Malware Analysis Report

2024-11-13 17:37

Sample ID 241109-1zx1ratcmn
Target 021ae4819b72a9355ecda674f67af89366547bb8865eb3cfae1454c242f49a6a.bin
SHA256 021ae4819b72a9355ecda674f67af89366547bb8865eb3cfae1454c242f49a6a
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

021ae4819b72a9355ecda674f67af89366547bb8865eb3cfae1454c242f49a6a

Threat Level: Known bad

The file 021ae4819b72a9355ecda674f67af89366547bb8865eb3cfae1454c242f49a6a.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo payload

Octo family

Octo

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the phone number (MSISDN for GSM devices)

Queries the unique device ID (IMEI, MEID, IMSI)

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests accessing notifications (often used to intercept notifications before users become aware).

Declares broadcast receivers with permission to handle system events

Queries the mobile country code (MCC)

Attempts to obfuscate APK file format

Performs UI accessibility actions on behalf of the user

Makes use of the framework's foreground persistence service

Declares services with permission to bind to the system

Reads information about phone network operator.

Requests dangerous framework permissions

Requests modifying system settings.

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:05

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A
Allows applications to use exact alarm APIs. android.permission.SCHEDULE_EXACT_ALARM N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write the user's calendar data. android.permission.WRITE_CALENDAR N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read audio files from external storage. android.permission.READ_MEDIA_AUDIO N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:05

Reported

2024-11-09 22:08

Platform

android-x86-arm-20240910-en

Max time kernel

149s

Max time network

157s

Command Line

com.great.electric

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.great.electric/app_oyster/falHBks.json N/A N/A
N/A /data/user/0/com.great.electric/app_oyster/falHBks.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.great.electric

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.great.electric/app_oyster/falHBks.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.great.electric/app_oyster/oat/x86/falHBks.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cizgifilmsanatvesinemaevreni.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 eglencevedostcancizgifilmler.xyz udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 cizgianimasyonvedijitalhikayeler.xyz udp
US 1.1.1.1:53 cizgifilmlervekarakterhikayeleri.xyz udp
US 1.1.1.1:53 kahramanvetuhafcanlilarhikayesi.xyz udp
US 1.1.1.1:53 masalvecizgifilmkahramanlari.xyz udp
US 1.1.1.1:53 cizgifilmvedegisimkulturler.xyz udp
US 1.1.1.1:53 kulturvecizgihikayegirisimi.xyz udp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 1.1.1.1:53 cizgidunyasindakiyenikarakterler.xyz udp
US 1.1.1.1:53 eglencelihikayelervecizgidunyasi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
GB 142.250.178.4:80 tcp
GB 142.250.200.35:80 tcp
GB 142.250.178.4:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/data/com.great.electric/app_oyster/falHBks.json

MD5 6927b46b74f8a0abb1407e5386e5c631
SHA1 28b98a9c8b5fc27a69d931306d75e11edbff78c0
SHA256 bb6e56cde60b88970ccebef2534ec8d7222529f59ad7844ce89afd70d8f69807
SHA512 8822c5b5cb04823067986603bfdacbee77ddc451884d0465b6ec0264c4e89309db3e2063ff55fcf615fcc442e32845245bd0d201aadfa972f38773c5ece59713

/data/data/com.great.electric/app_oyster/falHBks.json

MD5 247778ae5da2b6d54e0287132001d96c
SHA1 1b8495ed15df2b1c594cc2c286b19c62645ba6d0
SHA256 8d534e23761b3ccf11745497b84a85167407ecaec891ff64a9e887ac8a3b7b0f
SHA512 92f7d2ec05cd052f4a554ffab5ae7ac040578aa02448bd227d84d37abcc804e06f5915fb86bdb42dbd7c363daea1c5b82e02a3c3ddda9b7235a7abc6f65b89e9

/data/user/0/com.great.electric/app_oyster/falHBks.json

MD5 416b03b0172534f072f7329ba6974da1
SHA1 030a6105b434420c29311de5326751ec821c4d6b
SHA256 5563357d7ce125e958036fcd1b9a19a292cf29806519d9a0612eb83e84daf44d
SHA512 be9bcf1effdede0f34a5a207ff0ca4151e5dab0bef21e6af15263c737bfbf45f7f3bb772a1931a08cabe1ca47bf8335e1a74d68072bd51759d9af1a5ac8c438f

/data/user/0/com.great.electric/app_oyster/falHBks.json

MD5 82079942ae3d52f2c6e5ba81f475b30f
SHA1 7e18d906bc8bd5ca398119f0f545283e49be5b31
SHA256 2f439e2c2b5a8084e4c03b9a4483ec0cc445d79aa79e8478eb916e7a2d0dc9f6
SHA512 7f21abb8588354ebe8937d19a65a3e40377bc18f35da1ea3bf341fbf6d21ffcfeafba3218b7ca84a07005523fc027ac64f9a5584597f8db5b7165dc1edacaae8

