Malware Analysis Report

2024-11-13 17:37

Sample ID 241109-2p542stgje
Target 1f7d694dfc6c20420a6a47236dffe22ed4170f33e8a7bc78fac837cf46fb633d.bin
SHA256 1f7d694dfc6c20420a6a47236dffe22ed4170f33e8a7bc78fac837cf46fb633d
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1f7d694dfc6c20420a6a47236dffe22ed4170f33e8a7bc78fac837cf46fb633d

Threat Level: Known bad

The file 1f7d694dfc6c20420a6a47236dffe22ed4170f33e8a7bc78fac837cf46fb633d.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo payload

Octo family

Octo

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries the phone number (MSISDN for GSM devices)

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests modifying system settings.

Makes use of the framework's foreground persistence service

Declares broadcast receivers with permission to handle system events

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Requests accessing notifications (often used to intercept notifications before users become aware).

Performs UI accessibility actions on behalf of the user

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Declares services with permission to bind to the system

Attempts to obfuscate APK file format

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:46

Signatures

Attempts to obfuscate APK file format

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:46

Reported

2024-11-09 22:49

Platform

android-x86-arm-20240910-en

Max time kernel

148s

Max time network

130s

Command Line

com.sgakagak.agakagabs

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so N/A N/A
N/A /data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so N/A N/A
N/A /data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sgakagak.agakagabs

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.sgakagak.agakagabs/app_mph_dex/oat/x86/apk.tencent-v1.pro.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infoglo.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 fleekyp.top udp
US 1.1.1.1:53 hangryv.top udp
US 1.1.1.1:53 spanglix.top udp
US 1.1.1.1:53 gluttonyd.top udp
US 1.1.1.1:53 workaholkc.top udp
US 1.1.1.1:53 mockumnt.top udp
US 1.1.1.1:53 blogosphze.top udp
US 1.1.1.1:53 edutainmt.top udp
US 1.1.1.1:53 eorldekorasyonbiz.top udp
US 1.1.1.1:53 staycatzu.top udp
US 1.1.1.1:53 chillaxio.top udp
US 1.1.1.1:53 electrohu.top udp
US 1.1.1.1:53 ginormusj.top udp
US 1.1.1.1:53 frenemyq.top udp
US 1.1.1.1:53 smoggyu.top udp
US 45.61.141.100:443 eorldekorasyonbiz.top tcp
US 1.1.1.1:53 mansplainu.top udp
US 1.1.1.1:53 spaghettom.top udp
US 1.1.1.1:53 sporkly.top udp
US 172.86.86.152:443 sporkly.top tcp
US 1.1.1.1:53 sporkly.top udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 172.86.86.152:443 sporkly.top tcp
US 1.1.1.1:53 sporkly.top udp
US 172.86.86.152:443 sporkly.top tcp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 sporkly.top udp
US 172.86.86.152:443 sporkly.top tcp
US 1.1.1.1:53 brunchxy.top udp
US 1.1.1.1:53 sporkly.top udp
US 172.86.86.152:443 sporkly.top tcp
US 172.86.86.152:443 sporkly.top tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 sporkly.top udp
US 172.86.86.152:443 sporkly.top tcp

Files

/data/data/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so

MD5 e67f190102a7d7f00d43d95fee80ae3f
SHA1 06585c1b99c00fca6aa04f9fd6c1359182bed5e0
SHA256 a97a2971d8d945334abf32e49a9657c38976a0fb93cdc853e96c977c374c08f5
SHA512 a49eb07e80e2e40483a6d54ade44195d04a30ed21ce5d3f4309cbc9c48d519880cee20acef2a6e0bcba10e97a7ebeb683c1a22a8cdf4b1ce8eb585cf047faf4e

/data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so

MD5 4850ab19c55ce32b94a8b350ca44df3b
SHA1 63fa51282661742a174ed899fae9492ade1f57d2
SHA256 adf50e7b5253b4048cadf12863ec4bc559c8939cf5497569e396d462a3cdcfc0
SHA512 412322f8427b1d5606105e9c17191a7f0bf2da0cb3d72d5ceb0e1c46a24f1679961ca0c3bb27b97514aed9f6015ba62361cb2b7eba6bb75c9adec527fb636f18

/data/data/com.sgakagak.agakagabs/kl.txt

MD5 7c52cc16a173a8ec735d060f1f6ff033
SHA1 9ad3d66cdac732da111d5f68add9fa78c611f078
SHA256 d7f4fac18bd145bc9cccde834f97fa7973a196e09a8e9fe0772ce97e48ac7a50
SHA512 f0012ba5efeeae39b23485fca6e2dad673d813f8a43b04eaf982019af9a5255890bed9ac8e61b4396598e160f25089d787118a3b036ee7073561994f2eaffaf4

