Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.155.origin
Сетевая активность:
Подключается к:
- 6####.####.140
- i####.####.com
Запросы HTTP GET:
- i####.####.com/ando-res/ads/30/14/f15541de-b7bd-4ff9-97fb-9e6cc9e4e044/0...
- i####.####.com/ando-res/ads/30/14/f15541de-b7bd-4ff9-97fb-9e6cc9e4e044/3...
- 6####.####.140/ando/i/mon?k=####&d=####
- i####.####.com/ando-res/ads/4/5/d73ab4a4-4c75-43a7-a3c9-5bdabd9437c8/b53...
- i####.####.com/ando-res/ads/18/19/da964672-e0f2-4f69-a63b-cea979b9a721/8...
- i####.####.com/ando-res/ads/4/5/d73ab4a4-4c75-43a7-a3c9-5bdabd9437c8/6ae...
- i####.####.com/ando-res/ads/18/19/da964672-e0f2-4f69-a63b-cea979b9a721/7...
- i####.####.com/ando-res/m/hQFsvuTOjQG2grLU8T2VCshw4jkuJadBny-GDQ
- i####.####.com/ando-res/m/pdEeeeSMxFc4Pj1c-bdIkZ0qk6HBiFe76oxdY-RIRAlRlR...
Запросы HTTP POST:
- 6####.####.140/ando/x/req?app_id=####&r=####
- 6####.####.140/ando/x/lis?app_id=####&r=####
- 6####.####.140/ando/x/liv?app_id=b6d99fa1-8a23-494a-88d4-34e035688565&r=...
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/mobclick_agent_cached_####1
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/OqB9eqFXv_XSsMCv/oVXPIvWRu_dj1ri7-16rpuqg8QjHqKLpJY2ccnWT_TQ=
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/1zwi7lIMZX8abBctQ7FkSi7wHyBgKrct.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/FMObgcV8WoEFWYIqzts-2bfkqF4urDL0CEAWJ9G2F0U=.new
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/ZhLbHlUE2rn5Dd6UpRqRiw==
- /sdcard/.system/alLbon3AuQynvtpS/r_pkDgN4OhnkSa0D
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_uQ0BpCzX0rd7gB_h_app/dsENJPRqcnDPDMsG6ExYfA==/kbpexhgTP654MleG9c7IxvbJ-2bIWd3Z.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/n8b0-bBMmKc84ACT_qtEpSAI9_TEqZkv.new
- /sdcard/.system/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/ee375c76-e67b-4bbb-98a3-74caca15b36d.res
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/_xH1JSaAoNCwhThe/u7hWE4wxBvymJccytcZ5Egs7mSUQvV343gewaw==
- /data/data/####/databases/cc/cc.db
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/c929fb4d-16a2-4b69-953c-e7e0fb842c19.res
- /data/data/####/files/prNaUprOP_gvefy0AX24kQ==/BifhjWRjSgVWza_4Yk4eKxlcGA4=
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/YVcNvZaOknwsSPJeuT-lWrhHAYg=.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/uAgHrAwzn7Yf6sK4/seYlaUJVAMq_yDrN.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/IV080X4sCTXAi63wgHHlxw7GdPg-pUla.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/21b18d3d-ae46-48ed-95ab-a0d75403d6bd.res
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/sMMNp3ClJivq_7H7x0FE-w==/data.dat.tmp
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/53ca3492-308d-4e9b-8193-f58512552e22.res
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/511vvOT-y9abrFk9HEEB7P9Y-KzOHdk0XWXsZw==.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/7dc0d6ee-d01d-4980-9e2a-a0b985568cf2.res
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/ktUbPX5cdwspLiorrwMxDQ==.new
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/UDLaFSBgoAYZk8s3XSYx9g==/efd9378d-3930-4f07-ba4f-cc35a93f0384.res
- /data/data/####/databases/cc/cc.db-journal
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/Lh5M5FI2c4BQgPXWKU_AOL7tBUI=.new
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/XgBsel6VFBxA-vPPvqXuQg==/8pTt6oS1RbVV5MNF.zip
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/CiDFindElU2DNWw1mM85iqqy8ICtvEM2.new
- /sdcard/.system/alLbon3AuQynvtpS/MP8MtaBuguN9jnuSwtN1kQ==
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/Ppmyxfg-XzLI3_H27GtSMl-dWXU=.new
