Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.269.origin
- Android.Mixi.13.origin
- Android.Mixi.6.origin
Сетевая активность:
Подключается к:
- s####.####.com
- 2####.####.214
- i####.####.cn
- n####.####.cn
- h####.####.com
- t####.####.com
- 2####.####.202
- d####.####.cn
- union-c####.####.com
- d####.####.com
- mer####.####.com
- a####.####.cn
- w####.####.com
- g####.####.com
- m####.####.com
- ur####.####.com
- f####.####.cn
- u####.####.cc
- a####.####.com
- w####.####.com:9001
Запросы HTTP GET:
- u####.####.cc/zhuanpan/turntable21/dxzs2.apk
- s####.####.com/m/images/index/load/05010.png
- mer####.####.com/log.gif?t=####&m=####&cul=####&pin=####&uid=####&sid=####&ref=####&v=####&rm=####
- s####.####.com/m/css/2014/index/home_2017_1_18.css?v=####
- s####.####.com/m/js/2014/base/JdBase.min.js?v=####
- s####.####.com/unify.min.js
- f####.####.cn/focus/st?status=####&cid=####&source=####&requestid=####
- n####.####.cn/?s=####&t=####&g=####
- s####.####.com/m/images/index/n-me.png
- i####.####.cn/iplookup/iplookup.php?format=####
- s####.####.com/m/images/index/live-icon.png
- m####.####.com/images/index/icon-close-banner.png
- s####.####.com/m/images/index/n-cart.png
- s####.####.com/m/images/index/jd-news-tit.png
- s####.####.com/m/images/index/a-home.png
- g####.####.com/cr/sdk/goplaysdk_statistics_method.dat
- s####.####.com/m/images/index/location.png
- s####.####.com/img/jfs/t2977/335/1927273397/18081/64a032d5/5796df21N0c6edd4e.png
- s####.####.com/m/js/2014/module/plugIn/downloadAppPlugIn_imk2.js?v=####
- h####.####.com/solocalocalstorage.html
- s####.####.com/m/images/index/loading-f13-l.png
- s####.####.com/m/js/2014/m/index/index_2017_1_18_alpha.js?v=####
- s####.####.com/m/images/index/loading-f13-b.png
- d####.####.cn/
- t####.####.com/it/u=3641423054,3467860450&fm=76
- s####.####.com/m/images/index/floor_blank.png
- s####.####.com/m/images/index/scroll-to-top-icon.png
- m####.####.com/?cu=####&utm_source=####&utm_medium=####&utm_campaign=####&utm_term=####&abt=####
- s####.####.com/m/images/index/n-catergry.png
- h####.####.com/?id=####&flag=####&sid=####&point0=####&point1=####&point2=####&point3=####&point4=####&point5=####&point6=####&point7=####&point8=####...
- s####.####.com/m/images/index/seckill-220-new.png
- a####.####.com/goapk/765E3EA89C9E.png
- 2####.####.214/action/pop_ad/ad?app_id=####&udid=####&imsi=####&net=####&base=####&app_version=####&sdk_version=####&device_name=####&device_brand=###...
- s####.####.com/m/images/index/load/05003.png
- f####.####.cn/focus/conf?device_type=####&height=####&dpi=####&android_id=####&width=####&cid=####&networkType=####&version=####&conn=####&imei=####&o...
- g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
- union-c####.####.com/jdc?e=####&p=####&t=####
- s####.####.com/m/images/index/top-jdlogo.png
- s####.####.com/m/images/index/floor-tit.png
- a####.####.com/goapk/gp_tenqq.7z
- s####.####.com/m/images/index/load/05001.png
- s####.####.com/m/images/index/load/05002.png
- s####.####.com/m/images/index/n-find.png
- s####.####.com/m/images/index/load/05007.png
- s####.####.com/m/images/index/jd-sprites.png
- s####.####.com/m/images/index/load/05003-lv.png
- s####.####.com/m/images/index/load/col04-con.png
- 2####.####.202/action/connect/active?app_id=####&udid=####&imsi=####&net=####&base=####&app_version=####&sdk_version=####&device_name=####&device_bran...
