Malware Analysis Report

2025-01-19 05:51

Sample ID 241203-cz4arsvrb1
Target 63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663.apk
SHA256 63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663
Tags
otpstealer discovery evasion execution impact persistence collection credential_access
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663

Threat Level: Known bad

The file 63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663.apk was found to be: Known bad.

Malicious Activity Summary

otpstealer discovery evasion execution impact persistence collection credential_access

Otpstealer family

Otpstealer payload

Checks if the Android device is rooted.

Queries information about running processes on the device

Makes use of the framework's Accessibility service

Requests dangerous framework permissions

Declares services with permission to bind to the system

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Acquires the wake lock

Queries information about active data network

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 02:31

Signatures

Otpstealer family

otpstealer

Otpstealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 02:31

Reported

2024-12-03 02:34

Platform

android-x86-arm-20240624-en

Max time kernel

125s

Max time network

135s

Command Line

com.nhn.android.mail

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nhn.android.mail

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ntracker-collector.naver.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
US 1.1.1.1:53 kr-col-ext.nelo.navercorp.com udp
KR 110.93.157.96:443 kr-col-ext.nelo.navercorp.com tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 216.58.201.106:443 firebaselogging-pa.googleapis.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.200.10:443 firebaseremoteconfig.googleapis.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp

Files

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 814d63eeec5d4b62eb8fb6b9aee3847b
SHA1 8c556a47b7ab712db6f3ccaeac010e67b8a4b638
SHA256 5537edb8db18e3e2a7afa4c3009de0f1fe064dc7f33f8fbcbb526558f1d83eae
SHA512 df1b33d34ace3bb492c2f4a7a732e39c2c08fe7d4e0f9d098aabb854dd2ddd81882ac9b98de47e7f637b526eb573ce0d910e583d67b255fd4d3d3d4f35aa3638

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-wal

MD5 6f17dd0c9035e5a3e29f45c91f3ebd1b
SHA1 5a3da997db6ea6107f33f3bec09deb48e7e0bd51
SHA256 3aa754fcda260134e98670fa8d8464d8c41fa08dbcc501ec196ff281883dbe22
SHA512 9139d16b17a5c01297138997eccbcd6ce978a4cd052384d77bd3f25c82db9f3deb878ee9e3541cfaba647510c5d0029923a951ce71070c59f58f0c3e20692cd0

/data/data/com.nhn.android.mail/files/PersistedInstallation9065683565237305795tmp

MD5 270ce7e753a787f14aee50c969d63ecd
SHA1 fbd58a8b8d6fd4455c8b96aee45494a47751cdba
SHA256 7c5627c9f9f43fbb54d38cb710158254677723ad621d014cb6c1863713d2dc2b
SHA512 cb2802171348f25e4fa185b1eed38c310ffaa149852a1a0f3174e6b5e76492038e0db14b95cb925705653ba20b8d8f6f55065f251ed2cf1287dbf425f9afb3db

/data/data/com.nhn.android.mail/files/nelo2_install.id_v2

MD5 7509f67c8ea2f0b1a8a51ec1e042eb4f
SHA1 f7ca38550ad8320f95039ed8108da524cdec8b2d
SHA256 cb7a67b663e68fef2e5a4963b73454dda2c3b4de6b95f2a31e42f23cd0b6daf6
SHA512 36e04b5898b73aa839071fb419e3185f3e8c65245b8ea6fd85fdc40c759f9471f1bde59191baf2ae6ad27b2196304e7a9c5de51a0ec74bde4fe9f62ef50f39c1

/data/data/com.nhn.android.mail/files/nelo2_app_version_N2JmY2QxNTc3ZDE4NGViMmExZThjOTdhODE3ZGE5OTA=.id_v2

