Malware Analysis Report

2025-01-19 05:21

Sample ID 241217-rmse3asmbp
Target 591dbaf5a32736acb502fe6a554ac6d1.apk
SHA256 9e959b268a3b527a0b6b7ea7fc2009d0f025b40365d297d3128bff0c2034e61a
Tags
anubis banker collection credential_access discovery evasion execution infostealer persistence stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9e959b268a3b527a0b6b7ea7fc2009d0f025b40365d297d3128bff0c2034e61a

Threat Level: Known bad

The file 591dbaf5a32736acb502fe6a554ac6d1.apk was found to be: Known bad.

Malicious Activity Summary

anubis banker collection credential_access discovery evasion execution infostealer persistence stealth trojan

Anubis banker

Anubis family

Removes its main activity from the application launcher

Reads the contacts stored on the device.

Reads the content of the calendar entry data.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Loads dropped Dex/Jar

Makes use of the framework's Accessibility service

Queries account information for other applications stored on the device

Requests cell location

Reads the content of the call log.

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Attempts to obfuscate APK file format

Acquires the wake lock

Declares services with permission to bind to the system

Queries information about active data network

Queries information about the current Wi-Fi connection

Makes use of the framework's foreground persistence service

Listens for changes in the sensor environment (might be used to detect emulation)

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-17 14:18

Signatures

Attempts to obfuscate APK file format

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read the user's calendar data. android.permission.READ_CALENDAR N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-17 14:18

Reported

2024-12-17 14:21

Platform

android-x86-arm-20240624-en

Max time kernel

146s

Max time network

154s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.mm/files/arm/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes2.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes2.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes2.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/files/arm/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/files/arm/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tencent.mm/files/arm/classes2.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tencent.mm/files/arm/oat/x86/classes2.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.34:443 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp

Files

/data/data/com.tencent.mm/files/arm/classes.dex

MD5 f549ee64871697a369a473ef5673d3de
SHA1 ff3b52841b34b603943f03282011901145aa7610
SHA256 d1afc8c2f139a22d735ecea2ca1f4838bfe8fb291df7c9fc02d656c6594b0de7
SHA512 3525841d8ed56170c3b983492569795ba0863a09d09947d28b2fde4b3e011c7c52a3a6f7cf3c3fc7f61b9cf1638dfbaa2cd9d6244503d55498dbe23e1698993d

/data/data/com.tencent.mm/files/arm/classes2.dex

MD5 dcb839b260728ede93282e30af0d4bb1
SHA1 bd43c36a8f428834ba015b9ecd196c57a5392c2e
SHA256 d3a7a28c6fd1e21dcf0b77e851a0e5ba55ab50231907e914f2c9ba081a5f49f8
SHA512 aa13b235f1c989db2821fab9d8821213840592dea86bb30e7ab6f534353fb6e4934fa44ee82938a5ed1a143ee0a1fec57dffc0cff53f00e37831bb225981b813

/data/user/0/com.tencent.mm/files/arm/classes.dex

MD5 a076aef5861c5c544cee4f8c76e8bca4
SHA1 5894c1bb59da0dc71f425417b71382172647c61f
SHA256 8105dc3ecfd3b7955de75dd1644680b2277836a3abed394d457882bb812db4fe
SHA512 d9f70da27489df94d8f93e3714f95eea860d43e1a2e9d4e3d34c3469271140cdc08b7879e654f316c9e108d6853243922bce3abbafd926b3680dd02c75027c83

/data/user/0/com.tencent.mm/files/arm/classes2.dex

MD5 7b6a3bdfd23ee19e530936c49cb6dd93
SHA1 5514ab431898f776fc495f320d146c9e39b6abf4
SHA256 21e644bc9ea81192d0a8b51ce9c0837c0996876abda3a7d482cfe03b9a3f7f7a
SHA512 1184290e18772bfcafef7968f1a047285cd92ba97b4e67cb0491dadca1757d27185db270962cb9318c1f868351d8fee7e65534575a2369c6e3b21abcdad3dd23