- n####.####.cn/t.php?k=####&url=####
- h####.####.com/active/reporttime/reportTime.min.js
- s####.####.com/m/images/index/arrow_rt.png
- d####.####.com/ymian/index-3.html
- s####.####.com/m/images/index/load/col02-con.png
- s####.####.com/m/css/2014/layout/layout2015.css?v=####
Запросы HTTP POST:
- w####.####.com/api/getCfg.jsp
- w####.####.com/api/uploadInstallApps.jsp
- w####.####.com/api/getInAppFull.jsp
- w####.####.com/api/getDtk.jsp
- w####.####.com/api/getLauncher.jsp
- f####.####.cn/focus/atex
- h####.####.com/downLoad/closeUa.action?_format_=####
- w####.####.com/api/getSI.jsp
- w####.####.com/api/getFallDown.jsp
- m####.####.com/index/screen.action?a=####&b=####&r=####
- f####.####.cn/focus/req
- ur####.####.com/log/m?std=####
- g####.####.com/cr/sv/getEP
- w####.####.com:9001/api/uploadSale.jsp
- w####.####.com/api/getStartPop.jsp
- a####.####.cn/action/user_info
- h####.####.com/m/access
- w####.####.com/adx.php?c=####
- w####.####.com/api/uploadSaleInfo.jsp
- w####.####.com/api/getAreaId.jsp
- w####.####.com/api/getInAppFloat.jsp
- w####.####.com/api/getSlidingScreen.jsp
- w####.####.com/api/getStartNonFull.jsp
- w####.####.com/api/getStartDialog.jsp
- w####.####.com/api/getStartFull.jsp
- w####.####.com/api/getAlist.jsp
- w####.####.com/api/getSht.jsp
- w####.####.com/api/getInAppNonFull.jsp
- w####.####.com/api/getNotification.jsp
- w####.####.com/api/getExit.jsp
- w####.####.com/api/getStartWin.jsp
- w####.####.com/api/getFloat.jsp
Дропперы:
Был загружен из Интернета следующими детектируемыми угрозами:
- Android.BackDoor.155
Изменения в файловой системе:
Создает следующие файлы:
- /sdcard/Android/data/cache/CacheTime.dat
- /data/data/####/shared_prefs/AppSettings.xml
- /data/data/####/cache/webviewCacheChromium/f_00002a
- /data/data/####/files/wca.jar
- /sdcard/Android/data/cache/UnPackage.dat
- /data/data/####/files/1485416446523_cgr.so
- /data/data/####/files/lmoevssnujlybeprprfvzkppncuacgdjp
- /data/data/####/shared_prefs/gitConfig.xml
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/shared_prefs/pp.xml.bak
- /data/data/####/files/webview/localstorage/http_so.m.jd.com_0.localstorage-journal
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/Download/images/journal.tmp
- /data/data/####/cache/webviewCacheChromium/f_000027
- /data/data/####/cache/webviewCacheChromium/f_000026
- /data/data/####/cache/webviewCacheChromium/f_000025
- /data/data/####/cache/webviewCacheChromium/f_000024
- /data/data/####/cache/webviewCacheChromium/f_000023
- /data/data/####/cache/webviewCacheChromium/f_000022
- /data/data/####/cache/webviewCacheChromium/f_000021
- /data/data/####/cache/webviewCacheChromium/f_000020
- /data/data/####/files/mobclick_agent_cached_####2
- /data/data/####/cache/webviewCacheChromium/f_000029
- /data/data/####/cache/webviewCacheChromium/f_000028
- /data/data/####/shared_prefs/saidcommon_pref.xml
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/shared_prefs/localtime.xml
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/databases/baidu_cmo-journal
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/files/hftJcw46N.jar
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /sdcard/Android/data/system/cache/.hb/swhm_l_hb_t
- /data/data/####/shared_prefs/areaInfo.xml
- /sdcard/Android/data/system/cache/.hb/ntbhbm_l_hb_t
- /data/data/####/files/ijiami.dat
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/files/yw.db
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /sdcard/Android/data/system/cache/.hb/sfhm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/fhbm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/IUhbm_l_hb_t
- /data/data/####/app_cache/ijiami.jar
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/files/webview/ApplicationCache.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /sdcard/Android/data/system/cache/.hb/sihbm_l_hb_t
- /data/data/####/files/####_cgr
- /data/data/####/cache/picasso-cache/6af969c20ce6210ec38c35a27de5ac0d.0.tmp
- /sdcard/Android/data/system/cache/.hb/exthbm_l_hb_t
- /data/data/####/files/CacheTime.dat
- /sdcard/Android/data/system/cache/.hb/sdhm_l_hb_t
- /data/data/####/files/1485416455977.jar
- /data/data/####/files/80.tmp
- /sdcard/Android/data/system/cache/.hb/insiohbm_l_hb_t
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/cache/webviewCacheChromium/f_000015
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/shared_prefs/pp.xml
- /sdcard/Android/data/system/cache/.hb/snfhm_l_hb_t
- /data/data/####/databases/cc/cc.db-journal
- /sdcard/Android/data/cache/AppPackage.dat
- /sdcard/Android/data/system/cache/.hb/cfghbm_l_hb_t
- /data/data/####/shared_prefs/localtime.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_00001f
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00001d
- /data/data/####/cache/webviewCacheChromium/f_00001e
- /data/data/####/cache/webviewCacheChromium/f_00001b
- /data/data/####/cache/webviewCacheChromium/f_00001c
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/shared_prefs/####.xml
- /sdcard/Android/data/system/cache/.hb/falhbm_l_hb_t
- /sdcard/device
- /sdcard/Android/data/system/cache/.hb/insiwfhbm_l_hb_t
- /data/data/####/shared_prefs/####.xml.bak
- /sdcard/Android/data/system/cache/.hb/sihm_l_hb_t
- /data/data/####/shared_prefs/####_preferences.xml
- /sdcard/Android/data/system/cache/.hb/lauhbm_l_hb_t
- /data/data/####/databases/cc/cc.db
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /sdcard/Android/data/system/cache/.hb/DtkAdbm_l_hb_t
- /data/data/####/files/webview/localstorage/http_m.jd.com_0.localstorage-journal
- /sdcard/Android/data/system/cache/.hb/sdhbm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/insifhbm_l_hb_t
- /data/data/####/shared_prefs/device.xml
- /data/data/####/cache/picasso-cache/6af969c20ce6210ec38c35a27de5ac0d.1.tmp
- /data/data/####/databases/webview.db-journal
- /sdcard/Android/data/.class/android
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/databases/blue_cmo-journal
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Другие:
Запускает следующие shell-скрипты:
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c0d704fb38034729a73c65172c408e09 /data/data/####/.syslib-
- ping -c 2 -w 5 f####.####.cn
- chmod 0771 /data/data/####/.syslib-
Использует специальную библиотеку для скрытия исполняемого байткода.
Может автоматически отправлять СМС-сообщения.
