Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mart.1.origin
Сетевая активность:
Подключается к:
- s####.####.com
- a####.####.org
- o####.####.com
- dispat####.####.com
- i####.####.org
Запросы HTTP GET:
- a####.####.org/3/movie/135397?api_key=####&language=####
- a####.####.org/3/movie/313369/videos?api_key=####
- a####.####.org/3/movie/popular?page=####&api_key=####&language=####
- i####.####.org/t/p/w342/jjBgi2r5cRt36xF6iNUEhzscEcb.jpg
- i####.####.org/t/p/w500/dkMD5qlogeRMiEixC4YNPUvax2T.jpg
- i####.####.org/t/p/w342/5N20rQURev5CNDcMjHVUZhpoCNC.jpg
- i####.####.org/t/p/w342/z4x0Bp48ar3Mda8KiPD1vwSY3D8.jpg
- i####.####.org/t/p/w500/pJjIH9QN0OkHFV9eue6XfRVnPkr.jpg
- i####.####.org/t/p/w342/vR9YvUJCead23MOWwVzv9776eb1.jpg
- i####.####.org/t/p/w342/tIKFBxBZhSXpIITiiB5Ws8VGXjt.jpg
- a####.####.org/3/movie/313369?api_key=####&language=####
- i####.####.org/t/p/w342/nBNZadXqJSdt05SHLqgT0HuC5Gm.jpg
- i####.####.org/t/p/w500/fp6X6yhgcxzxCpmM0EVC6V9B8XB.jpg
- i####.####.org/t/p/w342/z09QAf8WbZncbitewNk6lKYMZsh.jpg
- i####.####.org/t/p/w342/5gJkVIVU7FDp7AfRAbPSvvdbre2.jpg
- i####.####.org/t/p/w342/bndiUFfJxNd2fYx8XO610L9a07m.jpg
- i####.####.org/t/p/w342/WLQN5aiQG8wc9SeKwixW7pAR8K.jpg
- i####.####.org/t/p/w342/rXMWOZiCt6eMX22jWuTOSdQ98bY.jpg
- i####.####.org/t/p/w342/yNsdyNbQqaKN0TQxkHMws2KLTJ6.jpg
- a####.####.org/3/movie/135397/videos?api_key=####
- a####.####.org/3/movie/313369/credits?api_key=####&language=####
- a####.####.org/3/movie/135397/credits?api_key=####&language=####
- a####.####.org/3/genre/movie/list?api_key=####&language=####
- i####.####.org/t/p/w342/qjiskwlV1qQzRCjpV0cL9pEMF9a.jpg
- i####.####.org/t/p/w342/gri0DDxsERr6B2sOR1fGLxLpSLx.jpg
- i####.####.org/t/p/w342/5XFchtGifv8mz4qlyT8PZ7ZsjfG.jpg
- i####.####.org/t/p/w342/4Iu5f2nv7huqvuYkmZvSPOtbFjs.jpg
- i####.####.org/t/p/w342/e1mjopzAS2KNsvpbpahQ1a6SkSn.jpg
- i####.####.org/t/p/w342/nHXiMnWUAUba2LZ0dFkNDVdvJ1o.jpg
- a####.####.org/3/configuration?api_key=####&language=####
- a####.####.org/3/movie/now_playing?page=####&api_key=####&language=####
- i####.####.org/t/p/w342/ylXCdC106IKiarftHkcacasaAcb.jpg
Запросы HTTP POST:
- o####.####.com/v2/get_update_time
- dispat####.####.com/v2.1/2000
- s####.####.com/v2.1/2004
- s####.####.com/v2.1/2003
- s####.####.com/v2.1/2002
- s####.####.com/v2.1/2001
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/image_cache/v2.ols100.1/29/gl6xarmMaeOPx6pPy295WhQ1e2M.-1460551592.tmp
- /data/data/####/databases/cc/cc.db
- /data/data/####/cache/image_cache/v2.ols100.1/52/c6BhEPVNQo7tmuH2ssGUNJBGC4I.-97624417.tmp
- /data/data/####/databases/cc/cc.db-journal
- /sdcard/database/actiondown
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/shared_prefs/com.facebook.sdk.attributionTracking.xml
- /data/data/####/shared_prefs/SYSTEM_SETTING.xml
- /data/data/####/app_sdk.data/MainJson.txt
- /data/data/####/files/pid
- /data/data/####/databases/MoviesDB-journal
- /data/data/####/shared_prefs/SDKIDFA.xml
- /sdcard/database/5supdate_4.apk
- /data/data/####/app_sdk.data/libDaemonProcess.so
- /sdcard/database/mychannel
- /data/data/####/shared_prefs/SYSTEM_SETTING.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/36/hlT4sFGa29KAu42mutVclyMEPdQ.323649668.tmp
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/files/AppEventsLogger.persistedevents
- /data/data/####/cache/image_cache/v2.ols100.1/31/hF2Y7ovqWqEmsMOoaHkNtRmAGR8.-1381115695.tmp