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 229fa31ff2f14f9004248200902596a7
SHA1 fa0f534c2990610f48f51782642d27649e0bd1c5
SHA256 ac7036a6fcc7ab41b869073fc0306a56c4302ecb641fd492eec475749a2d04a3
SHA512 3cd38d37f9d561c584f1ab3e0025eb3a1e4d41cd03f7cc93c50d8c8541006c568f2dcd0c1cf8415760c5cc17d28f7f25730a5aefea2168577125dbb7e3ae9cdb

/data/data/com.tencent.mm/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.tencent.mm/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.tencent.mm/databases/evernote_jobs.db-wal

MD5 aa035a110396012898c7fdbe6804c03b
SHA1 fccab152fb01156558b1061b2fd819eb541e3eee
SHA256 5bd3303e4903e1e5b4af66af976b39c60374de849c89de196105fd53d9ab4551
SHA512 0250fd3f5a6f3085b7ff3e2b5414d084df306fc99c402f00c286817c73312579d224ef5b8013dd4e0031a74d21c4a7889949a38872b2714b41ebf6e1381e7ea7

/data/data/com.tencent.mm/databases/Dname-journal

MD5 1f6cbe64833d376c959c502a2dff5605
SHA1 da7badae9c99270ff2ef2a94739e2f11f7fa0823
SHA256 28a2f643985c8bc9c13daffd7f086cd73061e75105c82dd99e65845b31d9183c
SHA512 619211c2ebf6e0287584c02e78b70f1d77b2b0d661be48888143e7b6a867b178615fe44edb6b518854ec5f6bbe816b4e3bfdb52193846a50c69f3d54df1e1a3a

/data/data/com.tencent.mm/databases/Dname-wal

MD5 1f5e3403ae7c2ef1be9bf0ad4972deb2
SHA1 26a766cde2af220607c7945524c2f24472d4ee2d
SHA256 eef5bd9bd4b1a8cf111a79380e3c9b80215b0c2c51242dffffac2543b1aa28d1
SHA512 9aefb98103e4e7285656b9ead51c87cfdcff3d269ec685013666058a70f074db847edf03e528ec7edc9b9e3d990a46958da52dcc678aaa84e1fc83b2947e97b8

/data/data/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 9579baf2053f3a6bf8549d7186a71504
SHA1 67750cce67fe4e9159ba6c6620927434fc40046e
SHA256 dd11576e9ea4873725e4a69e52390f2d1e591e5642925572adbe74e6e69bb4de
SHA512 17119932624beeff8a24d99b5d0f12301074b5a55c8672918eeac82e2b81eaad80d6986c739ba49122f07187394e0cba776cb61d47965cd164b30fe72956f6cf

/data/data/com.tencent.mm/files/Tree.txt

MD5 91bd52f4107d5d9b8e6d7f0a588f3fe3
SHA1 684b3d3baaff81b943f13e88f34d617dc68a115a
SHA256 cbe172d250080ac727c64125e09e7f18f6325a84eac24803d008d86d76b84781
SHA512 26af7c7a7565a7220ec8fa21961ca6926df83540c9adef710c3dafbe85b2cc4aea8842cb613b7947aecfa696e102cfc7a235b5b50cb4e440eafd15464808e3c9

/data/data/com.tencent.mm/files/GP.txt

MD5 2b3fb7df132c8f96d975bcaca3720532
SHA1 244267cf5feff41032765b8cc3ed9c7acb1231c8
SHA256 c265df727afd84db83e9806d393193cf00e4c0f2041264764493979f669d0716
SHA512 fe24d57d95877b9257536bb85bc078325c340165c177e992aa9ab0cec59d8e1293e662576cd5bc9f4f4ac3e71a991bd8f6d22aada9a3498817e20462cff39882

