53 cocukanimasyonvesinemaustalari.xyz udp
US 1.1.1.1:53 cizgifilmvedegisimkulturler.xyz udp
US 1.1.1.1:53 renklihayalguclerianimasyonlar.xyz udp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.204.74:443 semanticlocation-pa.googleapis.com tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp

Files

/data/data/com.lamp.sense/app_balance/caMcI.json

MD5 7b6b9f191a413230fef22b58c271c592
SHA1 c64a34e96734c643e7b15e5afaf8ab686a865792
SHA256 f07dfc3d3af6627fe019bf1669fdf6588e8a8d92db9123a017ee2cbeb378a099
SHA512 2ae43f2b31453fd21b896a1cd492eaea96a3f0b81eb751f46c66d142d6326047fad9c868276dfca7f19f04cdce9d0a55effe9e0f1c42e11031094b3c89c421d0

/data/data/com.lamp.sense/app_balance/caMcI.json

MD5 770ebe3fc3186ca094615dca51cda5eb
SHA1 cba0fa32a3389b4f97aee025d39e892a01fc58ae
SHA256 43f727fdfa7215701f0bbb1b08416d166793a99578d36963d3a01fcee3bc37b7
SHA512 ce0ca2744a93c0ebebf99cd4efb919eaaab730e1947454eacf0459cedfc8d130799d5baa55b0efbf68ee28d96c266fdcf9c728f6c59bcf7e2319f727e100b518

/data/user/0/com.lamp.sense/app_balance/caMcI.json

MD5 c7df11a44d03d0562fbf1fbc02d087c0
SHA1 122b222db26b55802c35c9d92297cb4d44c62230
SHA256 7c4e4534cb29c2b39c765129548ff5f4856a1fc867027fd040231a645eab9f71
SHA512 320bc5a3332ed5c580951bb96c405cd6dafac338f41c43dfd09a76168e8739dfe15a783051ebabead3f342498fbff11d66f6d981e2b30f5553b7813e47891245

/data/user/0/com.lamp.sense/app_balance/caMcI.json

MD5 8c3dbc41d2c30409d1aed92429a8a847
SHA1 8135ca841d1eae14349b5a7ac5bb89c68f0d55bc
SHA256 8117cb0e767407c33b51616d06f76bb2ec0525c1f997509502fad7cf445ebc70
SHA512 886ae6be5c1d8b5e3cf513511be83edba15ddaa6ef515e069ff9591b8ee34d951cb61cdff3c1c3802b4a4d8e97fe75c5b0c0f54424fb944ea65b591e170e9e57

/data/data/com.lamp.sense/kl.txt

MD5 384187e723ffc8ec6f1f4605ee49eda6
SHA1 55deb0d17af043d24da5161d833733c93ef15261
SHA256 ab5ef275cad542c6bc84b0bd4516d3a9ad97b285c9b0abb3dfad9f87c660b781
SHA512 bf4e086a1cd89f82c9fdb48236a5d2d9da5dcf8982e239b0e29d7258c1a3a9286429c2f7372894e675faae16cce0c6db3586cfd4d2271c9b46039adf155091c0

/data/data/com.lamp.sense/kl.txt

MD5 6ad215ad3d1515e5b4cb78aa727c76bd
SHA1 3a24b0f2dbfe8ecae46a8db482db58067d7fb645
SHA256 42d81d329b12dac9f717924c4b6b9d29aff986ee686e587f3c5a6f2f0ed6760f
SHA512 f00272f9c1b74020c886fd6b99b258e9e6edff1d75f213b29ce2f5e349a4db5b77ddd7356e69ce731c8e5b5ae4f2b4a97055aeff80002dc8e3d468fdd6c0827d

/data/data/com.lamp.sense/kl.txt

MD5 7e969e77d7c96768e40fe15d281f1ecb
SHA1 12eeec2aabf505de01b528703a09a637d3230f29
SHA256 f56725d1ca5c158a2a4f47c040abe77e9c7e20df2b5a3941dc1cfd997d0b5b36
SHA512 48f4bee4048afe7f54be558a8ebb03ca99aad89d70274bad59a632d3bf5a0d3fe9743e9210029c61fcb2c5099123e222bbd99918cf59da6166c0faf731694a74

/data/data/com.lamp.sense/kl.txt

MD5 da405d711ec0c096b4c819f7c3ba44a2
SHA1 5819e4cdab2630221b53bb2075e8368f5be1106a
SHA256 7ecafbcbad879fe5a665bd796a7c2d7ac93160c5ddfe4db72f3c65a7dc0384a7
SHA512 ce0522ccf07be07201a171f4f36ebbe4b6c100f306da5204cb9aa81f449e975ab77dbe6f059514376e8a8b74c68676e687143ef4d90cdc0d22ff5b1632a065be

/data/data/com.lamp.sense/kl.txt

MD5 68a58dfca4ffe4f850b2a541b6e190ee
SHA1 9345022a15434db8a89f48e8fac236f736dc8dbf
SHA256 a50e2a1194be8679f8440d989d19c3a0e3f6b084018d832db1eaed74e73b4d45
SHA512 554b373e959b61c7ea4707c92b2ef075c7ef76878973ee4e0d703782bf9e3f1a21f0f6cbc360ad1d6956ace93b2680336bcaa99af76e9e95f3ffe8f64c7663d7

/data/data/com.lamp.sense/.qcom.lamp.sense

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:05

Reported

2024-11-09 22:08

Platform

android-x64-arm64-20240910-en

Max time kernel

149s

Max time network

156s

Command Line

com.lamp.sense

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lamp.sense/app_balance/caMcI.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.lamp.sense