MD5 d876fb82928a2373100e843bbfaf8eac
SHA1 efb73a5a1a4295d33c014fb6084b22d390dfa5c2
SHA256 ba5204803d8337b3fd6d755c1c5316bd78457d174f50552a2fab5bb23446b19e
SHA512 a38c1afb48dee809527d41d418715354e25abe04816a9c5d93f34e57cc67aa648ef7d35d389d3ee6a9be3627bd3539f6d4a4d51f5b89e1016f4e7d3a13c33f31

/data/data/com.nhn.android.mail/databases/nelologdata-journal

MD5 9263342be227133ec1a08ca8a9d6f141
SHA1 46d3e8842457899e47bae1a8cb5b896328f016c7
SHA256 b64088a26fe462cbb92e263668e39145786a47f6b76ab799e78793864115c30a
SHA512 d3acb49341e31fbd893d61cd74015fe087f2f9d209b35d1d7cf71e2d49757e614420ad13d5adfcdf1e986fbbdaebdcfdc20256459508e5f0e9a18098575aae24

/data/data/com.nhn.android.mail/databases/nelologdata-wal

MD5 9e6b003e3af5a1c66ac9836691970cb6
SHA1 3b6085d9e7e7f27b158e09dc985a20fd69ed2a58
SHA256 3195d10de32c043347b2c64eac33117b7509e5378b58b7c3b1a85af74c373870
SHA512 104edfcef069736d431849ecb35f5a75f329a961a7c6221205608da079b350b1a59ecace2fee543f469aa0841c24670dea619bbd9791dbaa7497ba73261c8e0a

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 b49c3446ab636df7ee43eafac2433fee
SHA1 b16c53036c07f72280f220acd3e7f267044419df
SHA256 b7869e0504a7ea690a25fb80b2c43a05249db37c7fec978cde4eed1548cc268c
SHA512 bbaa46555c0468780ec7c21a27549c9682d6e657597d5f76949443a6ba49323dc004a5222ee636f9671482e62c0d32a89c2eadf53906738a56d004a9d10f733b

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-wal

MD5 984de2f721475171f3cbbd2e8c74ce23
SHA1 bc837369bc2d97d5d9a812eaab43f656e91887b9
SHA256 b5076bc5f2c97d7b15d387fcfaa265109c76e987dc99f2ca1572f162031f97ee
SHA512 2c1bb8f29babfaafe32b2dff89e5f35f935e70d991bbe65a5b9094f3ec4b7a6afbdc102aad5d67b261f9836a27a89462412b835627dd85d9eb14df4bef24a728

/data/data/com.nhn.android.mail/files/PersistedInstallation6956563769898904779tmp

MD5 232b6bb5d5f1529df58cac72183e310c
SHA1 22246efe97dc2d71a8ccafc400582d61deb93816
SHA256 70a85d6391fcf931f549fd8cc27d927ac2e365550f6a8e02027f79e4692937a6
SHA512 24cef836191aa3d1c04ba83fa9709217fff492363f1654efea541ca527fa58344a11c8efec8358d383b7dfcb638656b6de2270b5c5f4e1a4bc8dc5158511811e

/data/data/com.nhn.android.mail/files/frc_1:129436326568:android:3fb259f21ca1e06e_fireperf_fetch.json

MD5 aca9757655fb3e9fe48193eb4f9d694f
SHA1 7e51335adf95cf79271c3ac6961181144c1b8702
SHA256 cb39f843a1fe2dfce5f73f2212d35f6665d3d2af0cdde2cf99527740d05bdc16
SHA512 ec77fa35757778e59415cf56604de14d3e6cbaa36c1a6f762b093133c26820b9d124e2671530de169860160913e9b49b4ad66c92624458897c3c7e9361a4f0e5