/data/data/com.tencent.mm/files/GP.txt

MD5 34fa3254e3763393e488fa00d4b75862
SHA1 2cd306117bc286be8378ce2dce2c505c3364436a
SHA256 7a34f7ec15538e89ab82824ed04293849c9af9ade05c2cadf36322211c6e5501
SHA512 351d0afacb485a48fce149020a9f02253dcf8e1c48536895ea42a0d08482b643744d57748267d133844dd28c2c7cab826855e70af72b3a2273b23654d4fa8274

/data/data/com.tencent.mm/files/pkinfo.txt

MD5 7299f2b0fc6250ee58c1a01da6b44b04
SHA1 63f75823b3e8ea0889953ca7659db34e61b9840f
SHA256 7ae7fa7cad239d55fdc33ad0b42e614e9022d54c836394b72cb486ae8d912c61
SHA512 e8c93c6028e6e57f7186fb9f4dd29f78bb63def1157f415266f12ebd67e474e9b9be7d4e296f7de274155516fc409adb63e9a8ebd97a8f6e27c55740504c8f51

/storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt

MD5 7240822fb8dcd1aa0c3a69137c7dcba2
SHA1 1a74a9309d020ca4433423a5ebb28c7caabf454b
SHA256 920fd239934c08565fde170c81dd16498ec465d1bcb1dfbd58fa52f521725b66
SHA512 3e057f1d894dff682d59f616f2f6d827743932edb603bf30b4d7ef06a35159d0b4b98f5dded28faa374df60ea9aaf6095a03b3a9bfe3e62be867cc4192f833e3

/storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt

MD5 5a1cc8d893eced3bfa1572e380bc93c6
SHA1 3b8afd720811fdbaa169c042352f48b051df7da7
SHA256 c665fc8573713e82c523d1686e5a164806f02c764058b5156d12f2c1c4231066
SHA512 1d3c2e73d93773805b0c0b553280485ab6090650a3044fa313537de368c809e94a5884670527f6259d652ab54b217f6edc25108fe054b8b40a409788bf4dbd69

/data/data/com.tencent.mm/files/Tree.txt

MD5 05e5c1dcba7dbb92f81ec7b3a46b278f
SHA1 be4ff90e7abe7e1d5e0345e5a0e5d27163077a0a
SHA256 7b792de0a77a58c684b220dccd39a098bcf4560ceced8393d50cd1912e5dca76
SHA512 ce8d0ab2c9e5e44fcfc8349439a4718573210166582721f6f9434bc623b0457dfd8bde0496055a495de14f1bc68c3fdb731fbf6147caaa356ee7fb3027789547

/data/data/com.tencent.mm/files/netinfo.txt

MD5 f313e01a347543d5d2eac85f4fb6d1e9
SHA1 d9945e9957f08bc9b123b73ad7ea4c149292eeae
SHA256 caf012d69abfc95f6484659a22c4746f0a09c1cf3c62e50683ab193694b12b2c
SHA512 994475ad6c1ff61392dadf5fece7b6192e79ec13f6ddcf09f6dcc191899ab49d751b16828e860a96b73f5681a0944719dc0bd51d32385b465af13126dcd27390

/data/data/com.tencent.mm/files/GP.txt

MD5 1579b489e83054049fb888dffd932031
SHA1 3d5da9faccf68fc270e62aaf2736bedce3a9d22e
SHA256 49dc602c503c71713ec7b0357aa5f896808c096f92d4b6dcb2656ada9494aee6
SHA512 e48280d9946fbb32cf515776811a5c3ab82a483f36c11702bbde153812c2850f51e6909563dea8db6ea6ff95fc0f2c3c9c842ab3df7de456aa9af9ec171e24f4

/data/data/com.tencent.mm/files/GP.txt

MD5 eb2cb79cb3f9ef52950a82f345c2bdba
SHA1 08328beb3c2ddab8da8c64620606aa81d9ce5ba7
SHA256 06dcf35bc1ca4f1488302226b98504ee8d2b545b80cd71d75bd6c87f1e6f086e
SHA512 61066546a7abba44f7684a6596eb59109338274d9c2fae01e6424ebfe2487903db94164d9920ce6fb879ac424189c2b1822db9bbe6dda4810118b2e5f18e921c