/data/data/com.great.electric/kl.txt

MD5 3be9ab109af35b62d02120fc4eb0c0ff
SHA1 b5194e12aaddb4cbe003947b6ab0ec4acf1eed3a
SHA256 8cc6e948f5d1d240aacac4c21054580c5eb1353c75259bfca453cead3f037231
SHA512 9c818c420b2472866d2b175bc0f5f5e971c805d78fc18d77e81b9ea727f1e26f195d61c490bf3924e1a1f8f3d4d62a8d732e4b619fd64251dd760d7458bee7fc

/data/data/com.great.electric/kl.txt

MD5 d6b1aa8846dd187e67c5644764394323
SHA1 7328e858cb21fbcbd6fa0510ab8ec51e252b3ff8
SHA256 494ef1ed2f3c38bf3e51041f6fdd637cb95b3698754eca08d6f3076d905a5fad
SHA512 5ffcdee4e8bcdc743cda93654863062a6b78ff1015709550ee3812d1203aea8c49184512ed11b76a672621a9927ef9d9520d9717e683c61fed9671e24ce8566b

/data/data/com.great.electric/kl.txt

MD5 8a138957f59cef0ece469aca09e20b1a
SHA1 7e9f7c5cd976cd491d833b4616c07901a8675358
SHA256 9a16a3c2aa35d0bdc8b91fc5138b55de75e118f0f312f108a8f888dcb77f22ae
SHA512 2a2109d05f8b1387156e40f41e927f563a2a2885ec8233a8696908c7adeed474b09b38338a0a46a1d0707a03e89612418aedb868a820b784ab5db71d4061636f

/data/data/com.great.electric/kl.txt

MD5 0688dcfc6ff118a69241ae5826a2c20c
SHA1 1a978443433ab9696113ea1d9452cdd9febe2179
SHA256 27e54b1f77dd05b42e5dac44cb6450a67191bd6e0560134575ee7114bca699be
SHA512 3a0af8a7db8aacccc84c098e8ef02fc1b418a5cb2bcc55f63eb344dfd95cf393357092b262d7efbc04f89e208657c1d53d52c5541d24e4335ba4626bc319ad8b

/data/data/com.great.electric/kl.txt

MD5 d4b0e7a681a50acd4be6b81155706b8e
SHA1 557b911a01fefd68f78ddfbfb2112d734d91f8e2
SHA256 fbf6c0582b7637dd0de7c25dd8f44e1bba517c2fbf36cf040671ddeef63dc7e8
SHA512 b985cff39c25ad576f1e9437fb63b756c40a6aabddddc01c07a3c44dac622b9cc7732685a065c6aac8d2d8bf806b34b72d196d71dbf5ca8799a4acae2677ba5d

/data/data/com.great.electric/.qcom.great.electric

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:05

Reported

2024-11-09 22:08

Platform

android-33-x64-arm64-20240910-en

Max time kernel

149s

Max time network

158s

Command Line

com.great.electric

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.great.electric/app_oyster/falHBks.json N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.great.electric

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 cizgifilmklassikleriyenidonem.xyz udp
US 1.1.1.1:53 cocukanimasyonvesinemaustalari.xyz udp
US 1.1.1.1:53 cizgianimasyonvedijitalhikayeler.xyz udp
US 1.1.1.1:53 cizgidunyasindakiyenikarakterler.xyz udp
US 1.1.1.1:53 renklihayalguclerianimasyonlar.xyz udp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 1.1.1.1:53 cizgifilmlervekarakterhikayeleri.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 masalvecizgifilmkahramanlari.xyz udp
US 1.1.1.1:53 cizgifilmvedegisimkulturler.xyz udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 yeniyetisimlerveanimasyoncalismasi.xyz udp
US 1.1.1.1:53 eglencelihikayelervecizgidunyasi.xyz udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 eglencevedostcancizgifilmler.xyz udp
US 1.1.1.1:53 sevimlikarakterlervesahneefektleri.xyz udp
US 1.1.1.1:53 renklianimasyonvesanateserleri.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 animasyonyapimcilariveoyuncular.xyz udp
US 1.1.1.1:53 kahramanvetuhafcanlilarhikayesi.xyz udp
US 1.1.1.1:53 kulturvecizgihikayegirisimi.xyz udp
US 1.1.1.1:53 animasyonvegorselsanatgezileri.xyz udp
US 1.1.1.1:53 cizgifilmtasarimvesanatyonetimi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.200.46:443 android.apis.google.com udp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 eglencelianimasyonprojelerlistesi.xyz udp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
US 154.216.16.120:443 eglencelianimasyonprojelerlistesi.xyz tcp
GB 142.250.200.38:80 tcp
GB 142.250.179.226:443 tcp
GB 142.250.200.38:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.187.193:443 tcp
GB 216.58.201.97:443 tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.193:443 tcp
GB 142.250.187.193:443 tcp

