Analysis Overview
score
6/10
SHA256
0eae4b44329512e61e44a39f4ed539a5eedca4b59b435e4f3282c006cf590691
Threat Level: Shows suspicious behavior
The file a5368c25e45fc3925eb655d77b6924ed_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about active data network
Reads information about phone network operator.
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Schedules tasks to execute at a specified time
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:06
Reported
2024-06-13 11:09
Platform
android-x86-arm-20240611.1-en
Max time kernel
178s
Max time network
138s
Command Line
com.betsite.conrader
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.betsite.conrader
com.betsite.conrader:watch
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | shop.hotluska.com | udp |
| US | 44.213.104.86:80 | shop.hotluska.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
Files
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 30e0ceba940733da86dda4149dae5743 |
| SHA1 | 7c1b9d3cafde8a2dedb3e5dfaed0552a13161fc2 |
| SHA256 | e6c30d24aa9d59caafbc191088e46fa1a00559e8f685f0204cc3e64d1f52d128 |
| SHA512 | e8820f8c6ef9feb831ca506753249078b40d8d4fbcf9144ddf746853b9cb539896892b3c2d98a44fd273c14994014840ae17879beb9bb4ebe6556706ca9a5952 |
/data/data/com.betsite.conrader/databases/ua.db
| MD5 | 76852a41bfcacb063507fcde720a1f88 |
| SHA1 | 3e2adadeb877ed2e4cf22b29c9d3a8684f7e20aa |
| SHA256 | 939963acea0f91e5b0ac9a78cb21974ce4f3e9abdd98dd5eada468d0301f25fc |
| SHA512 | cca32821ec1cf905a44e043f752f53637229a2a24646cd7da1b30243e3d3ad96e9a3946a2fe60066baafb351c06b355c0e7eafb04ce26d257c8d64a34667cebc |
/data/data/com.betsite.conrader/databases/ua.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.betsite.conrader/databases/ua.db-wal
| MD5 | 20d24fc74b816207bb0ead25619c6448 |
| SHA1 | c96686ad5c8dc907b11e18324fe8af11a1d2f7fb |
| SHA256 | c85c6237f655d4527feb31c067ec46a63f0ea04a450525c140b3291e063c8ca3 |
| SHA512 | adeb1dfbf3b5a6840eaf4cf77b68d9db349ae27182ce1906350b9c87810a7a856bd33464c51a18b4e98121bb4f0ec12a312ad2b01224d2782e8c21f1bb7407e6 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | a8bedc23295585a238b010860363ef80 |
| SHA1 | 6f87eb2fad902bf775fe579989fa747c568b5fa8 |
| SHA256 | c190921b772674af83d32656247a7e51df37e1f05a4a8624bf4c927ba46457de |
| SHA512 | b85785ebec4a2c754741dd8451c912c85b1d114e57a93af0785ae68b5df12b331c507ab7d64ffa912dfcf5df3615bac47bb3fce961437779c3c0dacce2b2b971 |
/data/data/com.betsite.conrader/databases/cc/cc.db
| MD5 | 5d7ea1a23af19b4340cc8d90f28297d5 |
| SHA1 | 4cfe95b23a9e98378d69c4290af81b51fbe76aea |
| SHA256 | 474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da |
| SHA512 | 33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b |
/data/data/com.betsite.conrader/databases/cc/cc.db-wal
| MD5 | f1f7c4d324336f50ebc380ce9df8106e |
| SHA1 | 1a002e121cc061ff35d47a6a342d04787fa37f61 |
| SHA256 | b55fd215e365ca0c40ded035af6c6b85157a36d0ee1188711afbd99799570611 |
| SHA512 | 9456b06047484aad7655b34a29a8818199435f41a101fcb663eef434e637c7190313fea93a12c9fc7c3d2f43a73331b08622bf99d87f29c25d0450e15499c8ca |
/data/data/com.betsite.conrader/files/umeng_it.cache