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-17 14:18

Reported

2024-12-17 14:21

Platform

android-x64-20240624-en

Max time kernel

36s

Max time network

155s

Command Line

com.tencent.mm

Signatures

Anubis banker

banker trojan infostealer anubis

Anubis family

anubis

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.tencent.mm/files/arm/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes2.dex N/A N/A
N/A /data/user/0/com.tencent.mm/files/arm/classes2.dex N/A N/A

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A

Reads the contacts stored on the device.

collection
Description Indicator Process Target
URI accessed for read content://com.android.contacts/data/phones N/A N/A

Reads the content of the calendar entry data.

collection
Description Indicator Process Target
URI accessed for read content://com.android.calendar/events N/A N/A

Reads the content of the call log.

collection
Description Indicator Process Target
URI accessed for read content://call_log/calls N/A N/A

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.tencent.mm

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
IN 154.61.80.142:1212 tcp
US 1.1.1.1:53 mangasiso.top udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
IN 154.61.80.142:1212 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 www.geoip-db.com udp
IN 154.61.80.142:1212 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp
IN 154.61.80.142:1212 tcp

Files

/data/data/com.tencent.mm/files/arm/classes.dex

MD5 f549ee64871697a369a473ef5673d3de
SHA1 ff3b52841b34b603943f03282011901145aa7610
SHA256 d1afc8c2f139a22d735ecea2ca1f4838bfe8fb291df7c9fc02d656c6594b0de7
SHA512 3525841d8ed56170c3b983492569795ba0863a09d09947d28b2fde4b3e011c7c52a3a6f7cf3c3fc7f61b9cf1638dfbaa2cd9d6244503d55498dbe23e1698993d

/data/data/com.tencent.mm/files/arm/classes2.dex

MD5 dcb839b260728ede93282e30af0d4bb1
SHA1 bd43c36a8f428834ba015b9ecd196c57a5392c2e
SHA256 d3a7a28c6fd1e21dcf0b77e851a0e5ba55ab50231907e914f2c9ba081a5f49f8
SHA512 aa13b235f1c989db2821fab9d8821213840592dea86bb30e7ab6f534353fb6e4934fa44ee82938a5ed1a143ee0a1fec57dffc0cff53f00e37831bb225981b813

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 62752e0f5383af14663ac0f1611cf1e1
SHA1 ce9a7ac23e2e819a05f02845d71f3804da05bb05
SHA256 1393e924f0fa57e77851e243e6fb4d9b897310b626230a3751ca0391bf1785e7
SHA512 7238daa0aeff6483d9ad298d85d34f66bd6c81588c38c52c6c4277177f420e347d1e96a90912170ba58ae76a5f933fd60194b03f4c1d6084a218a8db893bba0c

/data/data/com.tencent.mm/databases/evernote_jobs.db

MD5 0585f6373ef5285c70d5971fd64554f0
SHA1 96815b45be9b2d099f7affd9be93567b8c653cc5
SHA256 0f54c6bad1b866605da6367857272fc2a569a8c0069700c912543f2cb09156e0
SHA512 2b5d9a8bf1afc7578bce5a3960615b3f9930721b6a00920221c257d21826a0439afe6a45190e64ed83479716aa324b0acbb4951cc494cea9b2bb82a8d1b532f1

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 ccd99d3401555e83cdb9937559d48a99
SHA1 d0b0bc5a1a4af337dbd5a2f8128d69e7e81e70b3
SHA256 2e3949ff93d52bc97e6d5d37da88beb180a94c3b48ccf1416b9eeabcc2ca3910
SHA512 0245fb9f4bfa81845e3d25cf4b3e84798025b917451102bd52b78727f1ffe7851c7099134f1edec1a747a6b0bbf838a5c529c18243b106f9061db74b85ecd789