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/x4ep37UzQwfCbUN6l5Q8EA==/xWYt9RnIHyv3rbUcHtuZDg==
- /sdcard/.env/.uunique.new
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/UDLaFSBgoAYZk8s3XSYx9g==/5c0de391-b12b-4095-8a86-e0b7561a21b3.res
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/x4ep37UzQwfCbUN6l5Q8EA==/qcFbMeLwpzTZEb05
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/RfAghgebQwAXYZnhwoCA-w==/runner_info.prop
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/UDLaFSBgoAYZk8s3XSYx9g==/d3b0e095-a80b-4a6d-a0ce-e1f2d2461e6b.res
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/c8668d12-e166-4979-8322-035a91c2f031.res
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/ktUbPX5cdwspLiorrwMxDQ==
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/efZDpczb9HHScew-TKhdHq0I67Y=.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/dYDJcI2OTTFgvYiJzgiEkg==.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/e51pw8qy_DqGL1Rn/5E9OCyn2qVdLtqM0S-iLKoqsdUnGsjmD.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/679be57b-eb28-4dac-9478-f1ec1c046185.res
- /data/data/####/files/txzdbw_d/txzdbw_f.zip
- /sdcard/.system/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/UDLaFSBgoAYZk8s3XSYx9g==/60474bb1-a9fd-4f95-aef6-fe7aa6329117.res
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/pjQFarpPu-SUWZt5_VaBui-JAkXOweVhyezYcQ==.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/YMccqfF28vlcaUjwPOavEHcZwXEyX4-k.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/D4V7J7opxTngECsvokGEaA==.new
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/ZhLbHlUE2rn5Dd6UpRqRiw==.new
- /data/data/####/databases/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_HXbKQ9Jiqbrs7AiX6jcoiIvA1UY=-journal
- /data/data/####/databases/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_uQAIhkjb3k8HrEK5-journal
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/lx_tIqQpKZUYtkkQ8l-O4cecEAF9Kx2QSUTjqA==.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/34029f6d-6c14-450f-bee0-a9c8acd5c277.res
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/UDLaFSBgoAYZk8s3XSYx9g==/d4fb8c46-d871-4a0b-bafe-1a7e28b7e76b.res
- /data/data/####/code-9583559/1z1WY9xmU9-L1npl
- /data/data/####/files/vkSHOETawDR19s_vGv3Xrz52zZWPPssW50oMQA==/x4ep37UzQwfCbUN6l5Q8EA==/Sqk0BGIoKZ4BDZ6i4PeIB2ZMlfc=
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/4R5QWt2FpWeiWBVC1jLz0QoUh8s=.new
- /data/data/####/databases/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_2hf9a7Z2bL2-w2hMYu88Og==-journal
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/OqB9eqFXv_XSsMCv/flGaPITc67AqgF0o9E-w1qcnTzU=.temp
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/i2KRtU9jvNmTdw_e/weaNM0OCMvVNOLLM/fa8eecb0-5c1b-47a8-ad31-2a4dc108ba87.res
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/mOirdPz_KadC4WWq-OZS_NBzE56FFJSgXmfOHFBW2PQ=.new
- /data/data/####/files/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_files/dsENJPRqcnDPDMsG6ExYfA==/07x-kL0gJm7JIjhmOnqihLUIvBq9ArMF.new
- /data/data/####/databases/IocS9ihhJ8QJPi-eupuzTuZ8A3qkkel7JJJp7Q==_Tn3RBb-A5Hce4SoP-journal
- /sdcard/.system/alLbon3AuQynvtpS/LjTgA0CXsj1TE390/UDLaFSBgoAYZk8s3XSYx9g==/c14a34cc-108d-45b5-a45b-4880c53a1616.res
Другие:
Запускает следующие shell-скрипты:
- /data/data/####/code-9583559/1z1WY9xmU9-L1npl #### com.dongwenjie.apk.vancbg.a.a.c.b /storage/emulated/0/.system/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M /storage/emulated/0/Download/ladung
Может автоматически отправлять СМС-сообщения.