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 animasyonyapimcilariveoyuncular.xyz udp
US 1.1.1.1:53 cizgifilmtasarimvesanatyonetimi.xyz udp
US 1.1.1.1:53 eglencevedostcancizgifilmler.xyz udp
US 1.1.1.1:53 masalvecizgifilmkahramanlari.xyz udp
US 1.1.1.1:53 cizgifilmvedegisimkulturler.xyz udp
US 1.1.1.1:53 cocukanimasyonvesinemaustalari.xyz udp
US 1.1.1.1:53 cizgifilmsanatvesinemaevreni.xyz udp
US 1.1.1.1:53 cizgifilmlervekarakterhikayeleri.xyz udp
US 1.1.1.1:53 sevimlikarakterlervesahneefektleri.xyz udp
US 1.1.1.1:53 cizgianimasyonvedijitalhikayeler.xyz udp
US 1.1.1.1:53 kulturvecizgihikayegirisimi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 216.239.38.223:443 tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 172.217.169.33:443 tcp
GB 216.58.201.97:443 tcp
US 216.239.38.223:443 tcp
US 216.239.38.223:443 tcp

Files

/data/data/com.lamp.sense/app_balance/caMcI.json

MD5 7b6b9f191a413230fef22b58c271c592
SHA1 c64a34e96734c643e7b15e5afaf8ab686a865792
SHA256 f07dfc3d3af6627fe019bf1669fdf6588e8a8d92db9123a017ee2cbeb378a099
SHA512 2ae43f2b31453fd21b896a1cd492eaea96a3f0b81eb751f46c66d142d6326047fad9c868276dfca7f19f04cdce9d0a55effe9e0f1c42e11031094b3c89c421d0

/data/data/com.lamp.sense/app_balance/caMcI.json

MD5 770ebe3fc3186ca094615dca51cda5eb
SHA1 cba0fa32a3389b4f97aee025d39e892a01fc58ae
SHA256 43f727fdfa7215701f0bbb1b08416d166793a99578d36963d3a01fcee3bc37b7
SHA512 ce0ca2744a93c0ebebf99cd4efb919eaaab730e1947454eacf0459cedfc8d130799d5baa55b0efbf68ee28d96c266fdcf9c728f6c59bcf7e2319f727e100b518

/data/user/0/com.lamp.sense/app_balance/caMcI.json

MD5 c7df11a44d03d0562fbf1fbc02d087c0
SHA1 122b222db26b55802c35c9d92297cb4d44c62230
SHA256 7c4e4534cb29c2b39c765129548ff5f4856a1fc867027fd040231a645eab9f71
SHA512 320bc5a3332ed5c580951bb96c405cd6dafac338f41c43dfd09a76168e8739dfe15a783051ebabead3f342498fbff11d66f6d981e2b30f5553b7813e47891245

/data/data/com.lamp.sense/kl.txt

MD5 bbe39269e84e4778a41ec8371b4ab857
SHA1 5df1064a01e0a3f97b35e9fb49fa762f0556a6bd
SHA256 2116fbe4956f2a7eff00d768bba27360c57061c8c625b78779be983ab69175e0
SHA512 8fc43002e97198d86338449f80e92fa9f54ca510bd2c71ea27c0bf2e99e3d680c73183736a75085e084b332722dde7e94090bf77b3a9442e23c42355c59d4911

/data/data/com.lamp.sense/kl.txt

MD5 8d9bfbda0fe447ce511fb64cbbb9f42f
SHA1 61919b90e15b7bd6d70b7aad3bc0167ace21d37a
SHA256 5ac007f10811d90743baddf5dc4d71a176e5831be8543a396e6d3be20e3da059
SHA512 ab25327165e836318aa6aea44bd89f281fdeb1ecbf920b355537f5287a06c25bc1f912a9b805ed9a535b7ca63ab0446fbfa55671215624d643f0815c9abbdbb2

/data/data/com.lamp.sense/kl.txt

MD5 c34a7f8afd18d982882d96ec8c72f4bb
SHA1 a1d3612b1c9e0f71fe9a9ffc52fb2dc16c29fd01
SHA256 88eafc859f7cb4073b93e7a77a91fb66ebcae9bd484a699849b7001a6a3eed52
SHA512 a09f9fe741a21bfd33f046bf12cee6dc92ea0837ecde0c1af447554d3600d9e73e181badd991ad200c752135435572bf6b75cce6cc95ed608862cb90e76925eb

/data/data/com.lamp.sense/kl.txt

MD5 c9bd2f2e24dbdb1928eb2768b4cc5a02
SHA1 07daa8c0b73a95e30d86a68fc1d712c8b0988371
SHA256 592c55e2f0395da599af908d11f378acf5210cee2e090b0983f1a906f3e4ab21
SHA512 aab7885f3fefe4cdb2d381288df8347439cbc859268ab1667cd41866d34176daf7247c3658537eb1411a0eb3876cf082fd837c7c6993bcbda3934f9edf30ccfd

/data/data/com.lamp.sense/kl.txt

MD5 da30388d789052be67cc073cf4445b79
SHA1 decea2d1793fcb06467f2047d0600ca0f2fd6e0a
SHA256 fd602cb222c09f26dd6d49dc643ed63742f9f47a4f1fbf4e8e4a9249365aa0ea
SHA512 a51123aa524cbb6a8f35066b66dbcd569501de19afdbc2f67c4f61f215ffaf4ecbb734a31f361d635b5fd47943f1f686ca8af8cfe783a4e791b31dcc5460d9f4

/data/data/com.lamp.sense/.qcom.lamp.sense

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c