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 0a1dee6797f2af85213290660c514f64
SHA1 fb2a5c4d26f6a81e497e1fc37ba647b4840fd115
SHA256 343ab12955fe2ca92ed72cfd4b7120a626b7995cf5f5c087a76397ffa53c9096
SHA512 c2705a93a60e290042de5667b6483b0d884d56f6cd19e9ff93eb2a0af58b90dafb029c8dadbabf07ac013a85179a028f35ce912af2b687015e3cd6d9e2c2b067

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 069f2619a0b119fa9df7858d29e5b8a2
SHA1 751742d406fd9196788c707773ec9475d4433271
SHA256 58b85a880dc0c9bcd3de1264f664eb2f27bc013dfc3fc3a2a7e91c3219d8b6b3
SHA512 1a087395917df4bad9598210c6af6a0d00c34be50fdee67bfd1e4a1f1b3b34aa67bf5f7fb92ee1aa85fde86e6bd8c6e75d3ea224ab20e18535a0e25d9f728c1c

/storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt

MD5 a9256f55737b655c8cff95418411997c
SHA1 d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24
SHA256 bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412
SHA512 10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

/storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt

MD5 e48057c3603c907cacbe1568a7dbfc41
SHA1 6e100086b53e20e499a9be069aa1b452faf82ba3
SHA256 4b36685dbf772b2de007f4c98f824966f4f3a132075692d3d3d8f11e84e5468e
SHA512 787e1140832e8c308039f0287ee801c00040544d5241425b0c0c8e8dc19ecf3feefa50706723f7a21be209c13b24ab3dbe0691ec42118fdfe18611b13155fb9a

/data/data/com.tencent.mm/databases/Dname-journal

MD5 bf024eede41d9f14dd47d992dc4e6fe7
SHA1 965627252b8077bec9ea4380930f3b06d2e7dc35
SHA256 ac58928199417e1c01dec69c9fdb54888e9822cf99e7e7e2792be77fe6a8bcc8
SHA512 924d95ea9d1ce4b5d90998d45fc94e3c30b6792abbaef7e8fa74504676319c13b5dbb7d84904add9f070ff3d25ba7c40674ddb31b3146623662ceef8fcc2facd

/data/data/com.tencent.mm/databases/Dname

MD5 0ec8d5e24581e56eb01c45155efe2049
SHA1 4de2aebc5e22d0420e54cb553c2739e50481e50a
SHA256 5bb1fd7e82a28019975971aae5f49b0eb2ddef4a943663b654ede402d2f7f616
SHA512 23f87b81f1b49b80a88b1eab7d5e08e7001486b135bedc434601eed4ab74b72804ae4f907ede18213454dfa9da7058692b012861170306adbe6b12650dd51fd4

/data/data/com.tencent.mm/databases/Dname-journal

MD5 04b3b4badf0f82fda2d614e121cac12e
SHA1 eb798442906daac6b1ff6078ed2066774164b069
SHA256 e786460b3534d711b8e93b01f22917cc3168d9a5b3b20ec5b8e37f8cfc1eff9a
SHA512 e52f4357a820a3165237cc1869a3a201201e9b67f3bea21b7b8fadf14901932c0c5e7f4bc64f0105f33d31282a8137062f2c2dd50ab7b9b6f593f4a7c6865e05

/data/data/com.tencent.mm/databases/Dname-journal

MD5 062fa2e081bc3e68230023988582e982
SHA1 66b525703e060da3770dac3725bc28d5d265c4b6
SHA256 f3b7d42433c9d7f6330e9115dbf26ff8806c9f227712cccc428591a5357f5d55
SHA512 3ecde18f82d2daab6a526e16bd6a1b159fb35bc591a2f5795197f282480e6c68ff035a2f943c3409bc3b4c7a9bd861cf2cb8e381818b8773c996a19d76c9de6d