/data/data/com.sgakagak.agakagabs/kl.txt

MD5 a7f14735c6014c4ba717a9332c4bc71d
SHA1 22434b6e8318d18f7459444f7bef0fe7ba828f11
SHA256 bf4c939b6354a14f9485b6ff91454ac3305cc7611666a5caed3e6f9111e46d7a
SHA512 b9b48c327e1548f1eb4cffb2036733fa3b8cf53a73a156a62ffbc25407cb8e2c953cd725105ae614e47d8a91984825448b46bff37da73274f3fe8c842003bc24

/data/data/com.sgakagak.agakagabs/kl.txt

MD5 b9134b7cdec23d8bc4868545afb4fe45
SHA1 bbec417a9fbbe88ab7bfab9d6f78c0f2b2924e74
SHA256 18fc02ecae9db180eadf76694649c4071cb0cdcdce174f69ab88d1a117c0721b
SHA512 40e37feb23791ae9035e4f93a2cdf6d1d1115f00a7d1d12d956b94f0c5ba86b90c55fb6eb996eb86b65e91196c1850f883aad8de0e40f84b0f08e1ae3e32ecf0

/data/data/com.sgakagak.agakagabs/kl.txt

MD5 74c9a66e51187b089e522c3525c64bf5
SHA1 b9d3b052cbfc0da6918c756ed5e822c83aac0a32
SHA256 d5ec0af8ee2c214f07aeea4cc2ff4bb216c05d475d4b6f20260a3a6aa1a6811f
SHA512 73a942d773b077d3c5d44a4820ab84311cba2044a4bfdeb2e2300ce64954c30ad0c773254e07d112304c120bc46696ddb7afddf63bc9a382b70ebb03785a49e3

/data/data/com.sgakagak.agakagabs/kl.txt

MD5 38bd3916c9e276c3e31a40b3652a6d93
SHA1 ae553c9a8fa590d162c7904546185547108a936c
SHA256 d56553d92645fdf65a25b51bd30030a6dfbea36e7b92fabda243eb05eb98c8de
SHA512 9f6875388dfc5c66c9575c8fc2d0c995b713aa133a8594d35aaf29b2e313cc0a7748808d57c2560d4a8742d6b74670f33ef1f656047eef3b3200341d24bb89c5

/data/data/com.sgakagak.agakagabs/.qcom.sgakagak.agakagabs

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:46

Reported

2024-11-09 22:49

Platform

android-33-x64-arm64-20240910-en

Max time kernel

149s

Max time network

151s

Command Line

com.sgakagak.agakagabs

Signatures

Octo

banker trojan infostealer rat octo

Octo family

octo

Octo payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Performs UI accessibility actions on behalf of the user

evasion
Description Indicator Process Target
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A
N/A android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.sgakagak.agakagabs

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sporkly.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 glampingaz.top udp
US 1.1.1.1:53 edutainmt.top udp
US 1.1.1.1:53 hangryv.top udp
US 1.1.1.1:53 smoggyu.top udp
US 172.86.86.152:443 sporkly.top tcp
US 1.1.1.1:53 mockumnt.top udp
US 1.1.1.1:53 spaghettom.top udp
US 1.1.1.1:53 blogosphze.top udp
US 1.1.1.1:53 fleekyp.top udp
US 1.1.1.1:53 electrohu.top udp
US 1.1.1.1:53 brunchxy.top udp
US 172.86.86.152:443 brunchxy.top tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 brunchxy.top udp
US 172.86.86.152:443 brunchxy.top tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
US 1.1.1.1:53 brunchxy.top udp
US 172.86.86.152:443 brunchxy.top tcp
GB 172.217.169.14:443 android.apis.google.com udp
US 1.1.1.1:53 brunchxy.top udp
US 172.86.86.152:443 brunchxy.top tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.178.10:443 remoteprovisioning.googleapis.com tcp
GB 172.217.16.234:443 remoteprovisioning.googleapis.com tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 1.1.1.1:53 brunchxy.top udp
US 172.86.86.152:443 brunchxy.top tcp
GB 142.250.187.198:80 tcp
GB 216.58.204.66:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.187.198:443 tcp
GB 172.217.16.226:443 tcp
GB 216.58.204.66:443 tcp
GB 216.58.201.97:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp

Files

/data/user/0/com.sgakagak.agakagabs/app_mph_dex/apk.tencent-v1.pro.so

MD5 e67f190102a7d7f00d43d95fee80ae3f
SHA1 06585c1b99c00fca6aa04f9fd6c1359182bed5e0
SHA256 a97a2971d8d945334abf32e49a9657c38976a0fb93cdc853e96c977c374c08f5
SHA512 a49eb07e80e2e40483a6d54ade44195d04a30ed21ce5d3f4309cbc9c48d519880cee20acef2a6e0bcba10e97a7ebeb683c1a22a8cdf4b1ce8eb585cf047faf4e