| MD5 | a91d898d6bfed1066afed849b771abcb |
| SHA1 | 39ab3536f8e3e004427404fa1e0b642b11729e86 |
| SHA256 | 849e2f74cf12c2fb99b00a68e27bbfb8ee43748a9de58b728975f087550a870f |
| SHA512 | 8912fc4f433d651884d67f93fc6e327f8b17ea304d7fcc2dd1cbc591b31ea0d64ddcb30495d7c2b48092c381ba71d2dc45d65f3d66e0afd055848d3201ed6a82 |
/data/data/com.betsite.conrader/files/.umeng/exchangeIdentity.json
| MD5 | 81a16e9f6b5860aef81b050a6c9302ef |
| SHA1 | 018b34a4b08325585c51258a6d621caa8fe30cae |
| SHA256 | 3a849c56878d9d90b9f46a5f972ea58f32dbdd64561fd24afa9e0ba1924f8631 |
| SHA512 | e7557932a25beb77026771d483369da3b14c0e36d88f90ded23ef843869de987f792ad1e17d787f9892c4118516003eccc449c3b75c5b95ef7228cf2b788c271 |
/data/data/com.betsite.conrader/files/exid.dat
| MD5 | c0561c08cebcb3c1ce65f385f36dd71f |
| SHA1 | b5973e38eec22abc51d1a943d13e54d0ca80dee9 |
| SHA256 | 5507fcfbd99acbfc044052e4fd0453e07b52a5859599aece4ce8f552793fd89d |
| SHA512 | 8f440a6530961fcd5d48be627b6ed17cee065216327207758fd2131317a86b62c1149a251d6d0967a53120f8661456ee1dc247993c633310413c8bd592c55bbc |
/data/data/com.betsite.conrader/databases/ua.db-wal
| MD5 | 1b04fcd9a505c59b6b947351ccec29c4 |
| SHA1 | a0851f0d107c5a99c7194610d95b73ccfa1f6686 |
| SHA256 | 840b9f889328364d0a91f800242199ce08ebea6b59f29943f0f85de238a34007 |
| SHA512 | 97f8fad2c9d3fd7d9698db3ed3165513bd86ae98e56cc275dac0b423177f72f8312041c09a28ed0080d25866322a224fc400621ee703f95ac2ed60ccf2b51deb |
/data/data/com.betsite.conrader/databases/ua.db
| MD5 | d604a3bf1f8d992cc320ea5b1f7609bd |
| SHA1 | 247f88df0b55c7d523ea5398637711a0e4a483a4 |
| SHA256 | 329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17 |
| SHA512 | 67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab |
/data/data/com.betsite.conrader/databases/cc/cc.db-wal
| MD5 | 2217ce69f89a962bb89b8c539ec2d145 |
| SHA1 | 5e5f55aec2b7d3ce68495ddecc77f87fa56354d3 |
| SHA256 | 9933eafcefc4930bba2310decfda74dbf0bf770835705b44906564e7808effb8 |
| SHA512 | 06cfd5c0396fb4c6f9926217aa033634f936c1c78e89d5494ef9270e7febd51b403582a31482ca3cde375de88aa8cbdd6a4f08da4ab32f407772984ec1464db7 |
/data/data/com.betsite.conrader/databases/cc/cc.db
| MD5 | ce6135aa1b1fe4f2c2db2a546d2a5558 |
| SHA1 | 79b59582154017aadab783dc266fcb158c252940 |
| SHA256 | 7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c |
| SHA512 | 2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4 |
/storage/emulated/0/com.betsite.conrader.dev_id.txt
| MD5 | fd3142cfbc3bddd4483f9b66b2c7b45b |
| SHA1 | 435edd67072b6360cb2bb7a78b17d117eb49803b |
| SHA256 | 13c265b94d8286642bd204ad669039b342860bffe05018a5148e6af667aa8416 |
| SHA512 | 0ba2a58306f92d72368698cec281fbfc552218602493bad36df6c578675a50fa07516529a36617ed67adf426cf0af418a4ac8c2840dd9b134bc650b47e7a5bba |
/data/data/com.betsite.conrader/files/.imprint
| MD5 | fc2ed0b169b3d7155bb93d0310eabd9d |
| SHA1 | aa40afbecf99d27ae0077d4e09a354d7a13f2fd9 |
| SHA256 | 6c0ebc20ccce655b4123bf885162148037ab21d56910a64327f633622f955fd7 |
| SHA512 | 06f9a862b2d61cc46a0bc9ec103c8da1103cac5b9cd14591afce3e6106a6f01916f43ccb849eb7df0c566cd27c664a40ffba2b90b465c9237b68045cb7f9d976 |