/data/data/com.tencent.mm/databases/Dname-journal

MD5 2cba51cf9909138bda7c477adc8e2a50
SHA1 7d8fb9ed373638f76b63ef2ecb2a5583f05203e0
SHA256 20ad4a0975d73b339eaaae8e33fc53b37fee7dd4b3f2df2c753362ac6fefba27
SHA512 b271611b87cea6c05f6b0581d30ce3c48b744f523510b32d600a8e521360912826230e4254e01def6c81546c8662354e110a31b00ae764956b0dde1f9919af3f

/data/data/com.tencent.mm/files/accounts.txt

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

/data/data/com.tencent.mm/files/CallLogs.txt

MD5 58e0494c51d30eb3494f7c9198986bb9
SHA1 cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d
SHA256 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570
SHA512 b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 7c7e619d6fb16d9bcd8b2f44acd300a7
SHA1 81c645feb54a88d05001ecce5487792917fc7b98
SHA256 6eb5630a1cd70dc7efe000d41a27db41d2541b30674f701c290639ab19e34f0b
SHA512 139a48e169ce6afa52ea29efbd1571a2c34a41331a0fb898aadd7d94eeb9f08a504d2cb04ce421848668d03e66d31939316cc9674836cba8b0d6e53171d24f81

/data/data/com.tencent.mm/files/Tree.txt

MD5 50e66a5b2212448f10cb9b20d7f3013a
SHA1 83f8e0adb8fb01888bca44a0ea7f0737fe8450a8
SHA256 2cd863398beb3f5aef378053bb3ded376ec4c584a4b54fc5266b03ceeddb5e0c
SHA512 a02dfc5f9308f112b21ea10b16bda50e52d9a9bbc21feba6ab90003dc2211a4d19f80b3ccfbf4a2d3cd41c896969297fb304631d0a1088819a40333eca2dcf6b

/data/data/com.tencent.mm/databases/Dname-journal

MD5 5f068e41c9201374ae2c59f3b5706798
SHA1 938b2bd13113ee99be85de43105ad008e4fff968
SHA256 4e9b1ac7e28078869b46b85740026ffc6101838ba2cc155bd27c87a1fe6f5a3a
SHA512 9fbf62bcede7fa1b494e3cf7699a7f925f92dbf3c708f10df8673e2d170195d23505d101c9d4ed6bde5243b27475c4f7b967efd74662f4a80b5c490cc94c877c

/data/data/com.tencent.mm/files/pkinfo.txt

MD5 23ff08fc46b9bff7eccc11320444b9ce
SHA1 fadd8afca8a72f47eb62e6e880ceef843c43373f
SHA256 7e1456c24bdc778a2638c57e962dfc41c864e7778cf52a0df92118911928f757
SHA512 6f3b0ed0c5e28df4cb68e5d2d41f747d7e6bff7c9184a8f0feafb169a31c1e862e9c26893c34f136a1f8678d67687a5aff4487cc54a38924ce90194ef41de604

/data/data/com.tencent.mm/files/GP.txt

MD5 ed26d14affc3dac86955a996abe0dbd0
SHA1 0c1864730e9cecc3f9730d3f07e695c93fe70a5c
SHA256 fbbef8b5b0e76a2050af638b9ad840a5cf4f388704048927dd240e9c0b1b0bf6
SHA512 502a6195865df9a33e0be05beaf204951529eaa1fa951476c7f5e7438bac0be5273761b061a61fb79eeb947991de95a10e809314a7d15219c63da28c221301df

/data/data/com.tencent.mm/files/GP.txt

MD5 036b1277e131730fadb8fcca4d45147a
SHA1 04dd82970f50fe5997b6efa8d25f2fc43b3b50d5
SHA256 4bae5e03489112af76ea8cf31d08e913f67e5687aad0d1cda5caed8530916671
SHA512 1e4585a87a4aa9ea15003a77ebcd8a24eecaa3ac86e0327f9221f1b3b151a6500a58fb5741e0803c46fc0aa8bd69b570d367c2e97794a9f6646c74f3b92c6860