- /data/data/####/app_sdk.data/libDaemonProcess_arm32_22.so
- /data/data/####/cache/image_cache/v2.ols100.1/18/JOhpL8o2h7YyIIcLDv2Z9a9P7Os.-269428753.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/87/-5_azYI18t8nzxDGW47vuxUrsOQ.1839586208.tmp
- /data/data/####/databases/MoviesDB
- /data/data/####/cache/image_cache/v2.ols100.1/46/eFjHmr5vM8beFdTiwE7PyrcpTjo.154201661.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/9/2AApTnQcFrkhz_l6ZEQXhdGHlYs.-1662236432.tmp
- /data/data/####/app_sdk.data/dexhostinjection.jar
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/cache/image_cache/v2.ols100.1/0/sQ3qk9xZx2IblPOxOsyzNRqny_0.1219525290.tmp
- /data/data/####/shared_prefs/onlineconfig_agent_online_setting_####.xml
- /data/data/####/cache/image_cache/v2.ols100.1/69/UaqKYSC0hQHvrcM7Ycwas5jROrc.-679428383.tmp
- /data/data/####/shared_prefs/FBAdPrefs.xml
- /sdcard/database/actionsuk
- /data/data/####/cache/image_cache/v2.ols100.1/82/JvpMoX2R4kZ9VKqNhotWIUWeg0I.655667504.tmp
- /data/data/####/files/lockpid
- /data/data/####/cache/image_cache/v2.ols100.1/96/FU0m9_pGP3525XIqfF3GBH-FRRc.-108932978.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/63/FvauBydu9LOIc_HtZZYzy8qqm0w.-1601684797.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/1/y_T8ovvbdIxN3H_0xB1TiSHAmEA.1905168335.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/90/i07MKReD0va2qqAXG2Z5MtpSYyg.1956724659.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/20/G47KKuMsTZu1VrazsqTHgZiZTKI.457089725.tmp
- /data/data/####/files/mobclick_agent_cached_####3
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/image_cache/v2.ols100.1/87/l2FTot0qxd4Mpe7CHS4g2teEycU.-1027208439.tmp
- /data/data/####/shared_prefs/####.xml
- /data/data/####/app_sdk.data/libDaemonProcess_arm64_22.so
- /data/data/####/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- /data/data/####/cache/image_cache/v2.ols100.1/28/D6GatL23HV9eGqvK3wVCA4TQ0y4.-1951127866.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/app_sdk.data/1.apk
- /data/data/####/shared_prefs/tempFile.xml
- /data/data/####/cache/image_cache/v2.ols100.1/8/eIInRE0g5ELFH74Fqgjywg7pHh4.-912724023.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/18/GAohyEBcF0H49-CaCbNUiu7shEA.-917804670.tmp
- /data/data/####/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
- /data/data/####/cache/image_cache/v2.ols100.1/30/J3xu3WVFs5wkwAQ5KGCB5X8b-RM.985033615.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/39/QRFJhc4ttZzNKqubq_ua0sM681o.-935060688.tmp
- /data/data/####/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- /data/data/####/shared_prefs/####.xml.bak
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/app_sdk.data/1.apk
- /data/data/####/app_sdk.data/dexhostinjection.jar
- /data/data/####/app_sdk.data/libDaemonProcess.so
Другие:
Запускает следующие shell-скрипты:
- chmod 777 /data/data/####/files/lockpid
- chmod 777 /data/data/####/app_sdk.data/libDaemonProcess.so
- chmod 777 /data/data/####/app_sdk.data
- chmod 777 /storage/emulated/0/database/actiondown
- chmod 777 /storage/emulated/0/database/5supdate_4.apk
- chmod 777 /data/data/####/app_sdk.data/dexhostinjection.jar
- chmod 777 /data/data/####/app_sdk.data/MainJson.txt
- chmod 777 /data/data/####/app_sdk.data/1.apk
- chmod 777 /storage/emulated/0/database/mychannel
- chmod 777 /storage/emulated/0/database/actionsuk
Может автоматически отправлять СМС-сообщения.