/data/data/com.betsite.conrader/files/umeng_it.cache
| MD5 | 898b65cf2b5d2318804748c7eaccd6f5 |
| SHA1 | b5868b87b874b6be84341e4e1c8ecb770c7e68a4 |
| SHA256 | b3cac64b375dd0d25e0399e239e7a1f32372486bc70e6c982866c091fd36bd23 |
| SHA512 | d8252f950cb4d8f5d87dfc382d3a6972b64b34c59cd98fb025f7b7f5244541e1f4c7665304811e253db3e597ef6ec282d0d643aeb8fab681218a48e55f6fd19e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:06
Reported
2024-06-13 11:09
Platform
android-x64-20240611.1-en
Max time kernel
178s
Max time network
150s
Command Line
com.betsite.conrader
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.betsite.conrader
com.betsite.conrader:watch
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | shop.hotluska.com | udp |
| US | 44.213.104.86:80 | shop.hotluska.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
Files
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 4329d227cdbdbea54810948332787101 |
| SHA1 | f21cf421baa4780fbdeae8d0e4e91b4d004d6dc9 |
| SHA256 | 263b0a4c2d3704a68f4a95aa9f4fa5d74d93910860ea0c91886465464fdb886f |
| SHA512 | 59793cb795a9b001eb4f10e2849d7812849facf148e1cfd1c59f761b5076fea1b8e693a1410fe17cae6d4d582058384ae5bee3096dd9ddf088a90aa901a046d5 |
/data/data/com.betsite.conrader/databases/ua.db
| MD5 | 42187c4abd339f980d0c0268ff3366c5 |
| SHA1 | ca4fb426c2556b9ab7af91cc3fd27ce222f29254 |
| SHA256 | f7b5e3f6c73bb46f04d074ad539c9c656c7733a65a38c037c26649eac9ef8de1 |
| SHA512 | 89c8dda31e646a14546452e7026ac22f5634f6f2575f7c3b30c7baa71d46d24f39fe7be76f766cc851fd37c80694927350689adcbac4085c017d947038757a32 |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 43c8cfcc396d9b98bc12af0b1fb1ab67 |
| SHA1 | 4fb3d732a34772f3d8dac3b633d287c802094f25 |
| SHA256 | 300964845f743e604acc8c52138de0cacc18320b5c206697607e2ef44e503822 |
| SHA512 | 919239a2f59f45dea89f1ede271af18bace23400b9cae2a8454292e04f3841434fa18c6a35327d62922efd99a62892ba7c431c68452f2e5980b9a7cc281afad6 |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | b198f71dffddaa11de15ac5d7a1459d0 |
| SHA1 | 89855e7e2cc2c3ae8414404b1bfaf4e3c85e993d |
| SHA256 | 1aed55d4ed1647d18c08b704295891653a3a8d9b3d93aea6b5b09af93e5e1b45 |
| SHA512 | afe67b6a626b83c126eda5079d44c800f18da45f41f573dd669e094a90a99207e14faaf0a30721f7ce14e1ad8c8a5db246d3e03caa5f3a0a5a35fd827ea33290 |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | b808ed147c074e61729e72f4646a227a |
| SHA1 | 12883958afff9c1be0d11203f4f2eea2f594c950 |
| SHA256 | 044cd785bc7415176c74cb15b7bffefc42bd38fa98f3f7129a99c1101007bac8 |
| SHA512 | a3a11c04e3a39a36386a354a54162f8edfc03d5c885171c770092dd133a958c1d4c32c7f114d5e5a664eeb090eec4f12ec03afbc40ed1e2db114753888896ea3 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 1c753b6d75a97c9b0664817cc9dc99ab |
| SHA1 | cf2f24f4bfb826a1e18ec5a463b9483ab307af9c |
| SHA256 | 07a01d151c0e4eb0e6ea7ce13d4a287e959ca6b20238d67978ee50e6971730c2 |
| SHA512 | 9583c9954723897e5236e722bb5088b9e455434adaa065b24ba2839bde4e4f9e33c4a0675a01d8698332e2e69a4cd81e983f2ac977bbc8233c759f0e00a2ac12 |
/data/data/com.betsite.conrader/databases/cc/cc.db
| MD5 | 0908e924aa236931dc7166fef6e00862 |
| SHA1 | 7782648d6d8f6e835bd47058d4852932c096a467 |
