Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mixi.16.origin
- Android.Mixi.13.origin
Сетевая активность:
Подключается к:
- s####.####.com
- set####.####.com
- g####.####.com
- clou####.####.in
- n####.####.com
- x####.####.io
- a####.####.com
Запросы HTTP GET:
- set####.####.com/appwall/setting?app_id=####&sign=####&platform=####&os_...
- g####.####.com/cr/sdk/goplaysdk_statistics_method.dat
- clou####.####.in/v1/icon?id=####&format=####&quality=####&width=####&hei...
- clou####.####.in/v1/icon?id=####&size=####&fmt=####&quality=####
- clou####.####.in/v1/icon?id=####&format=####&quality=####
- clou####.####.in/v1/icon?id=####&quality=####&size=####&fmt=####
- n####.####.com/openapi/ad/v3?app_id=####&unit_id=####&category=####&req_...
- set####.####.com/setting?app_id=####&sign=####&platform=####&os_version=...
- clou####.####.in/v1/icon?id=####&size=####&fmt=####&format=####&quality=...
- x####.####.io/hotodayshare/h5/noticias_mianze.html
Запросы HTTP POST:
- s####.####.com/v4/com.inveno.noticias/aps.php
- a####.####.com/app_logs
- g####.####.com/cr/sv/getEPList
- s####.####.com/v4/com.inveno.noticias/config.php
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/config/b41ca4d18a5c6819cf5fe754fe1f94c9
- /data/data/####/databases/cc.db-journal
- /data/data/####/app_cacheAgreementPage/ApplicationCache.db-journal
- /data/data/####/shared_prefs/share_data.xml.bak
- /data/data/####/databases/cc.db
- /sdcard/Android/data/####/cache/image_manager_disk_cache/d30d6de7e154783e90f871e584507ddecc1f52cd558d36d36b91ec1d291f125f.0.tmp
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/files/AppEventsLogger.persistedevents
- /data/data/####/shared_prefs/com.google.android.gms.measurement.prefs.xml.bak
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/files/.umeng/exchangeIdentity.json
- /sdcard/Android/data/####/cache/image_manager_disk_cache/0af4044f50092d920eaeb11b121e926f4dcd04e5ff12405a0ec9fa4939ca3c0a.0.tmp
- /data/data/####/shared_prefs/multidex.version.xml
- /data/data/####/databases/google_app_measurement_local.db-journal
- /data/data/####/databases/altamob_ads-journal
- /data/data/####/files/exid.dat
- /data/data/####/shared_prefs/mobvista.xml
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /sdcard/Android/data/####/cache/image_manager_disk_cache/5a91652ebb41811acd47e83ddd1d959bf550d1d93ebd1fd3723547000fdaf245.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/7b0a6ea35f5ee10dbb7c52fc248af065e5c3464b6e846169efd5045eabe2d5d6.0.tmp
- /data/data/####/shared_prefs/share_data.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/1716b9da0f6afef853b07cac691379ddd0f6c7419a46a03f89fdb5baa04196b9.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/f25963e45c063e213c7d822586adcf344a8eb01b004f1aad607e4035e8e4f5f1.0.tmp
- /data/data/####/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/shared_prefs/data_sdk_expire.xml
- /data/data/####/files/config/e00a35bbffc661ad138f00b49d197dc2
- /sdcard/Android/data/####/cache/image_manager_disk_cache/6b9b53f726e7bcd469dea50044097adee9e12eb36649e977b697c58e1bbecc13.0.tmp
- /data/data/####/files/hftJcw46N.jar
- /data/data/####/shared_prefs/altamob_sp_sdk.xml.bak
- /data/data/####/files/config/3038bba20bd3f63477463e0ab46b80d4
- /data/data/####/files/config/a0d457d35db765f01e9a3ef632f71234
- /data/data/####/shared_prefs/com.facebook.internal.preferences.APP_SETTINGS.xml
- /data/data/####/files/config/6c09a7101620266a1c40b9754551b964
- /data/data/####/files/config/39c3e96204c671df2697d2a03fb0bd79
- /data/data/####/no_backup/com.google.android.gms.appid-no-backup
- /data/data/####/files/config/1e42f61942835109a9242d956b8d069f
- /data/data/####/files/1493281844415_cgr.so
- /data/data/####/shared_prefs/data_sdk.xml.bak
- /data/data/####/shared_prefs/SDKIDFA.xml
- /data/data/####/databases/mobvista.msdk.db-journal
- /sdcard/Android/data/####/cache/image_manager_disk_cache/a18dc013fe81d8d515eab17cca371cb2d96300144777d762ac6135066266d6f0.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/31c4cf693402e325db352e778d7eb91f1431f170a8269593813afc1e3822f281.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/3ffaa4ac7ec6d6fe6165ba98a613cf132fb7c8fde8561201a3015e36039d8154.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/0888ac2ff7b04fad873bf3e47f5bd0c1350fe379c80a7ed626edbea433ad66a9.0.tmp
- /data/data/####/files/umeng_it.cache
- /data/data/####/shared_prefs/com.google.android.gms.appid.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/ead1670f5b782b39d0959ae165c84f7fc0b36f017f2e03c8aa303f2b195b6f8a.0