Files

/data/data/com.great.electric/app_oyster/falHBks.json

MD5 6927b46b74f8a0abb1407e5386e5c631
SHA1 28b98a9c8b5fc27a69d931306d75e11edbff78c0
SHA256 bb6e56cde60b88970ccebef2534ec8d7222529f59ad7844ce89afd70d8f69807
SHA512 8822c5b5cb04823067986603bfdacbee77ddc451884d0465b6ec0264c4e89309db3e2063ff55fcf615fcc442e32845245bd0d201aadfa972f38773c5ece59713

/data/data/com.great.electric/app_oyster/falHBks.json

MD5 247778ae5da2b6d54e0287132001d96c
SHA1 1b8495ed15df2b1c594cc2c286b19c62645ba6d0
SHA256 8d534e23761b3ccf11745497b84a85167407ecaec891ff64a9e887ac8a3b7b0f
SHA512 92f7d2ec05cd052f4a554ffab5ae7ac040578aa02448bd227d84d37abcc804e06f5915fb86bdb42dbd7c363daea1c5b82e02a3c3ddda9b7235a7abc6f65b89e9

/data/user/0/com.great.electric/app_oyster/falHBks.json

MD5 416b03b0172534f072f7329ba6974da1
SHA1 030a6105b434420c29311de5326751ec821c4d6b
SHA256 5563357d7ce125e958036fcd1b9a19a292cf29806519d9a0612eb83e84daf44d
SHA512 be9bcf1effdede0f34a5a207ff0ca4151e5dab0bef21e6af15263c737bfbf45f7f3bb772a1931a08cabe1ca47bf8335e1a74d68072bd51759d9af1a5ac8c438f

/data/data/com.great.electric/kl.txt

MD5 b7aae268da62897bc77968494953bd07
SHA1 62f6949122f7bc0b24ffb152a1b3de2f472f151f
SHA256 3473407ccc977f1dae4abc739aa4f810aa4d20d2db99f1e07362f8349ec7975a
SHA512 452d02fbca71b0c842b75a40110d025c77ba4a5ad2e92791ba3c4e0cc68afc98603c183f07ea25e2939c4a3fba27ededa6bfa1fc6d3d767db6b00d16d99be0c8

/data/data/com.great.electric/kl.txt

MD5 e5785110a399b9d0f8e747d960e4bc74
SHA1 cdec4e92132d770e05829fc55cb967df02f46937
SHA256 7e744897509d8548ec30b063d97f317501e57fc2aa94c4d6819c4f6a08a8d100
SHA512 49edf2121a6527526d143fb9368c9fc573c9c3499e86772a864cf38d85a26f8e7a0d2077f0b1f660f49baca6b91384bb704a1e4e0d530f7cdf79d5c37c43c332

/data/data/com.great.electric/kl.txt

MD5 fc597043f4c04ffb761a47c59fce81dc
SHA1 e9d7fbd0e3096504df78c2bf672ef06a620c2d00
SHA256 3778e9cce702a278e6f0d5379f1049bb256c2a5915d08b935ea4b824c22f3fac
SHA512 4eb661646df1461d1ef689f765c17cd7afe43cd34ad09bb413df265e843c8a1c1a8799b1f72e7d96a22f7ee20251fd90d9efd9c512549b7ba7804c8710ef9603

/data/data/com.great.electric/kl.txt

MD5 ba152de6475955595bbccf800d61b7d0
SHA1 85bf2432dfa6080d77f9ca758aa9ed99b70ea674
SHA256 02163808b8204a87fe9fd79676b6b0a1aa84d31b2bad082b41550c822dde00d8
SHA512 f0dc7fd6123735873fb25f5d2875e142ca1589b5fb0c6152910296789135914a87d4e430b03aff311ef049ab32ab35c1507e94c81000ac0062323dbed624107e

/data/data/com.great.electric/kl.txt

MD5 b85b62fb71db4f15a9fa32a22bec89e3
SHA1 9c177dd0a43faf0630fe0d61803eba7185d57ed1
SHA256 567f3ab61364ca86d55cca222c0c321d34feff087750f9e5618e4d2c648baeb6
SHA512 ed9a7f4e581edd4134e731e896b566021101c103312848826eae4f77905b3210a4459dd970a7c7d178ea26aba8bf6cb77450b1f14f5300818decf40f45999226

/data/data/com.great.electric/.qcom.great.electric

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c