| SHA256 | 38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f |
| SHA512 | 3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | c14941f8d77df1017dd5466c8c116ec2 |
| SHA1 | 1b238444c6bb2780e460050ff8e2efa8b97deda7 |
| SHA256 | 0ea890a60c6c71ae7439c6c5b0b9dd421e02e3cdfba78d75c22ead0d1c8b407b |
| SHA512 | f18fc5600dc717a9a0d39540c287abbe954e62342405a0cb28649b230699772e45196df2e97f83f8c1f61e2c9dae0aa82afd3bac96aeebfbe32cc6207aa80f8d |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | d9390a5cdd1c79de1db18bdf24a72633 |
| SHA1 | b2d91692e74941cc3ac488230263876e48a99a4e |
| SHA256 | 72bffa8590ef6ffe467234cdfb8678447e94f32778348b443d321de2c30be311 |
| SHA512 | c4c0574bd81f9cca8fab84172ce4a6b5719f527ed73f3d3c4cb4b66f03f5d8b6d69d006534b8e4d24b325945ff8dde893763306efb23ad451fddc5bb19276729 |
/data/data/com.betsite.conrader/files/umeng_it.cache
| MD5 | 38080fb4d6269baf54d0c0464577991c |
| SHA1 | 6c591a6dcd43ef71306724067bc74b1fb033ecf9 |
| SHA256 | 50ae6b2bbb4539d9a073f86c8a4a2ae444515f119e149429b5dac098facc896c |
| SHA512 | 7c2d127405b88141af22668e2544d4ccb4fb563b9d1467cc7e7706ee4890fef80b2b5dd97f33624c1591aa86d56282fcff82f09e46f2e1865805dedcc93954d9 |
/data/data/com.betsite.conrader/files/.umeng/exchangeIdentity.json
| MD5 | 1ccc6691a4c13761cb4de778132ea8c6 |
| SHA1 | 50a4e4bc02bd2cce6bc12800e9e0061c14264f9a |
| SHA256 | 39ffd0d67f842f5a1a7b6625a0041151ed4659ab41b2b0f91b812b33fa9c0889 |
| SHA512 | 4b5734924ffe1a71d4099e29a6e5b3916e80eace96bac6787e647c3c3afe56b38906e0bc331c05aac0e05fa54ba784380db09f25508a8640b9ae1bb4e4fcea37 |
/data/data/com.betsite.conrader/files/exid.dat
| MD5 | c0561c08cebcb3c1ce65f385f36dd71f |
| SHA1 | b5973e38eec22abc51d1a943d13e54d0ca80dee9 |
| SHA256 | 5507fcfbd99acbfc044052e4fd0453e07b52a5859599aece4ce8f552793fd89d |
| SHA512 | 8f440a6530961fcd5d48be627b6ed17cee065216327207758fd2131317a86b62c1149a251d6d0967a53120f8661456ee1dc247993c633310413c8bd592c55bbc |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 5ddac704d68291bcee711dfe0c7e21a4 |
| SHA1 | 611c646d88920104e934e25e094726d9fc593848 |
| SHA256 | 3fb6a81cdfc44d2e7ccc87ab22fc98c51572a0601a4835889b3efe66dedb7ccd |
| SHA512 | dfc9bf17e6f1bfcc6cd813996a732a4dcd997f29acbbfb282bbb1f138efdf2dca73771bc4520faa6a00971895a1d394dce691fb0fbdec9e39da734d9f7976b82 |
/data/data/com.betsite.conrader/databases/ua.db
| MD5 | 38564ad4c73e5619bc2264b0c44997a5 |
| SHA1 | e55f6fe1b20347ad4cd58d77af0b0feb149f63d0 |
| SHA256 | 1820a909a310bf7bc4ddaab6c8be3954dedd53612749f7bd08fefbef31670ec8 |
| SHA512 | 30d84731a3d8380e63bb73227623e86bd779476474269f252abe546028531c77658573874444e66b862ea049724e93a9344b1d4fd9f26c0fe02a79a4079a9a7d |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 0ddc858bc297cb49529e8ff011f9e807 |
| SHA1 | e63a1d77fc3afe88510e60c29b1eefb4f116d447 |
| SHA256 | a2f21caf12d65f7403c6ff75577e45e4b2cbb4ecff6873599b11ae932e7b0fb0 |
| SHA512 | 8f9c50f746f202039702133a5d9a81f548024ce9c0bf368d9bf7336101d1879ac4b29a932e68a775b3d02fb0ff20282bbeefbf927387b17be0b60e8067d1d572 |
/data/data/com.betsite.conrader/databases/cc/cc.db
| MD5 | 67c12933d1e0e63d9801a6aa43092ce7 |
