Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.269.origin
Сетевая активность:
Подключается к:
- w####.####.com:9001
- c####.####.net
- tankcha####.com
- tankcha####.com:8111
- ust####.####.com
- w####.####.com
- f####.####.com
- b####.####.cn
- y####.com
- i####.####.cn
- f####.####.cn
- a####.####.com
Запросы HTTP GET:
- b####.####.cn/bq/app/v/12ea0013253f059d49e6.jpg
- b####.####.cn/bq/app/v/12ee0001ba57f1fe6ed8.jpg
- b####.####.cn/bq/app/1471312888537448.png
- f####.####.cn/focus/st?status=####&cid=####&source=####&requestid=####
- i####.####.cn/iplookup/iplookup.php?format=####
- b####.####.cn/bq/app/1473124075980004.png
- b####.####.cn/bq/app/1473126136531900.png
- b####.####.cn/bq/app/1471055696750006.png
- ust####.####.com/g2/g2.j
- tankcha####.com/cr_interface/sv/getFi?name=####
- b####.####.cn/bq/app/1472519214616769.png
- tankcha####.com/cr_interface/sv/getRlt?eid=####&estatus=####&appkey=####...
- b####.####.cn/bq/app/1471222272617648.png
- ust####.####.com/g1/j1so32.ez
- tankcha####.com:8111/cr_interface/sv/getFi?name=####
- b####.####.cn/bq/app/1468830242751736.png
- b####.####.cn/bq/app/1472463330764288.png
- b####.####.cn/bq/app/v/13e6000b1eb96493d1ae.jpg
- b####.####.cn/bq/app/1472457741524868.png
- b####.####.cn/bq/app/1471053692219943.png
- b####.####.cn/bq/app/v/13e2000a5a71c68eb50a.jpg
- b####.####.cn/bq/app/1472461723427062.png
- b####.####.cn/bq/app/1468830293597763.png
- b####.####.cn/bq/app/1473124239932159.png
- f####.####.com/it/u=675491518,3406981947&fm=76
- b####.####.cn/bq/app/1471057717480154.png
- ust####.####.com/rf/617e08d692c151fb4469c174a8fa199f.slze
- b####.####.cn/bq/app/1471053888371636.png
- b####.####.cn/bq/app/v/e0a00036b0f00d7a420.jpg
- b####.####.cn/bq/app/1471055696783322.png
- f####.####.cn/focus/conf?device_type=####&height=####&dpi=####&android_i...
- b####.####.cn/bq/app/1472462688706445.png
- b####.####.cn/bq/app/1472455878229309.png
- b####.####.cn/bq/app/1472456395999725.png
- ust####.####.com/rf/421ad9d133020b3a927570ed38c17439.slze
- b####.####.cn/bq/app/1471056444463235.png
- ust####.####.com/rf/610a98494e1fc964b752b86e5bdace36.slze
- b####.####.cn/bq/app/1473124428688125.png
Запросы HTTP POST:
- w####.####.com/api/getCfg.jsp
- a####.####.com/v1/cfg
- w####.####.com/api/uploadInstallApps.jsp
- w####.####.com/api/getInAppFull.jsp
- w####.####.com/api/getDtk.jsp
- a####.####.com/v1/getad/fullScreen
- w####.####.com/api/getLauncher.jsp
- y####.com/cu.ashx
- f####.####.cn/focus/atex
- a####.####.com/v1/getad/3MC
- w####.####.com/api/getSI.jsp
- w####.####.com/api/getFallDown.jsp
- a####.####.com/v1/bind
- f####.####.cn/focus/req
- w####.####.com/api/getStartPop.jsp
- tankcha####.com/cr_interface/sv/getEP?pid=####
- c####.####.net/config/update
- c####.####.net/dc/sync_adr
- tankcha####.com/cr_interface/sv/getEP
- a####.####.com/v1/ins/apps
- w####.####.com/api/uploadSaleInfo.jsp
- w####.####.com/api/getAreaId.jsp
- w####.####.com/adx.php?c=####
- w####.####.com/api/getInAppFloat.jsp
- a####.####.com/v1/getad/3Banner
- b####.####.cn/appstart.aspx
- w####.####.com/api/getSlidingScreen.jsp
- w####.####.com/api/getStartNonFull.jsp
- w####.####.com/adx.php?c=####&ext=####
- w####.####.com/api/getStartDialog.jsp
- w####.####.com/api/getStartFull.jsp
- w####.####.com/api/getAlist.jsp
- w####.####.com/api/getSht.jsp
- w####.####.com/api/getInAppNonFull.jsp
- w####.####.com/api/getNotification.jsp
- w####.####.com/api/getExit.jsp
- w####.####.com:9001/api/getSht.jsp
- w####.####.com/api/getStartWin.jsp
- w####.####.com/api/getFloat.jsp
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/shared_prefs/online.xml.bak
- /data/data/####/shared_prefs/LauncherApp.xml
- /sdcard/Android/data/####/cache/-1475488727
- /data/data/####/files/O610_.jar
- /sdcard/Android/data/####/cache/327465632
- /data/data/####/shared_prefs/pp.xml.bak
- /data/data/####/files/00776de72f415944f00065e82ba5d013
- /data/data/####/files/wca.jar
- /data/data/####/app_cache/####1485418757013.jar
- /data/data/####/shared_prefs/dc.013B1AE677DB9EEB6DC387F5C211A68A.preferences.xml.bak
- /sdcard/Android/data/####/cache/-1168066769.tmp
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/shared_prefs/config.xml
- /sdcard/Download/images/journal
- /data/data/####/files/80.tmp
- /sdcard/device
