Analysis Overview
SHA256
fcee982b3d0e1601b40078d98df03503668aec7542721f921ae8248bc3cec3a1
Threat Level: Known bad
The file Elite.apk was found to be: Known bad.
Malicious Activity Summary
Wipelock Android payload
Wipelock family
Removes its main activity from the application launcher
Reads the contacts stored on the device.
Legitimate hosting services abused for malware hosting/C2
Tries to add a device administrator.
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Analysis: static1
Detonation Overview
Reported
2024-10-08 12:25
Signatures
Wipelock Android payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Wipelock family
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-08 12:25
Reported
2024-10-08 12:35
Platform
android-x86-arm-20240624-en
Max time kernel
250s
Max time network
562s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads the contacts stored on the device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://com.android.contacts/data/phones | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.elite
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 216.58.213.14:443 | consent.google.com | tcp |
| US | 1.1.1.1:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | tcp |
| US | 1.1.1.1:53 | en.uptodown.com | udp |
| US | 151.101.3.52:443 | en.uptodown.com | tcp |
| US | 1.1.1.1:53 | stc.utdstc.com | udp |
| US | 1.1.1.1:53 | geo.cookie-script.com | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | img.utdstc.com | udp |
| US | 151.101.195.52:443 | img.utdstc.com | tcp |
| US | 151.101.195.52:443 | img.utdstc.com | tcp |
| US | 151.101.195.52:443 | img.utdstc.com | tcp |
| US | 151.101.195.52:443 | img.utdstc.com | tcp |
| US | 151.101.195.52:443 | img.utdstc.com | tcp |
| US | 151.101.195.52:443 | img.utdstc.com | tcp |
| NL | 95.85.19.25:443 | geo.cookie-script.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | cdn.cookie-script.com | udp |
| NL | 146.185.171.17:443 | cdn.cookie-script.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| NL | 146.185.171.17:443 | cdn.cookie-script.com | tcp |
| US | 1.1.1.1:53 | consent.cookie-script.com | udp |
| US | 1.1.1.1:53 | www.uptodown.com | udp |
| DE | 116.203.90.127:443 | consent.cookie-script.com | tcp |
| US | 1.1.1.1:53 | antivirus-security-free.en.uptodown.com | udp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | scripts.ssm.codes | udp |
| US | 104.26.4.120:443 | scripts.ssm.codes | tcp |
| US | 1.1.1.1:53 | ssm.codes | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 1.1.1.1:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | oa.openxcdn.net | udp |
| US | 1.1.1.1:53 | static.criteo.net | udp |
| US | 1.1.1.1:53 | cdn-ima.33across.com | udp |
| US | 1.1.1.1:53 | tags.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | invstatic101.creativecdn.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 1.1.1.1:53 | 5779ee5cb130ee8bfc31789dead4b650.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | 5779ee5cb130ee8bfc31789dead4b650.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | bcp.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | oajs.openx.net | udp |
| IE | 54.229.139.118:443 | bcp.crwdcntrl.net | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 1.1.1.1:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 1.1.1.1:53 | 02d695d3d77c971e0355f054fa8888ce.safeframe.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | 02d695d3d77c971e0355f054fa8888ce.safeframe.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | dw.uptodown.com | udp |
| FR | 51.210.117.112:443 | dw.uptodown.com | tcp |
| FR | 51.210.117.112:443 | dw.uptodown.com | tcp |
| US | 1.1.1.1:53 | dw.uptodown.net | udp |
| US | 151.101.3.52:443 | dw.uptodown.net | tcp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | firebase-settings.crashlytics.com | udp |
| GB | 216.58.201.99:443 | firebase-settings.crashlytics.com | tcp |
| US | 1.1.1.1:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 1.1.1.1:53 | vanheim-service.ff.avast.com | udp |
| BE | 34.76.203.183:443 | vanheim-service.ff.avast.com | tcp |
| US | 1.1.1.1:53 | ipm-provider.ff.avast.com | udp |
| US | 34.111.24.1:443 | ipm-provider.ff.avast.com | tcp |
| US | 1.1.1.1:53 | ams.honzik.avcdn.net | udp |
| GB | 88.221.134.27:443 | ams.honzik.avcdn.net | tcp |
| US | 1.1.1.1:53 | ipm.avcdn.net | udp |
| US | 34.111.24.1:443 | ipm.avcdn.net | tcp |
| US | 1.1.1.1:53 | sdk-api-v1.singular.net | udp |
| US | 1.1.1.1:53 | ipmcdn.avast.com | udp |
| US | 1.1.1.1:53 | analytics.avcdn.net | udp |
| GB | 88.221.135.114:443 | sdk-api-v1.singular.net | tcp |
| GB | 2.18.81.42:443 | ipmcdn.avast.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| GB | 88.221.135.114:443 | sdk-api-v1.singular.net | tcp |
| US | 1.1.1.1:53 | push.ff.avast.com | udp |
| CZ | 5.62.52.33:443 | push.ff.avast.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | configv2.unityads.unity3d.com | udp |
| US | 34.110.229.214:443 | configv2.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | config.ads.vungle.com | udp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| US | 107.22.67.141:443 | config.ads.vungle.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| US | 1.1.1.1:53 | webview.unityads.unity3d.com | udp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 18.165.227.63:443 | webview.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | cdn-lb.vungle.com | udp |