- /sdcard/Android/data/####/cache/image_manager_disk_cache/82c4544dc299b9d9167377c9ec55af4b11c44c0fb0072a237ae26f090d24cf68.0.tmp
- /data/data/####/shared_prefs/com.facebook.sdk.attributionTracking.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/cc87bfa8f219a0cc01dfbe19ed8f029d7ce46d1ea3169d322fd7cf69e9fe04c3.0.tmp
- /data/data/####/databases/google_app_measurement_local.db
- /data/data/####/files/config/ee4bd84a75bb697501886c85f16ad408
- /data/data/####/files/config/c55552d15f67e40c948e03dbb18dcab7
- /sdcard/Android/data/####/cache/image_manager_disk_cache/24ee83359bbcb37d6b9fe6d201c36b72ef8f67990eef2ecfcf10845e07714fab.0.tmp
- /data/data/####/shared_prefs/common_data.xml.bak
- /data/data/####/databases/ua.db
- /data/data/####/shared_prefs/umeng_feedback_conversations.xml
- /data/data/####/shared_prefs/common_data.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/07c7a1708792cd7e056641b79b630a7ee1eb5d25c9ff978023697e8e909cbba4.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/0c08db5c0c4946f573728c38305b9af08f188aa641fcfa81afd6bad3ae0e1cbd.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/cea003e828befc810f6886dd8f9a21c334fe27a5bbc5257ed9c4950d8122d738.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/31a176b1bbea122fc1bfc2c37149c077ebd38c9b3517543eac2c403109f0bd04.0.tmp
- /data/data/####/files/altamob_device
- /sdcard/Android/data/.nomedia
- /data/data/####/shared_prefs/es_incrConfig.xml
- /data/data/####/shared_prefs/FBAdPrefs.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/4326b43d0d06bbc46132284ae9626e384835b4532f0a2b328151808a3988c2db.0.tmp
- /data/data/####/shared_prefs/data_sdk.xml
- /data/data/####/shared_prefs/sdk_ad_cfg.xml
- /data/data/####/databases/data_sdk-journal
- /data/data/####/shared_prefs/feedback_push.xml
- /data/data/####/shared_prefs/altamob_sp_sdk.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/91a006a8dbc0ffd82fb197bb871005c2a2f2d19c28bf319be1fe68bc1d2c0058.0.tmp
- /data/data/####/files/es_channel_0x010125
- /data/data/####/shared_prefs/com.facebook.sdk.appEventPreferences.xml
- /sdcard/Android/data/####/files/config/abc_0a33d460452a61190d09943cbb48bf5c.txt
- /sdcard/Android/data/####/cache/image_manager_disk_cache/b6212ba21cf02ac4b602cc67583f8d281fcbcdf758a1aaad263cceb1ac435c40.0.tmp
- /data/data/####/shared_prefs/fb_audio_switch.xml
- /data/data/####/shared_prefs/appsflyer-data.xml
- /data/data/####/files/config/8ba5ece8a86fec6d3323cf3b27e90bee
- /sdcard/Android/data/####/cache/image_manager_disk_cache/308d741f5e8d79e1262eb7c613b36b6b357a048735611189c78d4601d61a4ae0.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/b7675f6a7087a21831185d1f48bc2d0265d1028b17d66ea950adae6de207d5d0.0.tmp
- /data/data/####/shared_prefs/####_preferences.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/968f46df4a296fe0413db17a6a2dcdd0bff10f4af4325a2ad1253fc55b8ce44b.0.tmp
- /data/data/####/files/config/129a5496eebee9b6daf59cb68cad2ef2
- /data/data/####/files/config/cae7dfbf1999cf6a08965f23ac82048a
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /data/data/####/databases/ua.db-journal
- /sdcard/Android/data/####/cache/image_manager_disk_cache/742ac02e864e2b97127f79d9fd3ae5cfa898be80f38dc0068eabb11dc258f13a.0.tmp
- /data/data/####/code_cache/secondary-dexes/####-1.apk.classes1257621639.zip
- /data/data/####/files/.imprint
- /data/data/####/databases/webview.db-journal
- /data/data/####/files/config/6e097e76f06b7d6fd59e149ef31432e5
- /data/data/####/files/config/e793fdd44865ec568ae8717ae364818d
- /sdcard/Android/data/####/cache/image_manager_disk_cache/45e96936df0fb242d7ae867cb23f23bf2368fcffe0bc33b0622800d73f9b55c4.0.tmp
- /sdcard/Android/data/####/cache/image_manager_disk_cache/3d16f276ddebdde9eb144027b2c1274682c82b5c9b2aa765086ba2e59bde4c7c.0.tmp
- /data/data/####/shared_prefs/umeng_feedback_user_info.xml
- /sdcard/Android/data/####/cache/image_manager_disk_cache/01243d23daf8c84ff8b18c40490932c37f301ce4500783cdaef482ff049879d2.0.tmp
- /data/data/####/shared_prefs/com.google.android.gms.measurement.prefs.xml
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /sdcard/Android/data/####/cache/image_manager_disk_cache/journal.tmp
- /data/data/####/shared_prefs/appsflyer-data.xml.bak
- /sdcard/Android/data/####/cache/image_manager_disk_cache/a38439fd661189b2c310639453d2ca7c8c3368892c9f7af68a1652633433e71b.0.tmp
- /data/data/####/files/1493281856796.jar
Другие:
Запускает следующие shell-скрипты:
- getenforce
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h b3fbec2cab4f4135b34222f3af122d95 /data/data/####/.syslib-
- chmod 0771 /data/data/####/.syslib-
Может автоматически отправлять СМС-сообщения.