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 02:31

Reported

2024-12-03 02:34

Platform

android-x64-arm64-20240624-en

Max time kernel

149s

Max time network

135s

Command Line

com.nhn.android.mail

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.nhn.android.mail

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ntracker-collector.naver.com udp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
US 1.1.1.1:53 kr-col-ext.nelo.navercorp.com udp
KR 110.93.157.96:443 kr-col-ext.nelo.navercorp.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 firebaselogging-pa.googleapis.com udp
GB 142.250.200.10:443 firebaselogging-pa.googleapis.com tcp
KR 210.89.168.42:443 ntracker-collector.naver.com tcp
US 1.1.1.1:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.179.234:443 firebaseremoteconfig.googleapis.com tcp
US 1.1.1.1:53 ntracker-collector.naver.com udp
KR 210.89.168.84:443 ntracker-collector.naver.com tcp

Files

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 7f14a81840c441e8ea316e562734756b
SHA1 a6a12d8c41d21fe9622bef0153a69f89f19b0ac7
SHA256 38dc5d88d4fcce8fc6b7d67939c1e563f7d15f4a432b039308a12917a8efe82a
SHA512 540a0d906066f84c88b7ea72997c44d34e2ba7277f5fb2416c31adafdd78a1a28980fd4117a1c99985e88cf55c44d028f49db40f7da231dba563328146abe7b0

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events

MD5 7d64aa934de6c153fe55974afb8c50e0
SHA1 7c167af31f085707dbc75e222ee403a2d9a4c429
SHA256 e3d8ba8cb28cc73c46eac912d1bfdd4cab2c451a87f4854788f7b23e7a50e820
SHA512 7006c066ff2b5b9892761593acb7dd11dc443dbb76c14255f2b09f44a0302d3c519b44cbc1b9416c308b80001f8176d125841add49c821b155794cfaaca857cf

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 3389866eab3b80d8cc9a747303b70642
SHA1 869c9f3879927308f71142504c9122ad986b1947
SHA256 8580034aa4b79679db6b4511e1e94039f86bdb756f174b89c7b3a1442873c2c3
SHA512 457b38a80c5de177044ef2b3c758d31ff123238755e3bc6222e8612e3b6fb80ed2c053663157f0f44b240b25ca1ddac66f3c7974f79f72dd858fb020204d530b

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 d7199507d235dd1ad4271a80e7a39480
SHA1 4a94ee1ed57f15149b3f4691b5d527c1a97af0c2
SHA256 aa4f3d74aad7ffe841119e569329deb8d61f80180ae3619f866e27ae2e1d69c3
SHA512 6d064cc48195e435cfb5d3a7fc65ed904b6abe0d5eae96105a0b0b96e05d9b813745544ce6e3a06dc0a3cf6e3bce728202fa4d6bfb0196d303ec34ceb73564b1

/data/data/com.nhn.android.mail/files/PersistedInstallation2722260589754375742tmp

MD5 47e1d688bd8cb2e82577c72000d58b84
SHA1 beb9ac1067e8696f4a6433ca6c1ee0e1bb03bd8a
SHA256 07955a90659b28f3dc08de19b1d573c1ec6aaa13ae0c2b10e4bab781381a62c5
SHA512 e4b0d839135ab35de224b8028b7cedd5c43a8c95cbb709bbf22e7588b103f34df989bec29c83078167dd68fa1f33e224c4cfeafc55620ff214736de1fffadb79

/data/data/com.nhn.android.mail/files/nelo2_install.id_v2

MD5 0ef5093931945a8ff7a136ea642cb1c0
SHA1 303a1e95ac0cb6d45c7b0066e86d6cb4f85e88d3
SHA256 88464fb49b2133cea3f8f6e1e1d8abbc6c183b733e524e17032dda09a3975fdf
SHA512 914fa09d1c29109474631635b53b0506c707c3fbc55da1791df19d22fc9a44f40af78dde424b275c0f496fe965ae870fc9fb6bea356d2e6c289e6a839a916bab

/data/data/com.nhn.android.mail/files/nelo2_app_version_N2JmY2QxNTc3ZDE4NGViMmExZThjOTdhODE3ZGE5OTA=.id_v2

