Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 075585181130: cyMjUwMDI2Njk5MTg3NzQzIzM1NjUwNzA1OTM1MTg5NSM0LjMuMQ==
Сетевая активность:
Подключается к:
- 2####.####.140
- 1####.####.80:8000
- 2####.####.140:8080
- 1####.####.67
- g####.####.net
- 1####.####.192
- unitedp####.####.com
- sd####.####.com
- 1####.####.80
- w####.####.com:7758
- d####.####.com
- 1####.####.238
- t####.####.cn
- g####.####.net:8080
Запросы HTTP GET:
- d####.####.com/egsb/startup/queryConfiguration?channelId=####&contentId=####&gameType=####
- d####.####.com/egsb/otherPay/querySMSLimitMoney
- 1####.####.67/codex/version
- 1####.####.192/unitedpay_sdk/version
- unitedp####.####.com/numberbank/interface?getInfo=####
Запросы HTTP POST:
- 2####.####.140:8080/migusdk/tl/enclog
- sd####.####.com/behaviorLogging/eventLogging/accept?
- 1####.####.80:8000/intp/6ce649412ba45e84f1f00f7de6875f541d880eae
- d####.####.com/egsb/verification/checkSdkUpdate
- 1####.####.238/updata/interface.html
- g####.####.net:8080/migusdk/tl/tcttl
- t####.####.cn/api/q/a/3f6ec4da684547211e371a67946d85757
- g####.####.net/migusdk/tl/tcttl
- g####.####.net/migusdk/verification/checkSdkUpdate
- 2####.####.140/migusdk/tl/enclog
- d####.####.com/egsb/game/getPaymentCapability
- w####.####.com:7758/normandie/QueryConfigPolicy
- 1####.####.80/intp/6ce649412ba45e84f1f00f7de6875f541d880eae
- d####.####.com/egsb/thirdPay/queryThirdPayInfo
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/app_lemuellabs_reserved/11b96eee12ba7547.jar
- /data/data/####/files/edfile/armeabi/libmiguED.so
- /data/data/####/files/mgid.dat
- /data/data/####/files/sdk_prefs
- /data/data/####/files/rdata_comdsfkrdfwdhjawe
- /data/data/####/files/MiguPay.Sdk30.Lib_12003003_4d4c7afc770b3429d59fe361edcdfd5f_BN202.dat
- /data/data/####/files/libmgRun_04.22.05_01.so
- /data/data/####/files/MiguPay.Sdk30.Lib_12003003_4d4c7afc770b3429d59fe361edcdfd5f_BN202.cod
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/MmrJkS6pdsaaZsyy7onJLg==
- /data/data/####/files/mpush_gateway_preferences_file
- /data/data/####/shared_prefs/td_pefercen_profile.xml.bak
- /data/data/####/app_lemuellabs_reserved_/lemuel_security_inner.so
- /data/data/####/files/ly.jar
- /data/data/####/files/gecobq_d/gecobq_f.zip
- /data/data/####/app_lemuellabs_reserved_/codex_inner.so
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/MmrJkS6pdsaaZsyy7onJLg==.new
- /data/data/####/databases/mpush_game.db-journal
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/yWTQPs9m5ucTwqUDgkANMQ==/sfDEcvArz1x4okKc
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/mF1f3GEoIx_IxqbAYcLnYw==.new
- /data/data/####/files/rdata_comdsfkrdfwdhjawe.new
- /data/data/####/app_lemuellabs_reserved/1b9de70b6b44ddc8.jar
- /sdcard/Download/data/cn.cmgame.sdk/sdk_prefs.txt
- /sdcard/.tcookieid
- /data/data/####/files/ED.ini
- /data/data/####/files/mpush_version_preferences_file
- /data/data/####/files/mgAS.dat
- /data/data/####/files/mgSS.dat
- /data/data/####/shared_prefs/pref_file.xml
- /data/data/####/shared_prefs/3f6ec4da684547211e371a67946d85757|account_file.xml
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/2oXLOnoxvZFHyoYAocimIw==/vCRTluFf7KKYslou.zip
- /data/data/####/files/hbilling.dat
- /sdcard/Download/data/cn.cmgame.sdk/ShareData.txt
- /data/data/####/shared_prefs/tdid.xml
- /data/data/####/shared_prefs/td_pefercen_profile.xml
- /sdcard/Download/data/cn.cmgame.sdk/msgflag.txt
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/Nucu9ElUkLsQf6i8XKvN9A==/data.dat.tmp
- /data/data/####/app_lemuellabs_reserved/codex.so
- /data/data/####/shared_prefs/pref_file.xml.bak
- /data/data/####/temp.dex
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/mF1f3GEoIx_IxqbAYcLnYw==
- /sdcard/Download/data/cn.cmgame.sdk/log/deviceId.txt
- /data/data/####/files/oX10W95WSDkGp2w5-TtS1hSM7u3yDoK2LpCmHw==/yWTQPs9m5ucTwqUDgkANMQ==/YmnBhr4hT5rBVIBfF4_2rg==
- /data/data/####/app_lemuellabs_reserved/c378c2259715afac.jar
Другие:
Запускает следующие shell-скрипты:
- ls -l /system/bin/su
Может автоматически отправлять СМС-сообщения.