| US | 1.1.1.1:53 | events.ads.vungle.com | udp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 184.50.113.34:443 | cdn-lb.vungle.com | tcp |
| US | 100.25.59.192:443 | events.ads.vungle.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| GB | 142.250.187.206:80 | android.clients.google.com | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | imasdk.googleapis.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.234:443 | imasdk.googleapis.com | tcp |
| US | 1.1.1.1:53 | thind.unityads.unity3d.com | udp |
| US | 34.107.172.168:443 | thind.unityads.unity3d.com | tcp |
| US | 34.107.172.168:443 | thind.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | auction-load.unityads.unity3d.com | udp |
| US | 34.49.168.197:443 | auction-load.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| IN | 142.250.70.67:443 | csi.gstatic.com | tcp |
| IN | 142.250.70.67:443 | csi.gstatic.com | tcp |
| US | 1.1.1.1:53 | rr4---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.41:443 | rr4---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 74.125.105.41:443 | rr4---sn-aigl6nsd.googlevideo.com | tcp |
| US | 1.1.1.1:53 | yt3.ggpht.com | udp |
| IN | 142.250.70.67:443 | csi.gstatic.com | tcp |
| GB | 216.58.201.97:443 | yt3.ggpht.com | tcp |
| US | 1.1.1.1:53 | httpkafka.unityads.unity3d.com | udp |
| US | 35.244.205.3:443 | httpkafka.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | cdn-f.adsmoloco.com | udp |
| US | 151.101.3.52:443 | cdn-f.adsmoloco.com | tcp |
| US | 151.101.3.52:443 | cdn-f.adsmoloco.com | tcp |
| US | 151.101.3.52:443 | cdn-f.adsmoloco.com | tcp |
| US | 100.25.59.192:443 | events.ads.vungle.com | tcp |
| US | 100.25.59.192:443 | events.ads.vungle.com | tcp |
| US | 100.25.59.192:443 | events.ads.vungle.com | tcp |
| US | 1.1.1.1:53 | tr-us.adsmoloco.com | udp |
| US | 107.178.251.134:443 | tr-us.adsmoloco.com | tcp |
| US | 1.1.1.1:53 | sdk-api-v1.singular.net | udp |
| GB | 2.18.190.79:443 | sdk-api-v1.singular.net | tcp |
| US | 107.178.251.134:443 | tr-us.adsmoloco.com | tcp |
| GB | 88.221.134.27:443 | ams.honzik.avcdn.net | tcp |
| US | 1.1.1.1:53 | us-event.app-install.bid | udp |
| US | 23.92.176.70:443 | us-event.app-install.bid | tcp |
| US | 100.25.59.192:443 | events.ads.vungle.com | tcp |
| US | 1.1.1.1:53 | firebaseremoteconfig.googleapis.com | udp |
| US | 1.1.1.1:53 | firebaselogging-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | firebaselogging-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | firebaselogging.googleapis.com | udp |
| GB | 142.250.180.10:443 | firebaselogging.googleapis.com | tcp |
| US | 1.1.1.1:53 | filerep-replica.ff.avast.com | udp |
| US | 34.98.110.65:443 | filerep-replica.ff.avast.com | tcp |
| US | 1.1.1.1:53 | sdk-api-v1.singular.net | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 88.221.135.114:443 | sdk-api-v1.singular.net | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.179.226:443 | tcp | |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.3:80 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | antivirus-security-free.en.uptodown.com | udp |
| US | 151.101.3.52:443 | antivirus-security-free.en.uptodown.com | tcp |
| US | 151.101.3.52:443 | antivirus-security-free.en.uptodown.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.180.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 1.1.1.1:53 | urlite.ff.avast.com | udp |
| US | 34.49.17.193:443 | urlite.ff.avast.com | tcp |
| US | 1.1.1.1:53 | ssm.codes | udp |
| US | 104.26.4.120:443 | ssm.codes | tcp |
| US | 1.1.1.1:53 | pubads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | pubads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 34.49.17.193:443 | urlite.ff.avast.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 34.49.17.193:443 | urlite.ff.avast.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | s2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | s2.googleusercontent.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 34.49.17.193:443 | urlite.ff.avast.com | tcp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 216.58.201.97:443 | s2.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | t3.gstatic.com | udp |
| GB | 216.58.204.68:443 | t3.gstatic.com | tcp |
| GB | 142.250.187.234:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | urlite.ff.avast.com | udp |
| US | 34.49.17.193:443 | urlite.ff.avast.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | filerep-replica.ff.avast.com | udp |
| US | 34.98.110.65:443 | filerep-replica.ff.avast.com | tcp |
| US | 1.1.1.1:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-08 12:25
Reported
2024-10-08 12:35
Platform
android-x64-20240624-en
Max time kernel
559s
Max time network
388s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads the contacts stored on the device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://com.android.contacts/data/phones | N/A | N/A |
Processes
com.elite
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.3:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-08 12:25
Reported
2024-10-08 12:35
Platform
android-x64-arm64-20240624-en
Max time kernel
562s
Max time network
469s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads the contacts stored on the device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://com.android.contacts/data/phones | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.elite
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 142.250.187.227:443 | tcp |