MD5 005f1a203ccd58f23b8bcde95cbbb66b
SHA1 3353c9eb4071a3a1bd10f6e058b5e925f203dad7
SHA256 f6f888f19ff4382843b1148893c171b87fec6eef03d4a7a2298f93aff9c47c38
SHA512 7914eac7536942d580a58af919b2fe6e7ddb1b031186bca47aaba2c067dbfc0daa3dd6535519292547eedeb5c66437ee8031fa738214aecf949591eb04f42bf0

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 35ed4eeb9f82979893c8155fe3ea82ec
SHA1 05d3bfdea8f5349ec7d042114852c60e9ef7fa20
SHA256 2af3e95bdfc5f39dfd4cd47352387f6b2b1b9de4ff1fb244a52eb9ace246949b
SHA512 513c74467a0a3fc9a55f84faec3620ead74f1ec049746597ca4fc11457ac4a377d535296259c79fc663d2982a25380ad2483d4ac89d04cc79a8c2a9797ff31e3

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db

MD5 d80849168df37bf9817e4ddf40363c93
SHA1 c3cc616d829f4334eeda88a825dae527f97c6acc
SHA256 3ee37bb1b6fc5ac8189b9150fe0b234b748650c15aee10dfd48483182d3efd08
SHA512 41f88c064a8b454828d13431933630d1038f679cfcc43423f8dba29e70a5a6fddf1103750ad7d35a7d2e34e2fd4d23c8a459edad9cc2f7b4ba08e5f021e7a112

/data/data/com.nhn.android.mail/databases/nelologdata-journal

MD5 ca7eb4057bedd28c99bbdf0a5249deb1
SHA1 de438a9290a6a674267284d6f3f77594f5e4f597
SHA256 6b73210f4b805698971de2e0e7b20560c7c44e749d10e15539afc09a7ae99edc
SHA512 5fad9dcedcb415af00276a9bc427a38161454e2437903623af31c9d3d426977ecbe7b4fc5a1ed6f8a6f0658fdf62f409609112fd871399efa930a5b7c768f1a8

/data/data/com.nhn.android.mail/databases/nelologdata

MD5 48395f8729b64ba7d60b576c33dafc05
SHA1 9485bdd3270463e46d75015c7621dd7cd328e7c3
SHA256 7a3ec50c0956e153f9e18e9aa71a2c7baaa5e6fdb893dc21f03993d2f022bd8d
SHA512 29da87a8d92ee41ad4fd96056a30a92ca1cc9001eb3f8cf987c47650d8f27bd85008bc5d732657b31521f9666edc2f280526a6b1a042dbb4e6e4d549960e0efa

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 7ab33f8cb2a4f869f91e72188390e5f7
SHA1 123c0cd69d3fe2716f0e3e506ede6ae3fae7a03f
SHA256 9ccf1ff656a2a37fd9c27aabe5cf8df3c5de6997e205b70379e2f4353a003c07
SHA512 dd2e14a0e6c142236723bd72663aa7ca5135db6cb25448e557fc1fc6502f7afd53c55fe9a60bc7e7d35e39697e39ea13952a02cae92eab843fe7acda5662cc08

/data/data/com.nhn.android.mail/databases/nelologdata-journal

MD5 1d5d77f4f06f2eb845f14c3f1acf8506
SHA1 70f630200ff40b302c44eed1dc5c29dae3f6e120
SHA256 9fc91cb3c140ed41d67a8743336928d60d3a064149d134a813dbb85427e54c18
SHA512 6fde94e730398305c5c096f2ffbdf965e055a60d35c15d91f2eec5a3a1c48bbd0db2d27ce22f2586f73faf3d3047e42ed43e63bdd10d4b9f68b090c51e823a12

/data/data/com.nhn.android.mail/databases/nelologdata-journal

MD5 d9dd0ebe751078b8c59faec36db92af9
SHA1 ae0fd21805a3cc82f24e06beda913a6112acf777
SHA256 35a6a61551a38772c638fbb84181bf974b2ed4ea39b1fcd574bf1158083927af
SHA512 965ce185cca63996046db230022910d005ea57a4feb09f29bf7a38c7e55483848603969eaf6d45f5f4ed42e70b5dd86e3ba82dce48a545c745c29678d98eda31