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 f503386ed89159c9ae6886bda79b7fcf
SHA1 a300d0d1ebfb16c8c92b99fce14f9f3a76486864
SHA256 7efa48fd5d6e89b71e3c0b755ff45279a3685ec709bd48e7018d77d2ed567ad8
SHA512 f1641764a087d7e2ac934ab846951fed9926189fbd22834d979e7824ccb8519cf6c1cea4fbf0836d11a5b4ffb0dbf563cbcaccdb448a904f5cc145dbad99ca0d

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 44029c65ac22cba008c92e931a2aaa8c
SHA1 d84bbd7206b61d789c7eddacfcf7f8788a887566
SHA256 113b4b01a93cf472e2cf506af671b7f6d8bde965318a9aec8dd23ff7b9a83a49
SHA512 6a67e99da456c76316ce45d65077c6600aa31aac673f57703201d393c9fb3b39abb93e8564d3089a98a88147796cf05a052c29fd06ea1c2e36be6e3c866616ce

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 51eecb4464be1fa06325734de39e410b
SHA1 69e53df9f12e37a4761b678877e23c09ca7e1c00
SHA256 229ecf01d1b40fd1ed55fa09e4a5e6ab6b1ec9475891e2524d97f1571b550395
SHA512 78c8141e4d1247e82aff170baa2f6a4868c77053c354fe225b27e767114d0461ced4b41f0efa08bc127a3ce6b204f81ebcb715a7d4312c63993fad1b5fe414ab

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 b718f8ee554d60d9bcbd4546802b9d63
SHA1 384cca1223140b792a25891a6d04255f5347a555
SHA256 b74fd1d4855e2651652a8a9f8ea3b94ae2690817742d86515a7ded0d2e8c5e1c
SHA512 80066406dcf4460bc23d27c14020fcfcb2ba80edb86be09138f6c3cffcf141e85fe2f65ef1bbb1e07bfc27fad6e513da4f6a22503b42cb109cc8a05cc0dc28ab

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 05aa99e7d1893831cb1670b73d1bac09
SHA1 cae5e47fd6315c626e0522a287c314091705884f
SHA256 ee8fb1ff4ce7ef166f9b4972a43380562897e8c9785115462c39c7110bc8abc0
SHA512 147126b073a2c91504335d435980e044c769c755f34a9a241170071a0601d9cbe2dd8d31bb06ebf13109a4b53e122888dfd738d365327831c8fede89ed185f4c

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 23c107483a2f83dd65154062676abe0c
SHA1 a49b7783577214572175ecc9cde134442a5d2f83
SHA256 5be7a6aad2fbfd9c0107524142ce90cecf23699303c5718b5faa83d62162a8ac
SHA512 af369cc400fcc35ec07a31786fdf0ee698f8427bee866fd0d402802ab4d9042532318b77c271aca61483d910511e6c62d10e8188f7e225e467b3ae04cf3b834a

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 ae330b63b188e4d2e3576e9ee5834b44
SHA1 c9a340d47689b3e430330bb0ce39fc4597a5955d
SHA256 6395951f2ccd4636a68c593279f42c909d61f2043ffe010304d4060dcbc72726
SHA512 e122d1358df8088ced5504eb74026f29f9210bbc79197ed1691e2acc8efce0c5cd18117e72291baf43014a7d6140d5493b6b88f9d5f0b095070c083cc554d054

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 61461de9d14b844245c1fb108c7bc936
SHA1 49f4a1d4ee6c33308a4ebc25a8924669cf69b04a
SHA256 f50a2ce395c711411354c48f9c394a25ff2bc36c45b3febe518084a32a30819f
SHA512 0a8689d3bf09093e77b1b6a1b06c09cbfa3121458249481e77b1c1b471c8c83e79810c261033f02e1c05c479e5b8777eb0fd59f28fcdf5eb6dd208c2803164e0

/data/user/0/com.sgakagak.agakagabs/kl.txt

MD5 468da1481211c6d4ef9dbfeff40401b1
SHA1 4573f363788ad3a7daa010b39ea45b7a92d5869c
SHA256 e65b3cb1f59b9d9d4f29f9b81ff04c3096f55cfa0bfc9b3a1e0cddd045e24eaa
SHA512 cc2e29d26427f15ed3758432f43285ff126601948d16f568c840d50d9523209a52c9a16c6b3001401880b078e12cb817a9571b8bb0037effcdacad808aaf472f

/data/user/0/com.sgakagak.agakagabs/.qcom.sgakagak.agakagabs

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c