| SHA1 | b6936908554e4a1986b8eb08289e2d3545e8ff74 |
| SHA256 | abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40 |
| SHA512 | db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 64c4f3f4345c21b18fc371eb1dc8ab8a |
| SHA1 | 61bc343dad475a0e8c6746d62182a79442da9221 |
| SHA256 | 199d5b46cf9564acd460f7eddd424fc8bb9ca70603d3988511291ee97c16e722 |
| SHA512 | f08d53a86e60a82f6c1c35ec341469888f083079a19a301a18a520178a5163a2a4823ab93dc101699d3968be04fcede7b8d8e8df0b46b44deba1cc9362f20ab1 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 02de3e277bff10b6c8ef5172bb413b2f |
| SHA1 | 219eb8461c3b1d4229328b3dea0b965a7c1b7462 |
| SHA256 | 529c9c9bc6d8ae7d38006267f080ffdd5fe92e00a7805ac15a9f672e1baada18 |
| SHA512 | 68dd03ee8face6f37505a666b66cf7cb01caf5acf521175633a577d60d5f80f5e4760dfffa751d4db353a4ab9dd380bec924d8bc2f1106f9877832ead721ee22 |
/storage/emulated/0/com.betsite.conrader.dev_id.txt
| MD5 | 8df20d7a35cc3c1d7881496ba312f394 |
| SHA1 | f407215f64885f6184f9cdeb0cb43d84aa0446fb |
| SHA256 | 977fa94f541315a94a38e40dac90c18761b87c39a2026897d7b7480413e2f505 |
| SHA512 | bb988917243afa3945b31971dc735627f21cfaa7923259690007fba21323c5dac6f9a68d5644493e659e4758842c7b93425a7fd028fb933f41139452409510e0 |
/data/data/com.betsite.conrader/files/.um/um_cache_1718276938291.env
| MD5 | 3e6dbf442620ad380a46291d50f3ff29 |
| SHA1 | 5fcfc589b05e97288c89d3045d8c59b22c276d2b |
| SHA256 | 9d80a2db99a73a0fd57efd77f5528831459e5363fd875d4eb998c29d2d7c76cd |
| SHA512 | da388214407f34bb1c61e5ea9ea7d3efbd907584124814e91574cc625a9a262aea33e3b2619b9c623a0c333badc14c8b86e3e33293bd045e56d913da2a1f755c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 11:06
Reported
2024-06-13 11:09
Platform
android-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
137s
Command Line
com.betsite.conrader
Signatures
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.betsite.conrader
com.betsite.conrader:watch
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | shop.hotluska.com | udp |
| US | 44.213.104.86:80 | shop.hotluska.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umengcloud.com | udp |
| CN | 223.109.148.177:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.130:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.178:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.141:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.179:80 | alog.umengcloud.com | tcp |
| CN | 223.109.148.176:80 | alog.umengcloud.com | tcp |
Files
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 907fc6c3921972139be43966d4c76b6c |
| SHA1 | 4faeffc78060d6e87d1833571b2e05940b4cad33 |
| SHA256 | be638c99acb55ba8de5d5b2d99ea5141e3bb8fa0b919ee695f3f1483169e7d82 |
| SHA512 | ba730611af8de50331ba6875bf560e5b0e0bfa33abaac9c178d162f7e478f704bc46681ffb48f1aaf13eb17ed3de20b6bc48786220aa47a4971c8d7d200698a7 |
/data/data/com.betsite.conrader/databases/ua.db
| MD5 | e11530369f1af087ce9a136b21f713a7 |
| SHA1 | 8f8c4dc5083a713e3ac1abc383ab9831e6fb5f87 |
| SHA256 | e4ad5f5e72acd4e4d4c3007cb913139b6498992bc511e64285e888ac6bac0970 |