/storage/emulated/0/Config/sys/apps/log/log-2024-12-17.txt

MD5 ca83936d0c0ffdb4a991046e32ccc956
SHA1 6d34827e6fd5b8f716cc5f7d7843b581713aeab3
SHA256 b50da55ec1fcb8d0589b49d5b3dfef915d77f3dbb24416bb1305441f81c507d2
SHA512 61bb1d4d033b0ddfa7ae802d5732c00af6db3aa5bcfbda0c60a0f12bd9fbbbd03123990c55d5abbd3d6e967471101b82e409f1620a73a3cf8c627452f61440d4

/data/data/com.tencent.mm/files/netinfo.txt

MD5 8c888fd28233d6c3b09546a4275ede63
SHA1 7dbc6f7b2af7da6d1543fd229d380450a6a7f954
SHA256 f02184bfcf1e0cf1c2310a51a26e1224a99adfee089759602799ca63bbc9a110
SHA512 4efd07fcab5e9d1b7e3534cb44e66862dd33beb8f9789aaf1de938bdf20d30795bd16ba8002c3760e84f97be7a66f971d4709a1f5c9d9dc44dfe6a2b8300ead4

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 76c52db17faf7c0d869b14b3fd08fa39
SHA1 a9c064052c5221cb662ab879b10fc010b667497c
SHA256 a706fdc67f9d1adef6e66d40b9b54a1e12d9dc214e5ddd64748606afdd856b0d
SHA512 afe4cdafdb9c2e39d6edac9a8612e60451780695b871bd5650eb771a6d6d605112ea2ab5a12b24b7736c75eed442684afeecd7b36ada98fd48bc9a0ca57172e5

/data/data/com.tencent.mm/databases/evernote_jobs.db-journal

MD5 36f1ff9ac9062565c4292916ba38223e
SHA1 220717834c2b551cf168a9c8405a4c46b6c51c4e
SHA256 22121f43f7980454e78de40cf62aac2057fa2017e06e01d163989e46cc4b31d4
SHA512 3e85da63113f68357a71ecac4d35e57eb881b50f864f3ef1e7e7138d16b852b4e46e9d12037f7e879a6de77050a092ca98d2adec468173225359b2bbbdce5cee

/data/data/com.tencent.mm/files/GP.txt

MD5 9337c842e7a1d7c734c0af48cefc05aa
SHA1 e6d52a6a5fb9fbb871c9a25bf27ce5ff49bb3c89
SHA256 29928560996bf53c8f7f2b14c34095f264758431b05e253931e2befedda168b4
SHA512 36f08d11549e6aea7f6a57db1fe9fddd0e6710907c8b5a20f78f96ff351fc67e8f72ad7a37648b23ecd041d4e68ca388c35b105af0f6defa954ba0db77d7f58a

/data/data/com.tencent.mm/files/GP.txt

MD5 eb2bc5bbfd9fbd6f3363013d58f1cc49
SHA1 0cdfa2311c7d66de9dc5a2b613f349ec5aa0a884
SHA256 2776879affe7ac64f1c5cc492a8951fac5af1f4f8b2d2316f90e5c8e87da85dc
SHA512 fc86be9e68e149765926e0d97e2b245264a4a22a3146fbbd6df64b6f186408c2ad13218ae1fae14f2d5274b7299add355339699d9c6627b488670eff3660b656

/data/data/com.tencent.mm/files/GP.txt

MD5 4bd29e7cf29cb214992fc3f828933f20
SHA1 b738f87df7c5f8be841eef9ce81b426d134497f8
SHA256 f2891b41c4c619803854322e6493b0fef89c355efacf69dec94205e3da0b1e15
SHA512 72e0b079337006a5f37916f74540b5ccb46f2cc952efe45f540996e0298e5d16d85a5851850c70ac77884c914a2de1c74c06f6c6ae5ed8d4b3b89ab91863fcb9