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 64f3df80365af41c7124f5f7d719bb34
SHA1 ebd320cbd4b36c0a59484f0bd4c9c73cfedbb7ce
SHA256 c12b63f69e75f9092a0bfe8e3fc9b377282f5da8313555d73f94495d8e943638
SHA512 30201105d6568b44743df1d564e76e955566e727e87e341be7b49450f5f4e56b998e109c88b5e54a95bad2391d2ac974fcc6233a881c038982121696498bd209

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 c2005d4445148b531716e7d9bd89b4fa
SHA1 5f4735c4829a364618e7fa60538e80ef4e238bba
SHA256 acd646f3f20e9c720b54b2d69c991a9e0942fdf67dc3ee073b8316e38634ded9
SHA512 bf1156a1af84bb93680bd80f4bc628ebbc0ac76090fba7579ad11c46ad42d3f0e717a9f199b33537066fcc5fcdef503945b806d6fbc73fc813ff36046fc0ac7b

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 94360aa57eea177daa3b455ffbedc054
SHA1 6a0142a7b6e6ec66b65172cacbeed21db6e9f5d1
SHA256 b2b86b8e7bc26132171272619e126d7c98558c8a8a2814afd91c1e3e802f824a
SHA512 5b93220f1aa99398a663a1b405ba8a758c39c53e2fa12818e351f7ed619345c16e7fbedb449893b7fb457d5d215187beb63137b3483f675b250adad46d109b4a

/data/data/com.nhn.android.mail/databases/nelologdata-journal

MD5 6baca33b936f53b79f8e582e8f596289
SHA1 3e63c9828d3c7c47465038130ef11a9505cf5012
SHA256 a21c6e9dcfca0eca14d07223da271f755da50bfbbbf365a816dda8a56c555a32
SHA512 8fe95416c941403c57ee9d90281cb35eb82436edcca544fe30d80c9ee5641a4aff3fda5de8987e1f23363e9dc970d4887d3290d54531026b663f7418f9a496d6

/data/data/com.nhn.android.mail/files/PersistedInstallation7469606412927102769tmp

MD5 9cd64962a7fd036e2de830ff965f4052
SHA1 ff9eee5ce294a79d3ca4b3a1c136aff6367f00d6
SHA256 c1d461e5b13e9bd7c296962d01e78817b932c6312cb56649c1f914b52af2c4a0
SHA512 486a662be8f0d3afe014c737fe56c9bd6b9d5702976914fdb9bdc706fe7f9354412adac616ffa50f2cad91751729b39d9fc2292ab7001a3a15d520cfa264ea6e

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 b108655eba9502c9f4c82ff8847c41a7
SHA1 a55b43458476023736c2fdcb1e52a301cf30ff5a
SHA256 143f938e4471dc1999b0174ef0b8fc5170cc9c4c6a9e1c7a0636b3a13cd7af48
SHA512 5927f0a8b2ecf915bfd52e8c69f8ca68c0f34b5036bee3ddbace1b865320e962ef897c093c68cba00b2c2da012c8b9475c84891eb4c8770462f41643e2973631

/data/data/com.nhn.android.mail/databases/ntracker_log_v1.db-journal

MD5 82a2c35fb78901c14c377e589825571f
SHA1 8ee9accc8faa9a6b3612ddb43aa2b7dff8477539
SHA256 b50859c13b73458d90b2ce02d45ed8ea92e7104f5e86da16adf82e646680282f
SHA512 6a39f6b3c4699fc060655497cc76aa4c036e0afbdcf53d99651d9676f505ba5c9429b86ee5038d6c43f730b7370d0891fa91d2db2ff1c3a159dc0ed00f8ea08f