| SHA512 | f334e888888af52cc58e797a64fb17fd20810612c5fff0292a0d25a29fad02bd61059a057cfa3d74c3769f200153e337b9543a2788e125abb6f021678f649311 |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | f370a257c49722ffea46d1d0bf5a4f8e |
| SHA1 | d624407262146c9fb6cb9ad3443f3c4afb7b69ab |
| SHA256 | 3f76fb729d31dd9080a587f8a7df2a56b0aead969df590dabb58f55e7de7c822 |
| SHA512 | ceca68ef22350dfd9aef2a613d570d6b3fca77a0e4cb12183f820c17eeaf08bf05b0083cac784c88b47325c597c54779666231b07e4a593e0872c2d9736e0583 |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 42d7e0d1c5e6fccab7c80d97abe32d33 |
| SHA1 | 6b8fe093ffb1078b8e5840e0cb3483a2a1cdb44a |
| SHA256 | 59ccb30093aa7adb15f7e2bc70c81fb5d7ee52e2cd85cbe362c05b0b4b11934f |
| SHA512 | b84f9fd8df0bb929ff021c561c055020b191c2230e1c85a16f323d41495b9eb2ede39a8d9880603dfd3dbf8cfc8f005ca78ae237102a90fb7abe6e61c38e5b6b |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 2162fa9d925202a521e11b1de7c91bec |
| SHA1 | faebc74cd49d8380cd09e57046377cf09e378a3f |
| SHA256 | dc0e497dcb0e646ffbf7ee5c0f9e241a2884268850cd9a43394cb81106c37d2b |
| SHA512 | ff76866b47dec449bfe7b27b3c22ca53157f30f09b3c5ef51cd931748e58eeb34079c0e1d49a3bcd5a8423c599db2100c234d8b8593a272c3c2e3ae6ee53c489 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | a2f5c76c1dbd00bcba60a3acc9e8c4ba |
| SHA1 | 934e481aad4b3a8ee5ad4b522010f6b618343849 |
| SHA256 | b9b162f423222458d120883174975f8d2cb3fbf55983cf22c365385f2772aeb8 |
| SHA512 | f48661f1e9e86745536ec1c9dab8ea55f64b4e253de0fe1e7b57db99149521bf60afaa5a493d003ff7e5fff023963b9e0ed7899647035bb132922d0f34f49181 |
/data/data/com.betsite.conrader/databases/cc/cc.db
| MD5 | 4cfe777c9f6e7859f5efe2197401d8e5 |
| SHA1 | bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a |
| SHA256 | c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231 |
| SHA512 | 6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 99511a768d9998ffe79cc0c25831dc25 |
| SHA1 | d17c1c4f96979cd6dfceb4285c56f0f33d02581b |
| SHA256 | 1de70142f40b139d2d01adc9eb0831622081d70925ff00a3fecf09f1dd0c2f56 |
| SHA512 | 77689072de67d4002ba452bcceea72455a1d12a44d64be0c1148f8d1782880e25f1ae82ee10705bc86795241a662c263ff3138b5641a2613b4b3a8862e3242e1 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 4b160f0ada324339e53ec912d0de707b |
| SHA1 | 87797d4c887ec45c42ca66da2655bd86744a49b6 |
| SHA256 | a068375f6147fc9be2d96ea8f8d36ce63179dc5f81cc0a3aee2b027afecac715 |
| SHA512 | 7063292be16193c1c946bab7f52a18938b47b04c5db1e6391ee0b78b9c462602978cf11087cc51559107ec599dc00bac01405f9c04b67f004a3ceb89595944c4 |
/data/user/0/com.betsite.conrader/files/umeng_it.cache
| MD5 | c1efe796b84811679e4e3984a4a498ea |
| SHA1 | bd5d03b7b39f2fb8e0a8d6228997fac852355a39 |
| SHA256 | 53c521b53178915bbe72a9e8aba45e5878f22a75f513357b48746a611819f68e |
| SHA512 | e513121a80a735570964955d726d25fe9419f5c8f350418e8d6b10c741cedc1d5d54184db05f2a07d5d67c451e65c705813239c23ddb8e856927d559fcce7164 |
/data/user/0/com.betsite.conrader/files/.umeng/exchangeIdentity.json
| MD5 | aad2a2429e3adfe61027384e1657eadf |
| SHA1 | 7d7e3ccb919e2bc2bc9ec56d5884da3451533232 |
| SHA256 | b75cac8641b8bf7e0224aaf08afac541793b402949b3989d55f77f3eefbbfffb |