- /sdcard/Android/data/####/cache/371543399
- /data/data/####/files/1485418769198_libxx.so
- /sdcard/.android/data/com.android.db/dataBase/test03/####.db-journal
- /data/data/####/shared_prefs/localtime.xml
- /sdcard/Android/data/####/cache/-920230329.tmp
- /data/data/####/files/hftJcw46N.jar
- /data/data/####/files/O617_.jar
- /sdcard/Android/data/system/cache/.hb/swhm_l_hb_t
- /sdcard/Android/data/####/cache/-1216355683
- /data/data/####/databases/baidu_cml-journal
- /data/data/####/shared_prefs/areaInfo.xml
- /sdcard/Android/data/system/cache/.hb/ntbhbm_l_hb_t
- /data/data/####/files/yw.db
- /sdcard/Android/data/####/cache/681833670.tmp
- /data/data/####/databases/dataeye_database_013B1AE677DB9EEB6DC387F5C211A68A.db
- /sdcard/Android/data/system/cache/.hb/sfhm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/fhbm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/IUhbm_l_hb_t
- /data/data/####/databases/dataeye_database_013B1AE677DB9EEB6DC387F5C211A68A.db-journal
- /sdcard/Android/data/####/cache/-1604538799.tmp
- /sdcard/Android/data/####/cache/1912717983.tmp
- /sdcard/Android/data/####/cache/.nomedia
- /sdcard/Android/data/system/cache/.hb/sihbm_l_hb_t
- /sdcard/Android/data/####/cache/1944988888.tmp
- /data/data/####/shared_prefs/U.xml
- /data/data/####/files/leihanse2DB8520H4/5leihanse2DB8520H46
- /sdcard/Android/data/####/cache/552590666
- /sdcard/Android/data/system/cache/.hb/exthbm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/sdhm_l_hb_t
- /sdcard/Android/data/####/cache/-994242340.tmp
- /sdcard/Android/data/system/cache/.hb/insiohbm_l_hb_t
- /sdcard/Android/data/####/cache/1300670115.tmp
- /data/data/####/files/kwvhhsckeufhuqjcunkffagnvmkdhuxgb
- /data/data/####/files/.play/test
- /sdcard/Android/data/####/cache/1299716036
- /data/data/####/shared_prefs/pp.xml
- /sdcard/Android/data/system/cache/.hb/snfhm_l_hb_t
- /sdcard/Android/data/####/cache/5360039
- /sdcard/Android/data/system/cache/.hb/cfghbm_l_hb_t
- /sdcard/.SystemService/013B1AE677DB9EEB6DC387F5C211A68A/.account/2D7F07BB6125DEB407E92A22DC4AC550
- /data/data/####/shared_prefs/localtime.xml.bak
- /sdcard/Android/data/####/cache/16228029
- /data/data/####/shared_prefs/online.xml
- /data/data/####/shared_prefs/device.xml
- /data/data/####/shared_prefs/####.xml
- /sdcard/Android/data/system/cache/.hb/falhbm_l_hb_t
- /data/data/####/files/.play/.md
- /sdcard/Android/data/system/cache/.hb/lauhbm_l_hb_t
- /sdcard/Android/data/####/cache/-415118914.tmp
- /data/data/####/files/23DB8520H32/####12x862
- /sdcard/Android/data/system/cache/.hb/insiwfhbm_l_hb_t
- /sdcard/Android/data/####/cache/2058767853.tmp
- /data/data/####/shared_prefs/dc.013B1AE677DB9EEB6DC387F5C211A68A.preferences.xml
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /sdcard/Android/data/####/cache/-549634119.tmp
- /sdcard/Android/data/####/cache/1023324143.tmp
- /sdcard/Android/data/####/cache/1008018690.tmp
- /sdcard/Android/data/####/cache/666864287.tmp
- /data/data/####/app_cache/####1485418757984.jar
- /sdcard/Android/data/system/cache/.hb/DtkAdbm_l_hb_t
- /data/data/####/app_cache/####1485418758225.jar
- /sdcard/Android/data/####/cache/-1190726336
- /sdcard/Android/data/####/cache/-194284188.tmp
- /sdcard/Android/data/system/cache/.hb/sdhbm_l_hb_t
- /sdcard/Android/data/system/cache/.hb/insifhbm_l_hb_t
- /sdcard/.SystemService/013B1AE677DB9EEB6DC387F5C211A68A/uid
- /data/data/####/databases/webview.db-journal
- /sdcard/Android/data/####/cache/-1401281020.tmp
- /sdcard/Android/data/system/cache/.hb/sihm_l_hb_t
- /data/data/####/files/O421_.jar
- /sdcard/Android/data/####/cache/xBitmapCache/journal.tmp
- /sdcard/Android/data/####/cache/1397734166.tmp
- /data/data/####/files/Android-x86112.jar
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /data/data/####/files/.play/test
Другие:
Запускает следующие shell-скрипты:
- chmod 770 /data/data/####/files/.play/test
- getenforce
- ping -c 2 -w 5 f####.####.cn
- chmod 0775 /data/data/####/.syslib-
- /data/data/####/files/.play/test /data/data/####/files/.play/ 9c70ec21bf884e87a7981313001c6ca8
- /system/bin/sh
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h 9c70ec21bf884e87a7981313001c6ca8 /data/data/####/.syslib-
- cat /sys/class/net/wlan0/address
Может автоматически отправлять СМС-сообщения.