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 910a9b7de44e17875ca6148652ee9bb7
SHA1 193c6cf6e9c6b5dd8819e566405de903e486aaf6
SHA256 aef0813000b9c304c8e58402ce520501bc85941ec11e6ac4eb2aa62eec63b06d
SHA512 731aa9cf44f9b82e49725c0c809f662d223b0b14a7a420d40e2e529c95dee83ef21739825b46c5202b20ae19da97dcfe0a470700b0d9aa6f0f89905988b54c78

/data/data/com.nhn.android.mail/databases/com.google.android.datatransport.events-journal

MD5 994d3e20a71a64647c4c940478b14b01
SHA1 5ab6062e7067ea800f9c6f51b80e5bc2a30e89fe
SHA256 14de282b46314c9cd3bc4485ca53b67c7394c0b5d066c051a9f49f86ba2a6cf5
SHA512 c06c83ec96df2efbba40ea53c6cae6a6b05ea0fce8f3a6310b82244ef3944d8e6699433f30bbcbcb253ab443ff529d894972f549d94f84d12613a5a7362c666b

/data/data/com.nhn.android.mail/databases/nelologdata-journal

MD5 da732313935c214cd8c9109863ac21c0
SHA1 b5c99a3b439014d54b607e3a95fcdcf95b459be2
SHA256 4b7ae3fa6effa8121b0f097a29f8582add7f547c8e654e4d36daae13235320c9
SHA512 9d114f5550a5b266ec66ce7120dd90d33474455ee252d0d391f4f0440bc096153b98511363f13587887800dae3a91ed87eca06c66827d7bc2cbf5f19e30303ff

/data/data/com.nhn.android.mail/files/KeyLog.txt

MD5 b9ec014c758c241edf2fb20dcd28a3ed
SHA1 de30d3b44099d340c40ab248232136a7bdd11104
SHA256 538300293db854fc0d2acd1882792221ace6ae27310bdbd914206be2505eb18c
SHA512 e183c6ebad7e54cddc7ac4eca1d916171969a4930ae6bf26d5dfcf98af9e686de63ab599eff1c8ddd9a87fba91ad5872eed8706e29df5b35d56b7a73dd153235

/data/data/com.nhn.android.mail/files/KeyLog.txt

MD5 7dab95aaf76a3cbc87bb88226511907b
SHA1 0b02a9441480e5154a44251962cc22b4876b13d4
SHA256 de077bc8f3101975ac4fb70265f7b583f1047595e4db9d14debfdf0b8445be57
SHA512 b19f597ec81a98a24983fae9472abef916326765b6738b928b85e396e7816c29e1e98410b37cca63b7540aa63751275d37b269f1e2d914eb1269b4c02c6f9e03

/data/data/com.nhn.android.mail/files/KeyLog.txt

MD5 7fa247021e7274da15b29ab9052d88d3
SHA1 1f52c3e1966e1cf906c601d1d46884a9a6d1f4b2
SHA256 3f81a454b39ab5d6105c911f4d3ae91342076fc742993d1d7a89c02e7cc8fd3d
SHA512 da30a49c61acaba0e76420eac00c9fa9af268893be7964f4db7f7d8e577b8f1a93d99374016862ee1398fb1a396cc870d877a8966e67450e81378765865b5b59

/data/data/com.nhn.android.mail/files/frc_1:129436326568:android:3fb259f21ca1e06e_fireperf_fetch.json

MD5 53a7156c9bdfaee61d86d3807399aa16
SHA1 c3bd615463298952e67e8d92531d8074a109c0a0
SHA256 25d7802ba710406397bbe0edc0b930169fea61d95780a4f9a6760e6997f363ae
SHA512 25f283b9c519cfa920098a1b22febf9a22658dff377053cd98d41f91ea3c5f8e58df808a04daa39cd5523881d23d7cb06d1cb2afd605d888fd9b9bcbb77f3a46