| SHA512 | f7c2d37078b76bb528e84573b25472daa5b3a68bce1fd72741e82c7e337a5767009918d849baa6de6783c8090f549fb621ff2dd7388c74580c8e95c1ac336e7f |
/data/user/0/com.betsite.conrader/files/exid.dat
| MD5 | c0561c08cebcb3c1ce65f385f36dd71f |
| SHA1 | b5973e38eec22abc51d1a943d13e54d0ca80dee9 |
| SHA256 | 5507fcfbd99acbfc044052e4fd0453e07b52a5859599aece4ce8f552793fd89d |
| SHA512 | 8f440a6530961fcd5d48be627b6ed17cee065216327207758fd2131317a86b62c1149a251d6d0967a53120f8661456ee1dc247993c633310413c8bd592c55bbc |
/data/data/com.betsite.conrader/databases/ua.db-journal
| MD5 | 07ee0740903251ea37a7a4f9b7f46904 |
| SHA1 | 562419b522e77560184d60dd4753a3bd1deda34a |
| SHA256 | 930fbf2a4eb3e841268ac59d16ce2db5274901f7973e21c2a0f9fff2ab47df9b |
| SHA512 | 64050548fa1c2d41dfe619b16ac15b6508567f3afcb59dc23ee46aea1b22c065f753de15d646476d7f40a877e932bfadcee407cff88881754dd6d98d6c86d8e6 |
/data/data/com.betsite.conrader/databases/ua.db
| MD5 | 4cac7d31fb94d5c9581893537f64c5ed |
| SHA1 | 96bef3288546196ac3058b5eeddbe9da1d999fe5 |
| SHA256 | d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5 |
| SHA512 | 0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | f3f52ab95c7f0042c5bf9ac06539338f |
| SHA1 | bab0b42829b5b204293203e34a516026ed35628b |
| SHA256 | d32f241b721fad632bffc9c7d372bbfd82cc568d322871ae90ed46617e9b3ba0 |
| SHA512 | 475eff55c7400d3bba9fd357bc7acd1fafe458aac89c0af2758f19ecfcf63f3f398f4c9841f7f02cdb835b8eb09f5a9017779814d79ef2fe7c5a111e40fe1a28 |
/data/data/com.betsite.conrader/databases/cc/cc.db
| MD5 | 86752a4be6564d8370f2f0e403995003 |
| SHA1 | 29f7d50675f6e59f3b808eb6dcc8619384412115 |
| SHA256 | 50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c |
| SHA512 | 79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | c9d4db6a3437775b6e9ff8b4989117c4 |
| SHA1 | d092d398c623dbc17c202efd737dd93a9f4201b6 |
| SHA256 | 9c185b54aff63e3572fa28fae937ecd2123a0da5d177d618224f35858c4bdf10 |
| SHA512 | 59773a59a834a5a46432817406e9131ee1f4afbeb4969fbf8c1384b5756e83e9bcb087b609ef9bb2b3c3b35c95b7b50390859e2ad776eb73e00b0fc0e4719ce9 |
/data/data/com.betsite.conrader/databases/cc/cc.db-journal
| MD5 | 44cd341aa8f4b6776078090abe4d7ea3 |
| SHA1 | 50356ec36e590d794361efcc4afcd7487d1b1319 |
| SHA256 | d818f243649c2346b57fac57d7c184c9a5a6ce98dd5ac7c03bc279ee072115b6 |
| SHA512 | d5879bbf99462b3c4ae67766edfe8943c5368791d866c675af7051ddc84d34c035c7aa0dd12afc100211e6f1cf40529f5b54e5beba1e5ad062d31bab9469c172 |
/storage/emulated/0/com.betsite.conrader.dev_id.txt
| MD5 | 4b7186226e2d7ad5bb3d0a2c6a23c3bf |
| SHA1 | 538ecba9d40fbfe30c775025dc7b4dd94067a67e |
| SHA256 | 47c889b47464d9efbd0c79e3512883983151b846355eeb54621570ce916295e2 |
| SHA512 | 414295533cc9fce79c667d0d4ee42bdb5580cb0fb08bb1b87f929d465175653ea60e01e1db5e3b7c1cb9554eae1902a32386b266da03f55ce9542ff6d8d977c5 |
/data/user/0/com.betsite.conrader/files/.um/um_cache_1718276939287.env
| MD5 | 6afe35434c9efcb3d4945b4230147f88 |
| SHA1 | 2c3c00e774833ea82d5b344212ff51f8fffaf82a |
| SHA256 | 2129fe30018e8557110e7041ff812cebdf0b8a71f745804f6fd9a7eb01de1a7c |
| SHA512 | 2737dfe781b172b828e37038669c4d2287ceaa69c57c066b547ea3972fed2bcd320ee06a68c85b784cd73a6e8f6b4a1a4e7f296cf4aff4a1f4de9a48092f56d8 |